检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
Mandatory for MRS, GaussDB(DWS), and DLI permission management iam:users:listUsers iam:groups:listGroups iam:users:listUsersForGroup iam:roles:createRole iam:roles:deleteRole iam:roles:updateRole iam:permissions:grantRoleToGroup iam:permissions:listRoleAssignments iam:permissions:
IAM project: The name of an IAM project or region. If you select IAM project and enter a project name, the IAM project view is displayed. Parent topic: Permissions Management
and custom identity policies: "iam:policies:createV5", "iam:policies:listV5", "iam:groups:attachPolicyV5", "iam:groups:detachPolicyV5", "iam:policies:deleteV5", "iam:policies:listVersionsV5", "iam:policies:createVersionV5", "iam:policies:deleteVersionV5" Precautions By default,
Rule Logic If an IAM user does not have an access key, the IAM user is compliant. If an IAM user is disabled, the IAM user is compliant. If an IAM user is in the enabled state, and its access key has been rotated within the specified period, this user is compliant.
Handling Suspected Access Key Leakage for an IAM User Scenario 1: If the access key has not been used, disable and delete the access key of the IAM user on the IAM console. If you do not have the permission, contact an administrator who has the required IAM permissions.
Solution Event Scenario Solution An IAM user attempts to purchase resources. An IAM user attempts to change resources. Add the IAM user to the admin user group. Add the IAM user to the group having the EdgeSec_FullAccess Permission.
Creating a HUAWEI ID and Enabling Huawei Cloud Services IAM user Optional.
The system establishes identity federation with IAM Identity Center, eliminating the need for separate federation with each account's IAM system. Related cloud services and tools IAM Identity Center IAM OneAccess Parent topic: SEC02 Identity Authentication
Operation Constraints Table 3 Operation constraints Scenario Item Description Creating IAM users IAM users that can be created at a time A maximum of 10 users can be created at a time. IAM username A new username must be different from existing IAM usernames.
For details about how to create an IAM user, see Creating an IAM User.
For details about the permissions required for IAM users to access different MgC functions, see IAM User Permissions.
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
If your account does not require individual IAM users for permissions management, skip this section. IAM is a free service of Huawei Cloud. You only pay for the resources in your account. For more information about IAM, see What Is IAM?
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to OA resources. Grant only the permissions required for users to perform a specific task.
Constraints IAM users can enable SCM authorization only when they have the following permissions: Associated Cloud Service Permission IAM Listing permissions: iam:roles:listRoles Creating a custom policy: iam:roles:createRole Listing agencies: iam:agencies:listAgencies Creating an
Log in to the IAM console using a Huawei Cloud account or as an IAM user, locate the IAM user that the target instance belongs to, and add it to the user group created in 3. The IAM user will inherit permissions of the user group.
Log in to the IAM console using a Huawei Cloud account or as an IAM user, locate the IAM user that the target instance belongs to, and add it to the user group created in 3. The IAM user will inherit permissions of the user group.
