检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to HSS Creating a User and Granting Permissions HSS Custom Policies HSS Actions
If your Huawei Cloud account does not need individual IAM users, then you may skip over this section. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups.
Parent Topic: Using IAM to Grant Access to HSS
"Action": [ "hss:hosts:switchVersion", "hss:hosts:manualDetect", "hss:manualDetectStatus:get" ] } ] } Parent Topic: Using IAM
Identity Authentication and Access Control Identity and Access Management (IAM) provides refined permissions management for HSS resources. You can: Create IAM users for employees based on the organizational structure of your enterprise.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see What Is IAM? HSS Permissions By default, new IAM users do not have permissions assigned.
Related Services You can use SMN to receive alarm notifications, IAM service to manage user permissions, and Cloud Trace Service (CTS) to audit user behaviors.
On the Permissions tab, click Authorize User Group to go to the User Groups page on the IAM console. Associate the enterprise project with a user group and assign permissions to the group. For details, see Creating a User Group and Assigning Permissions in the IAM help.
IAM provides identity authentication, permissions management, and access control, helping you efficiently manage access to your HSS resources. For details, see HSS Permissions Management.
To view the delegation records of each region, go to the IAM console, choose Agencies, and click hss_policy_trust. Table 1 describes the cloud service resource permissions that HSS needs you to assign.
For details about how to grant permissions, see Assigning Permissions to an IAM User. Parent topic: Others
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
Obtaining a Region ID from the Console Log in to Huawei Cloudthe cloud platform, go to the IAM console, and choose Projects. The value in the Project Name column is the ID of the region that the project belongs to. Figure 1 Viewing the region ID Parent Topic: Appendixes
Preparations If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
Preparations If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
In a CCE cluster, to operate and protect resource objects, you need to obtain either of the following operation permissions: IAM permissions: Tenant Administrator or CCE Administrator. Namespace permissions (authorized by Kubernetes RBAC): O&M permissions.
For example, if status code 201 is returned for calling the API used to create an IAM user, the request is successful. Response Header A response header corresponds to a request header, for example, Content-Type.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
Constraints The following permissions are required for IAM users to stop a scan: HSS permission: batch image scan (hss:images:set) or container asset management (hss:containers:set) For details, see Using IAM to Grant Access to HSS.
