检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
IAM projects/Enterprise projects: Authorization scope of custom policies, which can be IAM projects, enterprise projects, or both.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Project Management Service (EPS). Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
Making a Management Plane API Request This section describes the structure of a REST API request on the management plane of GES, and uses the IAM API for obtaining a user token as an example to demonstrate how to call an API.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and applied to IAM only.
Creating a Stack Note: If the error shown in the following figure is displayed, grant permissions to the user by referring to Granting Permissions to Use the RFS Frontend Based on IAM Policies.
iam:roles:listRoles, and iam:agencies:pass actions.
iam:roles:listRoles, and iam:agencies:pass actions.
iam:roles:listRoles, and iam:agencies:pass actions.
iam:roles:listRoles, and iam:agencies:pass actions.
IAM or enterprise projects: type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management.
If your Huawei Cloud account does not require permissions management for individual IAM users, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see What Is IAM?.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see What Is IAM. CGS Permissions By default, new IAM users do not have permissions assigned.
With integration application authorization, IAM users can share applications and resources with other IAM users under the same account. Constraints This function allows permissions sharing among users under the same account.
Temporary access keys and security tokens are issued by the system to IAM users, and can be valid for 15 minutes to 24 hours. Temporary access keys and security tokens are granted permissions based on the principle of least privilege (PoLP).
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
