检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Only the sub-users (IAM users) of the account can register and use the SWR images if the image type is Private. Other users can register and use SWR images only when the image type is Public.
Reducing the Agency Permissions of ASM Users Background ASM permission management is implemented through IAM agencies. However, users authorized prior to July 2024 may have excessive agency permissions. For security purposes, you are advised to reduce the agency permissions.
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
Symptom In the Kerberos cluster, the IAM sub-account does not have sufficient permissions to load HBase tables. Cause Analysis The IAM sub-account does not have sufficient permissions. Procedure MRS Manager: Log in to MRS Manager. Choose System > Manage User.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently obtaining the token.
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions. For details, see Assigning Permissions to an IAM User.
Basic Concepts Permission New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups.
The principal can be either a user or a group in IAM Identity Center. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.
In the left navigation pane on the IAM console, choose Permissions > Policies/Roles. Locate the custom policy you want to modify and click Modify in the Operation column, or click the custom policy name to go to the policy details page.
Figure 3 Importing IAM users In the Import IAM User dialog box, enter the ID and username of the IAM user to be added and click OK. The system will add the IAM user to GES so that the IAM user can be selected in the user group.
You can use bucket policies to control the access of IAM users or other account to your OBS buckets. You are advised to apply the principle of least privilege to ensure that a bucket policy only grants necessary permissions for certain tasks.
If your Huawei Cloud account does not need individual IAM users for permissions management, then you may skip over this section. IAM can be used for free. You pay only for the resources in your account. For details about IAM, see IAM Service Overview.
Table 5 attached_managed_roles Parameter Type Description role_id String Unique ID of the IAM system-defined policy. Minimum length: 20 Maximum length: 2048 role_name String Name of the IAM system-defined policy.
Table 5 attached_managed_policies Parameter Type Description policy_id String Unique ID of the IAM system-defined identity policy. Minimum length: 20 Maximum length: 2048 policy_name String Name of the IAM system-defined identity policy.
Task Creation Process Process of Creating a Migration Task Figure 1 Process of creating a real-time migration task Obtaining a User Token: Call an IAM API to obtain a user token. Creating Tasks in Batches: Create a migration task.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API.
IAM or enterprise projects: Authorization scope of custom policies, which can be IAM projects, enterprise projects, or both.
Do not add the IAM user to any user group. System policy None Astro Zero IAM User QueryAccess Only a Huawei Cloud account or an IAM user with the Astro Zero IAM User QueryAccess permission can create a Huawei Cloud Astro Zero developer account.
a specific IAM user (user 2), and not for the current account.
Roles: A coarse-grained IAM authorization strategy to assign permissions based on user responsibilities. IAM provides a limited number of roles for permission management. When grant permissions to a role, you also need to assign other roles on which the permissions depend.
