检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM Projects and Enterprise Projects IAM Projects Projects in IAM group and isolate OpenStack resources (compute, storage, and network resources). Resources in your account must be mounted under projects. Each project can be a department or a project team.
Creating an IAM Project and Assigning Permissions Creating an IAM Project Go to the management console, hover over the username in the upper right corner, and choose Identity and Access Management from the drop-down list.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials to access EG resources. Grant only the permissions required for users to perform a specific task.
", "Effect" : "Allow", "Principal" : { "additionalProp1" : { "IAM" : [ "domainID" ] }, "additionalProp2" : { "IAM" : [ "domainID" ] }, "additionalProp3" : { "IAM" : [ "domainID" ] } },
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
", "Effect" : "Allow", "Principal" : { "additionalProp1" : { "IAM" : [ "domainID" ] }, "additionalProp2" : { "IAM" : [ "domainID" ] }, "additionalProp3" : { "IAM" : [ "domainID" ] } },
The token can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
The token can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
iam:roles:createRole iam:agencies:getAgency iam:agencies:createAgency iam:permissions:listRolesForAgency iam:permissions:listRolesForAgencyOnProject iam:permissions:listRolesForAgencyOnDomain
