检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The token can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. project_id Yes Specifies the project ID.
IAM provides identity authentication, permissions management, and access control, helping you to securely access your Huawei Cloud resources. With IAM, you can create IAM users and assign permissions to control their access to specific resources.
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of the account to which the IAM user belongs } } } }, "scope
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Create an IAM User If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users.
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Creating a User and Granting Permissions Use IAM to implement fine-grained permissions control over your BMSs. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Tenant Quota Management Permissions APIs Actions IAM Project Enterprise Project Querying the Tenant Quota GET /v1/{project_id}/baremetalservers/limits bms:serverQuotas:get √ x Parent topic: Permissions and Supported Actions
IAM project/Enterprise project: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
NIC Management Permissions API Action IAM Project Enterprise Project Querying Information About BMS NICs GET /v1/{project_id}/baremetalservers/{server_id}/os-interface bms:servers:get √ √ Parent topic: Permissions and Supported Actions
Password Management Permissions API Action IAM Project Enterprise Project Querying Whether a BMS Supports Password Reset GET /v1/{project_id}/baremetalservers/{server_id}/os-resetpwd-flag bms:servers:get √ √ Resetting the BMS password PUT /v1/{project_id}/baremetalservers/{server_id
Disk Management Permissions API Action Dependent Actions IAM Project Enterprise Project Detaching a Disk from a BMS DELETE /v1/{project_id}/baremetalservers/{server_id}/detachvolume/{attachment_id} bms:servers:detachVolume - √ √ Attaching a Disk to a BMS POST /v1/{project_id}/baremetalservers
Flavor Query Permissions API Action IAM Project Enterprise Project Querying Details About Flavors and Extended Flavor Information GET /v1/{project_id}/baremetalservers/flavors bms:serverFlavors:get √ √ Parent topic: Permissions and Supported Actions
To obtain temporary AK/SK on a BMS, you need to create an agency for BMS on IAM and assign required resource permissions to BMS. For details, see Identity and Access Management User Guide.
Status Management Permissions API Action IAM Project Enterprise Project Change the Name of a BMS PUT /v1/{project_id}/baremetalservers/{server_id} bms:servers:put √ √ Reinstalling the BMS OS POST /v1/{project_id}/baremetalservers/{server_id}/reinstallos bms:servers:reInstallOS √ √
Lifecycle Management Permissions API Action IAM Project Enterprise Project Creating a BMS POST /v1/project_id}/baremetalservers bms:servers:create √ √ Querying Details About BMSs GET /v1/{project_id}/baremetalservers/detail bms:servers:list √ √ Querying Details About a BMS GET /v1
Metadata Management Permissions APIs Actions IAM Project Enterprise Project Updating the Metadata of a BMS POST /v1/{project_id}/baremetalservers/{server_id}/metadata bms:servers:updateMetadata √ √ Parent topic: Permissions and Supported Actions
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Identity Authentication and Access Control Identity and Access Management (IAM) provides functions such as user identity authentication, permission assignment, and access control. You can use IAM to securely control user access to your BMSs.
