检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure. Each IAM user has their own security credentials, providing access to BMS resources. Grant only the permissions required for users to perform a specific task.
With IAM, you can: Create IAM users or user groups for employees based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing BMS resources. Grant only the permissions required for users to perform a specific task.
Using IAM to Grant Access to BMS Using IAM Roles or Policies to Grant Access to BMS Using IAM Identity Policies to Grant Access to BMS
Authorization Information Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned.
For more information about IAM, see IAM Service Overview. System-defined Permissions in Role/Policy-based Authorization BMS supports authorization with roles and policies. New IAM users do not have any permissions assigned by default.
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of the account to which the IAM user belongs } } } }, "scope
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Create an IAM User If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users.
Authorization Information Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned.
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Tenant Quota Management Permissions APIs Actions IAM Project Enterprise Project Querying the Tenant Quota GET /v1/{project_id}/baremetalservers/limits bms:serverQuotas:get √ x Parent topic: Permissions and Supported Actions
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations? This section describes the elements used by IAM custom identity policies and Organizations SCPs.
With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
NIC Management Permissions API Action IAM Project Enterprise Project Querying Information About BMS NICs GET /v1/{project_id}/baremetalservers/{server_id}/os-interface bms:servers:get √ √ Parent topic: Permissions and Supported Actions
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
Flavor Query Permissions API Action IAM Project Enterprise Project Querying Details About Flavors and Extended Flavor Information GET /v1/{project_id}/baremetalservers/flavors bms:serverFlavors:get √ √ Parent topic: Permissions and Supported Actions
Metadata Management Permissions APIs Actions IAM Project Enterprise Project Updating the Metadata of a BMS POST /v1/{project_id}/baremetalservers/{server_id}/metadata bms:servers:updateMetadata √ √ Parent topic: Permissions and Supported Actions
Identity Authentication and Access Control Identity and Access Management (IAM) provides functions such as user identity authentication, permission assignment, and access control. You can use IAM to securely control user access to your BMSs.
