检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
startIdentityCenter Grants permission to enable IAM Identity Center. write - - IdentityCenter:instance:deleteIdentityCenter Grants permission to disable IAM Identity Center. write - - IdentityCenter:instance:list Grants permission to query the IAM Identity Center instance list. list
For details about the condition keys defined by IAM Access Analyzer, see Conditions. The following table lists the actions that you can define in SCP statements for IAM Access Analyzer.
For details about the condition keys defined by IAM Identity Broker, see Conditions. The following table lists the actions that you can define in policy statements for IAM Identity Broker.
Create an IAM user and add it to the user group. Create a user on the IAM console and add it to the user group created in 1. Log in and verify permissions. Log in to the console as the IAM user.
In contrast, IAM policies directly grant permissions to IAM users, IAM user groups, and IAM agencies.
The IAM Identity Center user you created is displayed in the user list. Step 4: Creating a Permission Set In the navigation pane of IAM Identity Center, choose Multi-Account Permissions > Permission Sets.
}/info iam:users:update - GET /v3/users iam:users:list - POST /v3/users iam:users:create - GET /v3/users/{user_id} iam:users:get - DELETE /v3/users/{user_id} iam:users:delete - PATCH /v3/users/{user_id} iam:users:update - GET /v3/users/{user_id}/groups iam:users:listGroups - GET /
Obtaining Account, IAM User, Group, Project, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Regions for Using SCPs SCPs are available in the following regions: Regions for using SCPs also support the use of IAM identity policies.
Operations Management (AOM) Application Operations Management (AOM) 16 Cloud Eye Cloud Eye (CES) 17 Application Performance Management (APM) Application Performance Management (APM) 18 IAM Identity Broker IAM Identity Broker User Support No.
principal is an IAM root user.
If your Huawei Cloud account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see Identity and Access Management Service Overview.
Service control policies (SCPs) in Organizations use a similar syntax to that used by Identity and Access Management (IAM) policies. They both use the JSON syntax. For details, see SCP Syntax.
Management & Governance Simple Message Notification (SMN) Log Tank Service (LTS) Identity and Access Management (IAM) Security Token Service (STS) Resource Formation Service (RFS) IAM Identity Center Organizations Resource Access Manager (RAM) Enterprise Project Management Service
Logging In with the New Account via IAM Identity Center After an account is created, you can associate it with users and permission sets in IAM Identity Center.
Helpful Links For details about the differences in access control between IAM and Organizations, see What Are the Differences in Access Control Between IAM and Organizations? Parent topic: Overview of an SCP
Actions Organization Management Permission API Action IAM Project Enterprise Project Creating an organization POST /v1/organizations organizations:organizations:create iam:agencies:createServiceLinkedAgency Not supported Not supported Getting organization information GET /v1/organizations
Users and Agencies from Making Certain Changes Preventing IAM Users and Agencies from Making Specified Changes, with an Exception for Specified Accounts Preventing IAM Users and Agencies from Making Specified Changes, with an Exception for Specified Agencies Preventing Member Accounts
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
