检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM Roles or Policies to Grant Access to COC To manage the permissions for your COC, you can use the IAM and refer to Permissions Management. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Using IAM to Grant Access to COC Using IAM Roles or Policies to Grant Access to COC Resource Types Supported by COC Service-specific Condition Keys Supported by COC
Parent Topic: Using IAM to Grant Access to COC
IAM or enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both.
"password": "********", //IAM user password "domain": { "name": "domainname" //Name of the account to which the IAM user belongs } } } }, "scope": {
How Do I Log In to COC as a Non-Common IAM User? You can log in to COC as a common IAM user, IAM federated user (including IAM user in SSO mode and virtual user in SSO mode), and IAM Identity Center user.
Figure 1 Enabling COC and obtaining required permissions Table 1 Permissions in ServiceAgencyForCOC Permission Description Project [Region] Scenario IAM ReadOnlyAccess Read-only permissions for IAM Global service [Global] Used to read personnel information under an IAM account in
Solution Log in to IAM as an administrator. In the user list, click Authorize in the row that contains the target user. Figure 1 Authorizing an IAM user Set Authorization Model to RBAC.
Figure 12 Creating an Identity Policy for a Tenant Agency In the navigation pane of the new IAM console, choose Agencies.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Parent Topic: Using IAM to Grant Access to COC
and custom identity policies: "iam:policies:createV5", "iam:policies:listV5", "iam:groups:attachPolicyV5", "iam:groups:detachPolicyV5", "iam:policies:deleteV5", "iam:policies:listVersionsV5", "iam:policies:createVersionV5", "iam:policies:deleteVersionV5" Precautions By default,
FAQs About Basic Configurations How Do I Log In to COC as a Non-Common IAM User?
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Table 1 User types and their sources on the O&M Engineer Management page User Type User Data Source Common IAM user Synchronized from IAM IAM Federated User (IAM User SSO) Synchronized from IAM IAM federated user (Virtual User SSO) Manually added on the O&M engineer page IAM Identity
The API used to obtain a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
IAM provides identity authentication, permissions management, and access control, helping you to securely access your Huawei Cloud resources. If your HUAWEI ID does not require IAM for permissions management, you can skip this section. IAM can be used on Huawei Cloud for free.
Solution Log in to IAM as an administrator. Choose Permissions > Policies/Roles and click Create Custom Policy. Figure 1 Creating a custom policy Set the policy content, select CloudOpsCenter, and select the operations you want to authorize by enterprise project. Click OK.
Currently, COC supports IAM login, IAM federated user login (including IAM user SSO and virtual user SSO), and login via IAM Identity Center. Login via IAM agencies is not supported.
Access Control You can use IAM to securely control access to your COC resources. For more information about IAM and COC permissions management, see Permissions Management. Parent topic: Security
