检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
You can use bucket policies to control the access of IAM users or other account to your OBS buckets. You are advised to apply the least privilege principle to ensure that a bucket policy only grants necessary permissions for certain tasks.
If you disable this function, you and the IAM users only need to enter the account name/username and password during login. Procedure On the IAM console, enable login verification for IAM users as an administrator. In the navigation pane, choose Users.
You can use IAM to control cloud resource access and prevents misoperations on cloud resources. This section describes how to configure the read-only permission for an IAM user.
Roles: A coarse-grained IAM authorization strategy to assign permissions based on user responsibilities. IAM provides a limited number of roles for permission management. When grant permissions to a role, you also need to assign other roles on which the permissions depend.
IAM user login: IAM users are created by an administrator to use specific cloud services. Federated user login: Federated users are registered with an enterprise IdP that is created by the administrator in IAM.
IAM users can use DDS resources only after their accounts and passwords are verified. For details, see Creating an IAM User and Logging In.
Creating an IAM User If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users.
For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
Please check the current user's IAM permissions." is displayed when a user attempted to access the Dedicate Engine page under Instance Management. Possible Cause The IAM ReadOnly permission is not granted to the login account.
IAM projects or enterprise project: Scope of users a permission is granted to. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
IAM is a basic service for permissions management in Huawei Cloud. It can be used free of charge. You pay only for the resources in your account. For details about IAM, see What Is IAM? For details about cloud service permissions, see Cloud-Service-Level Permissions.
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
APIs using the IAM authentication can be authorized only to apps of the IAM type. Authorizing an API to Apps An API that uses app or IAM authentication can be called only after it is authorized. Authorization can be performed by an API developer or an API caller.
Check whether you are using a Huawei Cloud account or an IAM user account and not a HUAWEI ID. If yes, click Reset Huawei Cloud account password and reset the password. Parent topic: Login
Related Services IAM Identity and Access Management (IAM) provides the permission management function for CFW. Only users who have Tenant Administrator permissions can perform operations such as authorizing, managing, and detect cloud assets using CFW.
API for obtaining tokens from IAM API for creating CSS clusters Procedure Obtain the token. Send POST https://IAM endpoint/v3/auth/tokens. Obtain the token by following instructions in Authentication. The value of X-Subject-Token in the response header is the user token.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to demonstrate how to call an API. The obtained token can then be used to authenticate the calling of other APIs.
