检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Obtaining Account, IAM User, Group, Project, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
}/info iam:users:update - GET /v3/users iam:users:list - POST /v3/users iam:users:create - GET /v3/users/{user_id} iam:users:get - DELETE /v3/users/{user_id} iam:users:delete - PATCH /v3/users/{user_id} iam:users:update - GET /v3/users/{user_id}/groups iam:users:listGroups - GET /
startIdentityCenter Grants permission to enable IAM Identity Center. write - - IdentityCenter:instance:deleteIdentityCenter Grants permission to disable IAM Identity Center. write - - IdentityCenter:instance:list Grants permission to query the IAM Identity Center instance list. list
The IAM Identity Center user you created is displayed in the user list. Step 4: Creating a Permission Set In the navigation pane of IAM Identity Center, choose Multi-Account Permissions > Permission Sets.
For details about the condition keys defined by IAM Access Analyzer, see Conditions. The following table lists the actions that you can define in SCP statements for IAM Access Analyzer.
For details about the condition keys defined by IAM Identity Broker, see Conditions. The following table lists the actions that you can define in policy statements for IAM Identity Broker.
Create an IAM user and add it to the user group. Create a user on the IAM console and add it to the user group created in 1. Log in and verify permissions. Log in to the console as the IAM user.
Operations Management (AOM) Application Operations Management (AOM) 16 Cloud Eye Cloud Eye (CES) 17 Application Performance Management (APM) Application Performance Management (APM) 18 IAM Identity Broker IAM Identity Broker User Support No.
Regions for Using SCPs SCPs are available in the following regions: Regions for using SCPs also support the use of IAM identity policies.
In contrast, IAM policies directly grant permissions to IAM users, IAM user groups, and IAM agencies.
Service control policies (SCPs) in Organizations use a similar syntax to that used by Identity and Access Management (IAM) policies. They both use the JSON syntax. For details, see SCP Syntax.
Users and Agencies from Making Certain Changes Preventing IAM Users and Agencies from Making Specified Changes, with an Exception for Specified Accounts Preventing IAM Users and Agencies from Making Specified Changes, with an Exception for Specified Agencies Preventing Member Accounts
Accessing Account Resources Via IAM Identity Center You can associate an account with users and permission sets in IAM Identity Center, and log in to the IAM Identity Center console via the user portal URL to access the resources in the account in the given organization.
Actions Organization Management Permission API Action IAM Project Enterprise Project Creating an organization POST /v1/organizations organizations:organizations:create iam:agencies:createServiceLinkedAgency Not supported Not supported Getting organization information GET /v1/organizations
There is no change to the permissions assigned to the management account and its IAM users. Impact on Member Accounts Each member account will become a standalone account.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Management & Governance Simple Message Notification (SMN) Log Tank Service (LTS) Identity and Access Management (IAM) Security Token Service (STS) Resource Formation Service (RFS) IAM Identity Center Organizations Resource Access Manager (RAM) Enterprise Project Management Service
Helpful Links For details about the differences in access control between IAM and Organizations, see What Are the Differences in Access Control Between IAM and Organizations? Parent topic: Overview of an SCP
principal is an IAM root user.
IAM provides identity authentication, permissions management, and access control, helping you securely access Huawei Cloud resources. With IAM, you can create IAM users and assign permissions enabling them to control their access to specific resources.
