检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Figure 8 Viewing permissions Step 2: Create an IAM User IAM users can be created for employees or applications of an enterprise. Each IAM user has their own security credentials, and inherits permissions from the groups it is a member of.
Configuring the Required Permissions If you have an IAM account, assign DAS FullAccess permissions to all users of the account. For details, see Create User Groups and Assign Permissions.
Log in to the IAM console using a Huawei Cloud account or an IAM account, locate the IAM user that the target instance belongs to, and add it to the user group created in 2. The IAM user will inherit permissions of the user group.
Creating a User and Granting GeminiDB Redis API Permissions This section describes how to use IAM to control fine-grained permissions for your GeminiDB resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Creating a User Group and Assigning Permissions This section describes how to use IAM to control fine-grained permissions for your GeminiDB resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Creating a User Group and Assigning Permissions This section describes how to use IAM to control fine-grained permissions for your GeminiDB resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Log in to the IAM console using a Huawei Cloud account or as an IAM user, locate the IAM user that the target instance belongs to, and add it to the user group created in 3. The IAM user will inherit permissions of the user group.
Log in to the IAM console using a Huawei Cloud account or an IAM account, locate the IAM user that the target instance belongs to, and add it to the user group created in 2. The IAM user will inherit permissions of the user group.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently obtaining the token.
Policies that only contain actions for IAM projects can be used and only take effect for IAM. For the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate other APIs.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
GeminiDB Actions Table 1 Instance management actions Permission API Action IAM Project Enterprise Project Creating a DB instance POST /v3/{project_id}/instances nosql:instance:create √ √ Deleting a DB instance DELETE /v3/{project_id}/instances/{instance_id} nosql:instance:delete √
"iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:roles:createRole" ] } ] } Create a user group and assign permissions.
Creating a User and Assigning Permissions This section describes how to use IAM to control fine-grained permissions for your GeminiDB resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
GeminiDB Mongo instance influxdb: GeminiDB Influx instance redis: GeminiDB Redis instance Default value: N/A Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String Explanation: User token You can obtain the token by calling the IAM
You can create IAM users and use them to manage GeminiDB resources. When you log in using an IAM user, password authentication is required. For details, see Step 2: Create IAM Users and Log In.
Constraints: N/A Values: N/A Default value: N/A Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String Explanation: User token You can obtain the token by calling the IAM API by following Obtaining a User Token Through Password
users: Creating a custom policy: iam:agencies:listAgencies iam:agencies:createAgency iam:permissions:listRolesForAgencyOnProject iam:permissions:grantRoleToGroupOnProject iam:roles:listRoles iam:roles:createRole Adding system role Security Administrator: Select a user group to which
IAM Identity and Access Management (IAM) provides permission management for GeminiDB. TMS Tag Management Service (TMS) enables you to use tags to manage resources on the management console.
