检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgency", "iam:permissions:grantRoleToAgencyOnDomain
", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgency", "iam:permissions:grantRoleToAgencyOnDomain
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
Table 1 User types and their sources on the O&M Engineer Management page User Type User Data Source Common IAM user Synchronized from IAM IAM Federated User (IAM User SSO) Synchronized from IAM IAM federated user (Virtual User SSO) Manually added on the O&M engineer page IAM Identity
iam:roles:createRole, iam:permissions:grantRoleToAgencyOnDomain, iam:agencies:getAgency, iam:agencies:createAgency, iam:roles:updateRole, iam:permissions:grantRoleToAgency, and iam:permissions:grantRoleToAgencyOnProject.
IAM User Management API Description Listing IAM Users Provided for the administrator to list all IAM users.
If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-root-access-key-check iam If the account root user has an available access
Table 1 lists IAM endpoints. IAM is a global service with all data stored in the Global service project. All APIs of IAM can be called using the endpoint of a global service.
a Bucket Granting an IAM User the Specified Permissions for a Bucket Granting an IAM User the Read Permissions on Specific Objects Granting an IAM User the Specific Permissions on Specific Objects Granting permissions to multiple IAM users or user groups under the current account
If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-root-access-key-check iam If the account root user has an available access
Associated Cloud Service Permission IAM iam:roles:listRoles iam:roles:createRole iam:agencies:listAgencies iam:agencies:createAgency iam:permissions:checkRoleForAgency iam:permissions:grantRoleToAgency After creating an agency, IAM users can configure certificates for domain names
IAM permissions IAM permissions define the actions that can be performed on your cloud resources, specifying what actions are allowed or denied. IAM permissions can be used to grant access to various IAM users under the same parent account.
Separation of duties Assign different IAM users to manage resources and permissions. For example, you can let one IAM user assign permissions, and let another IAM user manage OBS resources.
"iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:roles:createRole" ] } ] } Create a user group and assign permissions.
"iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:roles:createRole" ] } ] } Create a user group and assign permissions.
"iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:roles:createRole" ] } ] } Create a user group and assign permissions.
Supported: IAM projects Supported: Enterprise projects GET /v3/{project_id}/storage-type?
IAM project name, project id and project name should not be empty at same time --sk string IAM secret access key --token-only Return token only for other tool integration --user-name string IAM user name.
Mandatory for MRS, GaussDB(DWS), and DLI permission management iam:users:listUsers iam:groups:listGroups iam:users:listUsersForGroup iam:roles:createRole iam:roles:deleteRole iam:roles:updateRole iam:permissions:grantRoleToGroup iam:permissions:listRoleAssignments iam:permissions:
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
