检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details, see Creating an IAM User and Assigning Permissions to Use DataArtsFabric and Configuring DataArtsFabric Service Agency Permissions. You have at least one workspace available. For details, see Creating a Workspace. You have purchased the required Ray resources.
The token obtained from IAM is valid for only 24 hours. If you want to use the same token for authentication, you can cache it to avoid frequent calling of the IAM API.
For example, the endpoint of IAM in region CN-Hong Kong is iam.ap-southeast-1.myhuaweicloud.com. resource-path Resource path, that is, API access path. Obtain the value from the URI of the API.
Method 1: Delete the email address or mobile number on the IAM console. For details, see Modifying Security Settings for an IAM User. Note: The organization member account cannot be the same as an existing IAM account. Method 2: Delete the IAM account.
a RAM-based shared KMS key, configure the following actions: iam:agencies:listAgencies iam:roles:listRoles iam:agencies:pass iam:agencies:createAgency iam:permissions:grantRoleToAgency RDS FullAccess already contains the iam:agencies:listAgencies, iam:roles:listRoles, and iam:agencies
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
Perform the following steps: If you are using CDN as an IAM user with insufficient permissions, view each permission on Permissions Management and ask the account administrator to assign the required permissions to you by referring to Creating a User and Granting CDN Permissions.
For details, see Creating an IAM User and Assigning Permissions to Use DataArtsFabric and Configuring DataArtsFabric Service Agency Permissions. You have at least one workspace available. For details, see Creating a Workspace. You have at least one Ray service.
After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by CloudDC to the user group. Then, all users in this group automatically inherit those permissions. For details about IAM, see IAM Functions.
For more information about IAM, see IAM Service Overview. CBS Permissions By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
With IAM, you can use your HUAWEI ID to create IAM users, and assign permissions to the users to control their access to specific resources. If your HUAWEI ID does not require individual IAM users for permissions management, skip this section. IAM is a free service.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
Making a Management Plane API Request This section describes the structure of a REST API request on the management plane of GES, and uses the IAM API for obtaining a user token as an example to demonstrate how to call an API.
For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
IAM projects/Enterprise projects: Authorization scope of custom policies, which can be IAM projects, enterprise projects, or both.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Project Management Service (EPS). Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and applied to IAM only.
