检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can create IAM users or user groups for employees based on the organizational structure of your enterprise. Each IAM user or user group has their own security credentials, providing access to DSC resources.
Using IAM Roles or Policies to Grant Access to DSC To manage DSC permissions based on roles and policies, you can use Identity and Access Management (IAM) to implement fine-grained permissions control over your IAM resources.
Using IAM to Grant Access to DSC Using IAM Roles or Policies to Grant Access to DSC Using IAM Identity Policies to Grant Access to DSC
IAM Identity and Access Management (IAM) provides you with permission management for DSC. Only users who have Tenant Administrator permissions can perform operations such as authorizing, managing, and detect cloud assets using DSC.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
For details, see Using IAM Roles or Policies to Grant Access to DSC. Constraints The specifications of DSC cannot be downgraded once you complete the purchase.
Prerequisites The account used to purchase the API data security protection instance must be a master account or an IAM account with permissions to create and authorize an agency. For details about how to create an agency, see Cloud Service Agency.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
For more information about IAM, see IAM Service Overview. Role/Policy-based Permissions Management DSC supports the role-based authorization model. By default, new IAM users do not have any permissions.
IPv4 address IPv6 address Linux-Passwd file Linux-Shadow file Key information SSL Certificate Secret_Access_Key AWS_ACCESS_KEY AWS_SECRET_KEY Facebook_SECRET IAM op_service account and password GitHub_KEY DSA private key EC private key Encryption private key RSA private key Location
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
(China) L2 Province (Chinese mainland) L2 Postal code (Chinese mainland) L2 City (Chinese mainland) L2 Municipality (China) L3 Address (Chinese mainland) Key credential information L3 SSL Certificate L4 Secret_Access_Key L3 AWS_ACCESS_KEY L4 AWS_SECRET_KEY L4 Facebook_SECRET L4 IAM
IPv4 address IPv6 address Linux password file Linux-Shadow file Key credential information SSL certificate AWS_ACCESS_KEY AWS_SECRET_KEY Facebook_SECRET IAM account GitHub_KEY DSA private key EC private key Encryption private key RSA private key Password Dynamic password/SMS verification
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
For details, see Using IAM Roles or Policies to Grant Access to DSC. You have purchased the standard DSC or professional DSC. Constraints The expired DSC cannot be directly upgraded. Renew DSC before upgrading it.
Access control DSC supports access control through IAM permissions. Table 1 DSC access control methods Access Control Method Description Reference Permissions management IAM permission IAM permissions define which actions on your cloud resources are allowed or denied.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. Table 3 FormData parameters Parameter Mandatory Type Description file Yes File Image file from which invisible watermarks are to be extracted.
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
