检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
POST /v2/{project_id}/cbs/agency/authorization cbh::operateAuthorization iam:agencies:listAgencies iam:permissions:listRolesForAgencyOnProject iam:agencies:createAgency iam:agencies:deleteAgency iam:permissions:grantRoleToAgencyOnProject iam:permissions:revokeRoleFromAgencyOnProject
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
If a bucket has multiple versions of objects, IAM users may fail to list objects in the bucket through OBS Console. In such case, IAM users need to be granted the obs:bucket:ListBucketVersions permission. Parent topic: Access Control
Policy doesn't allow bss: unsubscribe: update to be performed." is displayed when IAM sub-users are performing operations in the Billing Center, the following steps can be taken: Log in to Huawei Cloud as an administrator of the group to which the IAM user belongs.
Create a department administrator and some IAM users. For details, see Creating an IAM User. Add the administrator to the admin user group, and add other users to user groups with the OBS Buckets Viewer permissions. For details, see Assigning Permissions to an IAM User.
This is because that you use an IAM user account, which does not have sufficient permissions. Check your permissions configured on IAM. Use the Huawei Cloud account to log in to the Huawei Cloud management console.
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
URI GET /v1/instances/{instance_id}/account-assignments Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance Table 2 Query parameters Parameter Mandatory Type Description limit No Integer Maximum
For example, to obtain an IAM token in the CN-Hong Kong region, use the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM projects and enterprise projects: type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
An IAM user needs to have the rms:resources:getRelation permissions to call this API. Resource relationships depend on enabling resource recorder. Calling Method For details, see Calling APIs.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API.
The tenant administrator can use the Huawei Cloud IAM account and password to log in to the KooDrive console. After the login is successful, the tenant administrator can use the IAM token for authentication.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI GET /v3/OS-FEDERATION/mappings/{id} Table 1 URI parameters Parameter Mandatory Type Description id Yes String ID of the mapping to be queried.
Configuring Workspace Resource Permission Policies This section describes how to use workspace resource permission policies to implement refined permission control on all the data connections and IAM agencies (only those whose agency object is DGC) in the Management Center based on
Prerequisites The IAM users have been synchronized in advance. You can do this by clicking Synchronize next to IAM User Sync on the Dashboard page of the cluster details. You have logged in to MRS Manager. For how to log in, see Accessing MRS FusionInsight Manager.
If your Huawei account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Security Services Security Services Security governance Identity and Access Management (IAM): Authenticates identities and securely manage access to your services and resources Organizations: Helps you govern multiple accounts within your organization.
Creating Custom Policies You can use IAM to create custom policies to supplement system-defined RAM policies. For the actions supported by custom policies, see Permissions and Supported Actions. To create a custom policy, choose either visual editor or JSON.
