检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
Routes Permission API Action IAM Project Enterprise Project Creating a static route POST /v3/{project_id}/enterprise-router/route-tables/{route_table_id}/static-routes er:routes:create √ √ Updating a static route PUT /v3/{project_id}/enterprise-router/route-tables/{route_table_id}
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Identity and Access Management (IAM) You can use IAM to assign different permissions to different users to control their access to enterprise router resources.
IAM Functions Permissions Parent topic: Security
If your account does not need individual IAM users, you may skip this topic. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups.
Enterprise Router works with Identity and Access Management (IAM) to support four identity authentication methods: username and password, access key, temporary access key, and access code. IAM also provides Login Protection and Login Authentication Policy.
Associations Permission API Action IAM Project Enterprise Project Creating an association POST /v3/{project_id}/enterprise-router/{er_id}/route-tables/{route_table_id}/associate er:associations:associate √ √ Querying the association list GET /v3/{project_id}/enterprise-router/{er_id
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of the account that the IAM user belongs to } } } }, "scope"
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Quota Management Permission API Action IAM Project Enterprise Project Querying quotas GET /v3/{project_id}/enterprise-router/quotas er:quotas:list √ × Parent topic: Permissions Policies and Supported Actions
Tags Permission API Action IAM Project Enterprise Project Querying tags by resource type GET /v3/{project_id}/{resource_type}/tags er:tags:list √ × Querying resource tags GET /v3/{project_id}/{resource_type}/{resource_id}/tags er:tags:get √ √ Creating a resource tag POST /v3/{project_id
IAM provides functions such as identity authentication, permissions management, and access control. On the IAM console, you can create IAM users and assign permissions to control their access to specific resources.
Propagations Permission API Action IAM Project Enterprise Project Creating a propagation POST /v3/{project_id}/enterprise-router/{er_id}/route-tables/{route_table_id}/enable-propagations er:propagations:enable √ √ Querying the propagation list GET /v3/{project_id}/enterprise-router
If the authorization scope is set to IAM projects only, the custom policy will take effect only for user groups in IAM projects.
Other Types of Attachments Permission API Action IAM Project Enterprise Project Updating an attachment PUT /v3/{project_id}/enterprise-router/{er_id}/attachments/{attachment_id} er:attachments:update √ √ Querying details about an attachment GET /v3/{project_id}/enterprise-router/{
Creating a User and Granting Permissions This section describes how to use IAM to implement fine-grained permissions control for your Enterprise Router resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Route Tables Permission API Action IAM Project Enterprise Project Creating a route table POST /v3/{project_id}/enterprise-router/{er_id}/route-tables er:routeTables:create √ √ Updating a route table PUT /v3/{project_id}/enterprise-router/{er_id}/route-tables/{route_table_id} er:routeTables
Enterprise Routers Permission API Action IAM Project Enterprise Project Creating an enterprise router POST /v3/{project_id}/enterprise-router/instances er:instances:create √ √ Updating an enterprise router PUT /v3/{project_id}/enterprise-router/instances/{enterprise_router_id} er:
VPC Attachments Permission API Action IAM Project Enterprise Project Creating a VPC attachment POST /v3/{project_id}/enterprise-router/{er_id}/vpc-attachments er:attachments:create √ √ Updating a VPC attachment PUT /v3/{project_id}/enterprise-router/{er_id}/vpc-attachments/{vpc_attachment_id
