检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Calling APIs Through IAM Authentication Token Authentication AK/SK Authentication
Granting UCS Permissions to IAM Users Application Scenarios UCS permissions management offers fine-grained control over permissions using IAM and Kubernetes RBAC. It also supports IAM-based fine-grained permissions control and IAM token-based authentication.
Synchronizing IAM Users to MRS IAM user synchronization is to synchronize IAM users bound with MRS policies to the MRS system and create accounts with the same usernames but different passwords as the IAM users.
Recommended Configuration To grant resource-level permissions to an IAM user, use a bucket policy. Precautions After configuration, the IAM user can download objects using APIs or SDKs.
Logging In as an IAM User and Verifying Permissions Log in to the console using the IAM user you created and verify the permissions. Assume that an IAM user has only the OCR ReadOnlyAccess permission, that is, the read-only access permission.
Create an IAM user and add it to the user group. Create a user on the IAM console and add it to the user group created in 1. Log in and verify permissions. Log in to the console as the IAM user.
Logging In to Huawei Cloud as an IAM User To log in as an IAM user, you can choose IAM User on the login page or obtain the IAM user login link from the administrator.
Creating a User Group and an IAM User Creating a User Group Log in to the IAM console using a master account. On the IAM console, choose User Groups from the navigation pane, and click Create User Group in the upper right corner. In the displayed page, enter a user group name.
Security Auditing on Permissions of IAM Users Scenario Enterprise users usually need to periodically audit the permissions of IAM users created in the public cloud, ensuring that IAM users only have the permissions required to complete certain tasks.
Managing Permissions Assigned to IAM Users As an administrator, you can view or delete permissions assigned to IAM users on the Permissions tab of the IAM console.
Granting an IAM User the Read/Write Permission on a Bucket Scenario This topic describes how to grant an IAM user the read/write permission on an OBS bucket. Recommended Configuration To grant resource-level permissions to an IAM user, use a bucket policy.
IAM Custom Policy Examples If system-defined policies cannot meet your requirements, you can create custom policies to implement more refined access control. You can refer to the following examples to customize policies for cloud services.
To manage access keys of IAM users, see Managing Access Keys for an IAM User. Parent topic: IAM User Management
In contrast, IAM policies directly grant permissions to IAM users, IAM user groups, and IAM agencies.
Parent Topic: Interconnecting an MRS Cluster with OBS Using an IAM Agency
Granting Permissions to IAM Users Creating Users and Assigning DLV Permissions Parent topic: Preparatory Work
Adding an IAM User to a User Group You can add IAM users Test_User_A and Test_User_B to user groups Test_ECS_A and Test_ECS_B respectively according to the following procedure: Log in to Huawei Cloud and click Console in the upper right corner.
How Do I Control IAM User Access to the Console? How Can I Obtain Permissions to Create an Agency?
Must I Use an OBS Bucket as an IAM User When Configuring Transfer on CTS as an IAM User? No. You only need to ensure that you have the permissions to perform operations on OBS buckets. Parent topic: Trace Transfer
Listing Projects Accessible to an IAM User Function This API is used to list the projects in which resources are accessible to a specified IAM user. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
