检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to Cloud Eye Using IAM Roles or Policies to Grant Access to Cloud Eye Using IAM Identity Policies to Grant Access to Cloud Eye Granting Permissions by Cloud Service
With IAM, you can: Create IAM users or a user group for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing Cloud Eye resources.
Using IAM Roles or Policies to Grant Access to Cloud Eye You can use IAM for fine-grained permissions control for your Cloud Eye resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
What Should I Do If the IAM Account Permissions Are Abnormal? To use server monitoring, IAM users in a user group must have the Security Administrator permissions. If they do not have the permissions, a message indicating abnormal permissions is displayed.
IAM user login: IAM users are created by an administrator to use specific cloud services. Federated user login: Federated users are registered with an enterprise IdP that is created by the administrator in IAM.
This is because that you use an IAM user account, which does not have sufficient permissions. Check your permissions configured on IAM. Use the Huawei Cloud account to log in to the Huawei Cloud management console.
How Can an IAM User Receive Alarm Notifications? To enable an IAM user to receive alarm notifications, subscribe the email address or phone number of the user to an SMN topic and select the topic when you create alarm rules.
Parent Topic: Using IAM to Grant Access to Cloud Eye
One-click monitoring is only available to the enterprise project account or its IAM users with the Tenant Administrator permissions. For details about how to assign the Tenant Administrator permission to a user, see Creating a User Group and Assigning Permissions.
When configuring alarm rules, only Huawei Cloud accounts or IAM users with the Tenant Administrator permissions can select all resources. For details about how to assign the Tenant Administrator permissions to an IAM user, see Creating a User Group and Assigning Permissions.
"iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:roles:createRole",
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API. Procedure Obtain the token by referring to Authentication. Query the list of metrics that can be monitored.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
To learn more about how IAM is different from Organizations for access control, see How IAM Is Different from Organizations for Access Control?. This section describes the elements used by IAM custom identity policies and Organizations SCPs.
Introduction You can use Identity and Access Management (IAM) for fine-grained permissions management of your Cloud Eye. If your Huawei Cloud account does not need individual IAM users, you can skip this section.
Data Protection Technologies For data protections, you are advised to protect Huawei Cloud account credentials and use IAM to set up individual user accounts. In this way, each user is given only the permissions necessary to fulfill their job duties.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
IAM provides identity authentication, fine-grained permissions management, and access control. IAM helps you secure access to your Huawei Cloud resources. If your HUAWEI ID does not require IAM for permissions management, you can skip this section. IAM is a free service.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
