检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting Permissions You can use IAM to implement refined permission control for DBSS resources. To be specific, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
IAM provides functions such as identity authentication, permissions management, and access control. With IAM, you can create IAM users and assign permissions to control their access to specific resources.
If your Huawei Cloud account does not need individual IAM users, you can skip this section. By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
If you need to use this permission, configure this permission to export instance information. iam:agencies:createAgency iam:permissions:grantRoleToAgency iam:permissions:grantRoleToAgencyOnEnterpriseProject iam:permissions:grantRoleToAgencyOnDomain iam:permissions:grantRoleToAgencyOnProject
Access Control DBSS supports access control through IAM permissions. Table 1 DBSS access control Method Description Reference Permission management IAM permission IAM permissions define which actions on your cloud resources are allowed or denied.
Username IAM username User Password IAM user password Primary User Account IAM tenant name, that is, the account to which the IAM user belongs. Key Name Alias of the KMS key Figure 1 KMS console parameters Click Connection Test. After KMS is interconnected, click Save.
In the same region, all the IAM users of an account can use database audit purchased under the account. Assume you have created a HUAWEI CLOUD account (domain1) in a region, and created two IAM users (sub-user01 and sub-user02) under domain1.
For security purposes, create IAM users and grant them permissions for routine management. User An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Suggestion Add the following permissions to your IAM accounts: tms:predefineTags:list bss:order:pay bss:order:view bss:order:update bss:balance:view vpc:vpcs:list smn:topic:list ces:metricData:create gaussdb:instance:list gaussdb:instance:modifyTraceSQLPolicy eps:resources:list rds
≥0 count Count N/A ECS 4 min IAM Identity and Access Management (IAM) provides you with permission management for DBSS. Only users who have the DBSS System Administrator permissions can use DBSS.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.)
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Response Parameters Status code: 200 Table 4 Response body parameter Parameter Parameter Type Description result String Response status.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description name No String Instance name.
