检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Obtaining Account, IAM User, Group, Project, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
The IAM Identity Center user you created is displayed in the user list. Step 4: Creating a Permission Set In the navigation pane of IAM Identity Center, choose Multi-Account Permissions > Permission Sets.
Using SCPs to Control Permission Boundaries of IAM Identities in Member Accounts Scenarios Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
Create an IAM user and add it to the user group. Create a user on the IAM console and add it to the user group created in 1. Log in and verify permissions. Log in to the Organizations console as the IAM user.
Service Name Reference 1 Simple Message Notification (SMN) Simple Message Notification (SMN) 2 Log Tank Service (LTS) Log Tank Service (LTS) 3 Identity and Access Management (IAM) Identity and Access Management (IAM) 4 IAM Identity Center IAM Identity Center 5 Organizations Organizations
Regions for Using SCPs SCPs are available in the following regions: Regions for using SCPs also support the use of IAM identity policies.
In contrast, IAM policies directly grant permissions to IAM users, IAM user groups, and IAM agencies.
IAM users in the delegated administrator account still need IAM permissions to access and manage the specified service. This API can be called only from the organization's management account.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Service control policies (SCPs) in Organizations use a similar syntax to that used by Identity and Access Management (IAM) policies. They both use the JSON syntax. For details, see SCP Syntax.
Users and Agencies from Making Certain Changes Preventing IAM Users and Agencies from Making Specified Changes, Except for Specified Accounts Preventing IAM Users and Agencies from Making Specified Changes, Except for Specified Agencies Using NotResource to Prevent Starting All ECS
Logging In with the New Account via IAM Identity Center After an account is created, you can associate it with users and permission sets in IAM Identity Center.
Actions Organization Management Permission API Action IAM Project Enterprise Project Creating an organization POST /v1/organizations organizations:organizations:create iam:agencies:createServiceLinkedAgencyV5 Not supported Not supported Getting organization information GET /v1/organizations
There is no change to the permissions assigned to the management account and its IAM users. Impact on Member Accounts Each member account will become a standalone account.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Permissions Management Creating an IAM User and Granting Organizations Permissions Creating Custom Policies
Helpful Links For details about the differences in access control between IAM and Organizations, see What Are the Differences in Access Control Between IAM and Organizations? Parent topic: Overview of an SCP
resourceShares:create" ], "Resource": [ "*" ], "Condition": { "ForAnyValue:StringNotEquals": { "g:RequestTag/owner": [ "Alice", "Jack" ] } } } ] } SCPs use a similar syntax to that used by IAM
Appendixes Status Codes Error Codes Obtaining Account, IAM User, Group, Project, Region, and Agency Information
If your Huawei Cloud account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see Identity and Access Management Service Overview.
