检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
To ensure account security, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
If your Huawei Cloud account does not need individual IAM users for permissions management, you can skip this section. For more information about IAM, see IAM Service Overview. OMS Permissions By default, new IAM users do not have any permissions.
destination_ak Destination SK: destination_sk Source bucket name: source_bucket Destination bucket name: destination_bucket Source type: cloud_type Procedure Obtain the token of the IAM user.
Creating a User and Assigning OMS Permissions This chapter describes how to use IAM for fine-grained permissions control for your OMS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Minimum length: 0 characters Maximum length: 255 characters Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String The token used for IAM authentication.
Minimum length: 1 character Maximum length: 1,024 characters Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String The token used for IAM authentication.
Minimum length: 1 character Maximum length: 1,024 characters Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String The token used for IAM authentication.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
If you select Programmatic Access for Access Mode, an AK/SK pair will be automatically generated for the IAM user. Assign permissions to the IAM user. Locate the subuser and click Add Permissions in the Actions column.
Then, navigate to the IAM & Admin part. Choose Service accounts > Create Service Account. Enter a service account name and other information, and click Finish. On the Service accounts page, Click the Email name and choose Keys > ADD KEY. The page for creating a key is displayed.
On the top navigation bar, click the username and choose IAM > User Management. Click Invite Sub Account. Specify Access Mode, Email and Username, and click OK. If you select API for Access Mode, an AK/SK pair will be automatically generated.
On the Console Home page, select the IAM service. In the navigation pane, choose Users. In the upper right corner, click Create user. On the Specify user details page, under User details, in User name, enter the name for the new user. Click Next.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Available in all regions SDK Overview Permissions Management OMS allows you to use IAM to implement fine-grained permissions control on your OMS resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Table 1 OMS resources supported by CTS Resource Name Resource Type Description Migration task Task Migration task resource Migration task group TaskGroup Migration task group resource Synchronization task SyncTask Synchronization task resource All All All OMS resources in an IAM project
Access Control You can use Identity and Access Management (IAM) to securely control access to your OMS resources. For more information, see Creating a User and Assigning OMS Permissions. Parent topic: Security
The following shows part of the response body for the API to create an IAM user.
Minimum length: 1 character Maximum length: 10 characters Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String The token used for IAM authentication.
API Constraints When you call OMS APIs, an IAM token is required for authentication.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
