检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing CDN resources.
With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing CDN resources.
The account administrator grants only the permissions of an enterprise project to the IAM user, so the IAM user cannot obtain the domain ID of the account, and the following error message is displayed when the IAM user calls an API.
Using IAM to Grant Access to CDN Authorizing and Associating an Enterprise Project Using IAM Roles or Policies to Grant Access to CDN Using IAM Identity Policies to Grant Access to CDN
Table 1 Comparison of OBS agency permissions Version Permissions Granted to CDN After the Agency Is Enabled Old All permissions of the IAM system-defined role Tenant Guest. For details, see IAM Permissions. New obs:object:GetObject for obtaining object content and metadata.
Constraints IAM users can enable SCM authorization only when they have the following permissions: Associated Cloud Service Permission IAM Listing permissions: iam:roles:listRoles Creating a custom policy: iam:roles:createRole Listing agencies: iam:agencies:listAgencies Creating an
How Do I Grant Some CDN Permissions to IAM Users? You can use IAM to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.
Possible causes: Your IAM agency quota has been used up. On the Quotas page of the IAM console, check whether the agency quota has been used up. If yes, delete unnecessary agencies or submit a service ticket to increase the quota. You are an IAM user.
Perform the following steps: If you are using CDN as an IAM user with insufficient permissions, view each permission on Permissions Management and ask the account administrator to assign the required permissions to you by referring to Creating a User and Granting CDN Permissions.
Perform the following operations to rectify the fault: If you log in as an IAM user, check whether you have the permissions required to perform cache purge and prefetch. If you do not have the required permissions, apply for them from your account administrator.
Parent topic: Using IAM to Grant Access to CDN
With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
Listing agencies: iam:agencies:listAgencies Listing permissions: iam:roles:listRoles Granting permissions to an agency for a region-specific project: iam:permissions:grantRoleToAgencyOnProject Log in to the CDN console.
Create a user group on the IAM console, and assign the CDN DomainReadOnlyAccess policy to the group. Create an IAM user and add it to the user group. Create a user on the IAM console and add the user to the group created in 1. Log in as the IAM user and verify permissions.
The following provides an example request with a body included. accountid: account ID of an IAM user username: name of an IAM user email: email of an IAM user **********: login password of an IAM user POST https://iam.ap-southeast-1.myhuaweicloud.com/v3.0/OS-USER/users Content-Type
IAM users can enable OBS authorization only when they have the following permissions: IAM permissions Listing agencies: iam:agencies:listAgencies Creating an agency: iam:agencies:createAgency Granting permissions to an agency for a region-specific project: iam:permissions:grantRoleToAgencyOnProject
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
For more information about IAM, see IAM Service Overview. Role/Policy-based Authorization CDN supports authorization with roles and policies. New IAM users do not have any permissions assigned by default.
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations? This section describes the elements used by IAM custom identity policies and Organizations SCPs.
Object Storage Service (OBS) Accelerating Delivery of OBS Resources IAM provides: User and permission management IAM user and user group management Fine-grained policy management Agency management Allow CDN to access your OBS private buckets on the IAM console.
