检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Related Services IAM GaussDB(DWS) uses Identity and Access Management (IAM) for authentication and authorization. Users who have the DWS Administrator permissions can fully utilize GaussDB(DWS).
For details, see Creating an IAM User and Assigning DataArts Studio Permissions. Preparations Enable notebooks. If notebooks are disabled, enable them by referring to Managing Notebooks. Create an OBS bucket. Create a VPC, a subnet, and a security group.
Visit My Credential at https://console-intl.huaweicloud.com/iam/#/myCredential. Parent topic: Appendix
In addition, the IAM service is provided, achieving access control over DDS resources. Parent topic: Network Security
API for obtaining tokens from IAM CSBS API for creating backups Procedure Obtain the token by following instructions in Making an API Request. Obtain the token by following instructions in Obtaining a Project ID.
API for obtaining tokens from IAM CSBS API for creating backups Procedure Obtain the token by following instructions in Making an API Request. Obtain the token by following instructions in Obtaining a Project ID.
Then, the IAM users created for the enterprise personnel can be added to different user groups based on their job responsibilities. For the definitions of an account and IAM user, see Basic Concepts.
Restrictions To delete bucket tags, you must be the bucket owner or have the required permission (obs:bucket:DeleteBucketTagging in IAM or DeleteBucketTagging in a bucket policy).
URI DELETE /v1/instances/{instance_id}/permission-sets/{permission_set_id}/custom-policy Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance permission_set_id Yes String Globally unique ID of a permission
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. In the navigation pane, choose Multi-Account Permissions > Accounts. By default, accounts are displayed in an organizational hierarchy structure.
Configuration Example Prerequisites You have obtained the endpoint address of the region where IAM and ROMA Connect are deployed. You have obtained the ROMA Connect instance ID as well as the project ID of the region where the instance is located.
After creating IAM user groups for employees, you can create enterprise projects on the Enterprise Management console and grant permissions to the user groups in the enterprise projects to implement personnel authorization and permission control.
Developing a Custom Authorizer with FunctionGraph Scenario In addition to IAM and app authentication, APIG also supports custom authentication with your own authentication system, which can better adapt to your business capabilities.
Prerequisites The IAM users have been synchronized in advance. You can do this by clicking Synchronize next to IAM User Sync on the Dashboard page of the cluster details. You have logged in to MRS Manager. For how to log in, see Accessing MRS FusionInsight Manager.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling.
URI DELETE /v1/instances/{instance_id}/permission-sets/{permission_set_id} Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance permission_set_id Yes String Globally unique ID of a permission set
In IAM, the administrator sets Access Type to Programmatic access.
Preparing a Huawei Account Before using MgC, prepare a HUAWEI ID or an IAM user that can access MgC and obtain an AK/SK pair for the account or IAM user. For more information, see Preparations.
Restrictions To obtain the bucket tags, you must be the bucket owner or have the required permission (obs:bucket:GetBucketTagging in IAM or GetBucketTagging in a bucket policy).
