检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Parent topic: IAM Synchronization
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see the IAM Service Overview. DCS Permissions By default, new IAM users do not have permissions assigned.
If your account does not need individual IAM users for permissions management, you can skip this section. IAM is a free service. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
IAM account authorization: FunctionGraph can use IAM to grant different function operation permissions to IAM users. Parent Topic: Security
Policies that contain actions supporting both IAM projects and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. DeH Permissions New IAM users do not have any permissions assigned by default.
IAM can be used free of charge. You pay only for the resources in your account. For more information, see IAM Service Overview. EIP Permissions New IAM users do not have any permissions assigned by default.
With IAM, you can use your Huawei Cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
To perform these operations, you need related IAM agencies. The following lists the details. To create IAM agencies, you need the iam:agencies:createAgency and iam:permissions:grantRoleToAgency permissions.
IAM user import Identity and Access Management (IAM) To import IAM users, the IAM ReadOnlyAccess permission is required. Table 3 lists the common operations for each system-defined policy or role of CSE. Select policies or roles as needed.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For details about how to obtain the group name, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
For example, to obtain the IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
By integrating IAM permissions with Kubernetes cluster permissions, you can use IAM to oversee Kubernetes resource access for various users.
For details, see the IAM Product Introduction. Parent topic: Service Overview
body Parameter Mandatory Type Description group_ids Yes Array of strings Group ID list Minimum length: 1 Maximum length: 47 Array length: 1-100 member_id Yes Object Group member ID Table 4 member_id Parameter Mandatory Type Description user_id Yes String Globally unique ID of an IAM
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Replace the bold fields with the actual values. accountid indicates the ID of the account to which the IAM user belongs. username indicates the IAM username to be created. email indicates the email address of the IAM user. ******** indicates the login password of the IAM user.
If your Huawei Cloud account does not require IAM for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
The change will be applied to all IAM users and federated users (SP initiated) of the account. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
