检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM Roles or Policies to Grant Access to DDS System-defined permissions in provided by Identity and Access Management (IAM) let you control access to DDS. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
Using IAM Identity Policies to Grant Access to DDS System-defined permissions in provided by Identity and Access Management (IAM) let you control access to DDS. With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure.
Using IAM to Grant Access to DDS Using IAM Roles or Policies to Grant Access to DDS Using IAM Identity Policies to Grant Access to DDS
Figure 5 Specifying the scope Step 2: Create an IAM User IAM users can be created for employees or applications of an enterprise. Each IAM user has their own security credentials, and inherits permissions from the groups it is a member of.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequent IAM API calling.
IAM User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys). API authentication requires information such as the account name, username, and password.
For more information about IAM, see IAM Service Overview. Role/Policy-based Authorization DDS supports role/policy-based authorization. New IAM users do not have any permissions assigned by default.
For fine-grained permissions management on Huawei Cloud resources, use Identity and Access Management (IAM) to create a user or user group and grant it specific operation permissions. For details, see Creating a User and Granting Permissions.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Creating a User and Granting the Read-Only Permission to the User This section describes how to use IAM to grant read-only permissions to DDS.
For fine-grained permissions management on Huawei Cloud resources, use Identity and Access Management (IAM) to create a user or user group and grant it specific operation permissions. For details, see Creating a User and Granting Permissions.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate the calling of other APIs.
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations? This section describes the elements used by IAM custom identity policies and Organizations SCPs.
With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
In addition, the IAM service is provided, achieving access control over DDS resources. Parent topic: Network Security
{Endpoint} is the IAM endpoint and can be obtained from the Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
IAM users can use DDS resources only after their accounts and passwords are verified. For details, see Creating an IAM User and Logging In.
