检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing CloudPond resources.
With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing CloudPond resources.
Using IAM to Grant Access to CloudPond Using IAM Roles or Policies to Grant Access to CloudPond Using IAM Identity Policies to Grant Access to CloudPond
Access Control for CloudPond Access Control You can create IAM users to grant minimum permissions required for completing specific tasks, and periodically review the granted permissions. For details, see IAM Best Practices.
To learn more about how IAM is different from Organizations for access control, see How IAM Is Different from Organizations for Access Control?. This section describes the elements used by IAM custom identity policies and Organizations SCPs.
You can use IAM to manage resource permissions, Cloud Eye or other methods to monitor resources, and security services to protect resources on your premises. Parent topic: CloudPond Overview
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For security purposes, create IAM users and grant them permissions for routine management. IAM user An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password or access keys).
Assume that an IAM user wants to call an API to query servers. With policy-based authorization, the IAM user must be granted the permissions allowing for action ies:edgeSite:listServers.
Access Control You can create IAM users to grant minimum permissions required for completing specific tasks, and periodically review the granted permissions. For details, see IAM Best Practices.
Create IAM users for fine-grained permission control and periodically review the permissions. Parent topic: Security
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
For more information about IAM, see IAM Service Overview. Role/Policy-based Authorization CloudPond supports role/policy-based authorization. New IAM users do not have any permissions assigned by default.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
