检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For engines with security authentication enabled, if the login user is the user imported in Importing an IAM Account, go to 6. For other users, go to 5. In the displayed Security Authentication dialog box, enter the account name and password, and click OK.
For engines with security authentication enabled, if the login user is the user imported in Importing an IAM Account, go to 6. For other users, go to 5. In the displayed Security Authentication dialog box, enter the account name and password, and click OK.
For engines with security authentication enabled, if the login user is the user imported in Importing an IAM Account, go to 6. For other users, go to 5. In the displayed Security Authentication dialog box, enter the account name and password, and click OK.
Log in to the IAM console and choose Agencies to check the agency quota and either adjust it or delete agencies that are no longer in use. Parent topic: Precautions When Using Huawei Cloud CSE
User An Identity and Access Management (IAM) user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys). The account name, username, and password will be required for API authentication.
Request Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token. x-engine-id Yes String Instance ID of an exclusive microservice engine. X-Enterprise-Project-ID Yes String Enterprise project ID.
Log in to Huawei Cloud as an IAM user. Tenant name: Name of the account used to create the IAM user IAM username and IAM user password: Username and password specified during IAM user creation using the Tenant name Create a microservice engine on the CSE console.
Querying an RBAC Token Function This API is used to obtain an RBAC token based on the IAM token. If a ServiceComb engine is used, you need to create or import an IAM user in the engine.
You can create up to 1000 accounts, including new accounts and the imported IAM account. Importing an IAM Account Imports an IAM account and associates roles with it. Users who use this IAM account have the access and operation permissions on the microservice engine.
For engines with security authentication enabled, if the login user is the user imported in Importing an IAM Account, go to 6. For other users, go to 5. In the displayed Security Authentication dialog box, enter the account name and password, and click OK.
IAM provides a limited number of roles for permissions management. Different services often depend on other services, so these dependencies must be considered when assigning roles. However, roles are not ideal for fine-grained authorization and least privilege access.
If status code 201 is returned for the API for creating an IAM user, the request is successful. Response Header Similar to a request, a response also has a header, for example, Content-Type. Figure 1 shows the response header for the API for creating an IAM user.
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
IAM user import Identity and Access Management (IAM) To import IAM users, the IAM ReadOnlyAccess permission is required. Table 3 lists the common operations for each system-defined policy or role of CSE. Select policies or roles as needed.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
To operate a ServiceComb engine on CSE, you must have both the IAM and RBAC permissions, and the IAM permission takes precedence over the RBAC permission.
The API for obtaining a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication.
For engines with security authentication enabled, if the login user is the user imported in Importing an IAM Account, go to 6. For other users, go to 5. In the displayed Security Authentication dialog box, enter the account name and password, and click OK.
For engines with security authentication enabled, if the login user is the user imported in Importing an IAM Account, go to 6. For other users, go to 5. In the displayed Security Authentication dialog box, enter the account name and password, and click OK.
Access Policy Description Documentation IAM permissions IAM permissions define which actions on your cloud resources are allowed and which actions are denied, to control access to your resources.
