检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM User Isolation Account Settings Asset Ownership Allocation Parent topic: Permissions Management
Setting IAM User Quota Function Sets quota for an IAM user. This API can be used only when IAM user isolation is enabled. Only the root account can set the quota. Calling Method For details, see Calling APIs.
Deleting IAM User Quota Function Deletes quota for an IAM user. This API can be used only when IAM user isolation is enabled. Only the root account can delete the quota. Calling Method For details, see Calling APIs.
Querying IAM User Quota Function Queries quota of an IAM user. Only the root account can query the quota. Calling Method For details, see Calling APIs.
Creating IAM User Quota Function Creates quota for an IAM user. This API can be used only when IAM user isolation is enabled. Only the root account can create the quota. Calling Method For details, see Calling APIs.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Table 9 SubAccountControlConfig Parameter Type Description separately_controlled Boolean Whether the IAM user service is controlled separately. Default value: false sub_account_type String IAM user type. IAM_USER: IAM user id of the caller is used to replace X-App-UserId.
Actions Supported by Policy-based Authorization MetaStudio does not support fine-grained authorization when it is interconnected with IAM 3.0. Parent Topic: Permissions and Supported Actions
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure within your Huawei Cloud account. Each IAM user will have their own security credentials for accessing MetaStudio resources.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Table 7 SubAccountControlConfig Parameter Type Description separately_controlled Boolean Whether the IAM user service is controlled separately. Default value: false sub_account_type String IAM user type. IAM_USER: IAM user id of the caller is used to replace X-App-UserId.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
For example, if an IAM user wants to call the API for creating an asset, the IAM user must have the permissions of the MetaStudio FullAccess role. With identity policy-based authorization, the IAM user must be granted the permission for the action metastudio:dacAsset:create.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
For more information about IAM, see IAM Service Overview. MetaStudio does not support enterprise projects. MetaStudio Permissions By default, new IAM users do not have permissions granted.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Parent topic: IAM User Isolation
Account Settings By default, IAM users under the same Huawei Cloud account share resources. Specifically: Sharing of resources purchased by each IAM user: Each IAM user's total available resource quantity is the sum of available resources purchased by all IAM users.
