检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM Roles or Policies to Grant Access to DAS Role/Policy-based authorization provided by Identity and Access Management (IAM) can control access to DAS. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Using IAM to Grant Access to DAS Using IAM Roles or Policies to Grant Access to DAS Identity Policy-based Authorization
Click DB Instance Connections that IAM Users Share with Others and view information about the shared DB instance.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations? This section describes the elements used by IAM custom identity policies and Organizations SCPs.
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Process Flow Figure 1 Process of granting DAS permissions On the IAM console, create an IAM user or create a user group. Create a user or user group on the IAM console. Attach a system-defined identity policy to the user or user group.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
For more information about IAM, see IAM Service Overview. Role/Policy-based Authorization DAS supports role/policy-based authorization. New IAM users do not have any permissions assigned by default.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
Authorization Information Each account has permissions to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions Policies and Supported Actions.
