检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
You can use bucket policies to control the access of IAM users or other account to your OBS buckets. You are advised to apply the least privilege principle to ensure that a bucket policy only grants necessary permissions for certain tasks.
IAM provides identity authentication, permissions management, and access control, enabling secure access to your cloud resources. With IAM, you can use your account to create IAM users, and grant them permissions to access only specific resources.
Reducing the Agency Permissions of ASM Users Background ASM permission management is implemented through IAM agencies. However, users authorized prior to July 2024 may have excessive agency permissions. For security purposes, you are advised to reduce the agency permissions.
Figure 3 Importing IAM users In the Import IAM User dialog box, enter the ID and username of the IAM user to be added and click OK. The system will add the IAM user to GES so that the IAM user can be selected in the user group.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. GES Permissions By default, new IAM users do not have permissions assigned.
If your Huawei Cloud account does not require individual IAM users for permissions management, skip this section. IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see What Is IAM?
Symptom In the Kerberos cluster, the IAM sub-account does not have sufficient permissions to load HBase tables. Cause Analysis The IAM sub-account does not have sufficient permissions. Procedure MRS Manager: Log in to MRS Manager. Choose System > Manage User.
Only the sub-users (IAM users) of the account can register and use the SWR images if the image type is Private. Other users can register and use SWR images only when the image type is Public.
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. In the navigation pane, choose Applications. Click the name of the application to which you want to remove access.
In the left navigation pane on the IAM console, choose Permissions > Policies/Roles. Locate the custom policy you want to modify and click Modify in the Operation column, or click the custom policy name to go to the policy details page.
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions. For details, see Assigning Permissions to an IAM User.
Basic Concepts Permission New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups.
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
If your Huawei Cloud account does not need individual IAM users for permissions management, then you may skip over this section. IAM can be used for free. You pay only for the resources in your account. For details about IAM, see IAM Service Overview.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
IAM or enterprise projects: Authorization scope of custom policies, which can be IAM projects, enterprise projects, or both.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently obtaining the token.
Do not add the IAM user to any user group. System policy None Astro Zero IAM User QueryAccess Only a Huawei Cloud account or an IAM user with the Astro Zero IAM User QueryAccess permission can create a Huawei Cloud Astro Zero developer account.
a specific IAM user (user 2), and not for the current account.
Task Creation Process Process of Creating a Migration Task Figure 1 Process of creating a real-time migration task Obtaining a User Token: Call an IAM API to obtain a user token. Creating Tasks in Batches: Create a migration task.
