检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Obtaining Account, IAM User, Group, Project, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
}/info iam:users:update - GET /v3/users iam:users:list - POST /v3/users iam:users:create - GET /v3/users/{user_id} iam:users:get - DELETE /v3/users/{user_id} iam:users:delete - PATCH /v3/users/{user_id} iam:users:update - GET /v3/users/{user_id}/groups iam:users:listGroups - GET /
startIdentityCenter Grants permission to enable IAM Identity Center. write - - IdentityCenter:instance:deleteIdentityCenter Grants permission to disable IAM Identity Center. write - - IdentityCenter:instance:list Grants permission to query the IAM Identity Center instance list. list
For details about the condition keys defined by IAM Access Analyzer, see Conditions. The following table lists the actions that you can define in SCP statements for IAM Access Analyzer.
For details about the condition keys defined by IAM Identity Broker, see Conditions. The following table lists the actions that you can define in policy statements for IAM Identity Broker.
The IAM Identity Center user you created is displayed in the user list. Step 4: Creating a Permission Set In the navigation pane of IAM Identity Center, choose Multi-Account Permissions > Permission Sets.
Using SCPs to Control Permission Boundaries of IAM Identities in Member Accounts Scenarios Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
Create an IAM user and add it to the user group. Create a user on the IAM console and add it to the user group created in 1. Log in and verify permissions. Log in to the console as the IAM user.
Operations Management (AOM) Application Operations Management (AOM) 16 Cloud Eye Cloud Eye (CES) 17 Application Performance Management (APM) Application Performance Management (APM) 18 IAM Identity Broker IAM Identity Broker User Support No.
Regions for Using SCPs SCPs are available in the following regions: Regions for using SCPs also support the use of IAM identity policies.
In contrast, IAM policies directly grant permissions to IAM users, IAM user groups, and IAM agencies.
IAM users in the delegated administrator account still need IAM permissions to access and manage the specified service. This API can be called only from the organization's management account.
Service control policies (SCPs) in Organizations use a similar syntax to that used by Identity and Access Management (IAM) policies. They both use the JSON syntax. For details, see SCP Syntax.
Logging In with the New Account via IAM Identity Center After an account is created, you can associate it with users and permission sets in IAM Identity Center.
Actions Organization Management Permission API Action IAM Project Enterprise Project Creating an organization POST /v1/organizations organizations:organizations:create iam:agencies:createServiceLinkedAgencyV5 Not supported Not supported Getting organization information GET /v1/organizations
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Management & Governance Simple Message Notification (SMN) Log Tank Service (LTS) Identity and Access Management (IAM) Security Token Service (STS) Resource Formation Service (RFS) IAM Identity Center Organizations Resource Access Manager (RAM) Enterprise Project Management Service
Helpful Links For details about the differences in access control between IAM and Organizations, see What Are the Differences in Access Control Between IAM and Organizations? Parent topic: Overview of an SCP
principal is an IAM root user.
If your Huawei Cloud account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see Identity and Access Management Service Overview.
