检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Modifying User Group Permissions You can view or modify user group permissions on the Permissions page of the IAM console. Modifying the permissions of a user group affects the permissions of all users in the user group.
You can also use bucket policies to grant IAM users the permissions to access buckets.
Before applying for an OBT, an IAM user needs to contact the IAM administrator to grant the BSS Administrator permissions for a regional project in the IAM. Log in to Huawei Cloud. Click Console in the upper right corner of the displayed page.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token through password authentication.
IAM provides identity authentication, permissions management, and access control, helping you secure access to your resources. With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific resources.
IAM authentication Agencies can be created in Identity and Access Management (IAM) to allow edge nodes to access resources such as Application Operations Management (AOM), Data Ingestion Service (DIS), and SoftWare Repository for Container (SWR).
For example, the endpoint of IAM in the CN-Hong Kong region is iam.ap-southeast-1.myhuaweicloud.com. resource-path Access path of an API for performing a specified operation. Obtain the value from the URI of an API.
"iam:permissions:grantRoleToAgencyOnProject", "iam:policies:*", "iam:agencies:*", "iam:roles:*", "iam:users:listUsers", "iam:tokens:assume" ], "Effect": "Allow" },
the IAM user was created, this user is noncompliant.
IAM is free of charge. You pay only for the resources you use. For more information about IAM, see IAM Service Overview. MRS Permission Description By default, new IAM users do not have any permissions.
Figure 2 Account and IAM users Administrator IAM is intended for administrators, including: Account administrator (with full permissions for all services, including IAM) IAM users added to the admin group (with full permissions for all services, including IAM) IAM users assigned the
Creating an IAM User and Granting OBS Permissions You can use IAM for fine-grained access control over your OBS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Policies that contain actions only for IAM projects can be used and applied to IAM only. For differences between IAM projects and enterprise projects, see What Are the Differences Between IAM and Enterprise Management? The check mark (√) indicates that an action takes effect.
IAM projects or enterprise projects: Type of projects in which policies can be used to grant permissions. A policy can be applied to IAM projects, enterprise projects, or both.
IAM Agency: Authorize you to use OBS in IAM so that snapshots must be stored in OBS. This API automatically creates an OBS bucket and an agency for the snapshot. If there are multiple clusters, an OBS bucket will be created for each cluster via this API.
The change will be applied to all IAM users and federated users (SP initiated) of the account. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
IAM projects or enterprise projects: Type of projects in which policies can be used to grant permissions. A policy can be applied to IAM projects, enterprise projects, or both.
Resource Planning Account A non-administrator IAM account that has the SecMaster data collection management permission. ECS Specifications The following table lists the specifications of the tenant cloud server (ECS) where the collector (isap-agent + Logstash) is installed.
A policy can be applied to IAM projects, enterprise projects, or both. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
