检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details about the condition keys defined by IAM Identity Broker, see Conditions. The following table lists the actions that you can define in policy statements for IAM Identity Broker.
Figure 1 Going to the IAM user security settings page View the basic information about the IAM user. Modifying Basic Information About an Individual IAM User Log in to the IAM console as the administrator.
All IAM Policies Are in Use Rule Details Table 1 Rule details Parameter Description Rule Name iam-policy-in-use Identifier iam-policy-in-use Description If an IAM policy has not been attached to any IAM users, user groups, or agencies, this policy is noncompliant.
All IAM Roles Are in Use Rule Details Table 1 Rule details Parameter Description Rule Name iam-role-in-use Identifier iam-role-in-use Description If an IAM role has not been attached to any IAM users, user groups, or agencies, this role is noncompliant.
Relationship Between IAM Identities and Operators Huawei Cloud IAM provides the following types of identities: IAM users, IAM agencies, cloud service agencies, IAM Identity Center users, and federated users.
Recommended Configuration To grant resource-level permissions to an IAM user, use a bucket policy. Precautions After configuration, the IAM user can download objects using APIs or SDKs.
IAM Custom Policy Examples If system-defined policies cannot meet your requirements, you can create custom policies to implement more refined access control. You can refer to the following examples to customize policies for cloud services.
Create an IAM user and add it to the user group. Create a user on the IAM console and add it to the user group created in 1. Log in and verify permissions. Log in to the console as the IAM user.
Granting UCS Permissions to IAM Users Application Scenarios UCS permissions management offers fine-grained control over permissions using IAM and Kubernetes RBAC. It also supports IAM-based fine-grained permissions control and IAM token-based authentication.
If the login fails, the IAM user can contact the administrator to change the IAM user password. Click IAM User on the login page, and then enter your Tenant name or Huawei Cloud account name, IAM username or email address, and IAM user password.
Logging In as an IAM User and Verifying Permissions Log in to the console using the IAM user you created and verify the permissions. Assume that an IAM user has only the OCR ReadOnlyAccess permission, that is, the read-only access permission.
Granting Permissions to IAM Users Creating Users and Assigning DLV Permissions Parent topic: Preparatory Work
Logging In to Huawei Cloud as an IAM User To log in as an IAM user, you can choose IAM User on the login page or obtain the IAM user login link from the administrator.
Creating a User Group and an IAM User Creating a User Group Log in to the IAM console using a master account. On the IAM console, choose User Groups from the navigation pane, and click Create User Group in the upper right corner. In the displayed page, enter a user group name.
Security Auditing on Permissions of IAM Users Scenario Enterprise users usually need to periodically audit the permissions of IAM users created in the public cloud, ensuring that IAM users only have the permissions required to complete certain tasks.
Managing IAM User Tags You can add, edit, or delete tags for IAM users. Tags are only used to filter and manage IAM users. If your organization has configured tag policies, you need to add tags to IAM users according to the tag policies.
Granting an IAM User the Read/Write Permission on a Bucket Scenario This topic describes how to grant an IAM user the read/write permission on an OBS bucket. Recommended Configuration To grant resource-level permissions to an IAM user, use a bucket policy.
Parent Topic: Interconnecting an MRS Cluster with OBS Using an IAM Agency
Managing Permissions Assigned to IAM Users As an administrator, you can view or delete permissions assigned to IAM users on the Permissions tab of the IAM console.
Must I Use an OBS Bucket as an IAM User When Configuring Transfer on CTS as an IAM User? No. You only need to ensure that you have permission to perform operations on OBS buckets. Parent topic: Trace Transfer
