检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Perform the following steps: If you are using CDN as an IAM user with insufficient permissions, view each permission on Permissions Management and ask the account administrator to assign the required permissions to you by referring to Creating a User and Granting CDN Permissions.
For details, see Creating an IAM User and Assigning Permissions to Use DataArtsFabric and Configuring DataArtsFabric Service Agency Permissions. You have at least one workspace available. For details, see Creating a Workspace. You have at least one Ray service.
The token obtained from IAM is valid for only 24 hours. If you want to use the same token for authentication, you can cache it to avoid frequent calling of the IAM API.
If your Huawei account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Creating a Stack Note: If the error shown in the following figure is displayed, grant permissions to the user by referring to Granting Permissions to Use the RFS Frontend Based on IAM Policies.
using a RAM-based shared KMS key, an IAM user must be granted the following actions: iam:agencies:listAgencies iam:roles:listRoles iam:agencies:pass iam:agencies:createAgency iam:permissions:grantRoleToAgency RDS FullAccess already contains the iam:agencies:listAgencies, iam:roles
Temporary access keys and security tokens are issued by the system to IAM users, and can be valid for 15 minutes to 24 hours. Temporary access keys and security tokens are granted permissions based on the principle of least privilege (PoLP).
Method 1: Delete the email address or mobile number on the IAM console. For details, see Modifying Security Settings for an IAM User. Note: The organization member account cannot be the same as an existing IAM account. Method 2: Delete the IAM account.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate other APIs.
Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
IAM projects or enterprise projects: Applicable scope of custom policies. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by CloudDC to the user group. Then, all users in this group automatically inherit those permissions. For details about IAM, see IAM Functions.
For more information about IAM, see IAM Service Overview. CBS Permissions By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
With IAM, you can use your HUAWEI ID to create IAM users, and assign permissions to the users to control their access to specific resources. If your HUAWEI ID does not require individual IAM users for permissions management, skip this section. IAM is a free service.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
For example, you can grant IAM users only the permissions for managing a certain type of DDM resources.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
