检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM Roles or Policies to Grant Access to HSS You can perform role/policy-based authorization using Identity and Access Management (IAM). Create IAM users for employees based on the organizational structure of your enterprise.
Using IAM Identity Policies to Grant Access to HSS You can perform identity policy-based authorization using Identity and Access Management (IAM). Create IAM users or user groups for personnel based on your enterprise's organizational structure.
Using IAM to Grant Access to HSS Using IAM Roles or Policies to Grant Access to HSS Using IAM Identity Policies to Grant Access to HSS
For details about how to grant permissions, see Assigning Permissions to an IAM User. Parent topic: Others
IAM provides identity authentication, permissions management, and access control, helping you efficiently manage access to your HSS resources. For details, see HSS Permissions Management.
Preparations If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
On the old IAM console: HSS AgencyOperatePolicy system policy or Security Administrator system role. IAM users must have the preceding permissions to view or process authorization management information. For details, see Creating a User Group and Assigning Permissions.
If your Huawei ID does not need individual IAM users, you may skip this section. With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies).
Figure 1 shows the response body for the API for creating an IAM user.
Related Services You can use SMN to receive alarm notifications, IAM service to manage user permissions, and Cloud Trace Service (CTS) to audit user behaviors.
Obtaining a Region ID from the Console Log in to Huawei Cloudthe cloud platform, go to the IAM console, and choose Projects. The value in the Project Name column is the ID of the region that the project belongs to. Figure 1 Viewing the region ID Parent Topic: Appendixes
For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
On the Permissions tab, click Authorize User Group to go to the User Groups page on the IAM console. Associate the enterprise project with a user group and assign permissions to the group. For details, see Creating a User Group and Assigning Permissions in the IAM help.
For details about IAM, see IAM Service Overview. Role/Policy-based Permissions Management HSS supports role/policy-based authorization. By default, new IAM users do not have permissions assigned.
Preparations If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions.
Identity Authentication and Access Control Identity and Access Management (IAM) provides refined permissions management for HSS resources. You can: Create IAM users for employees based on the organizational structure of your enterprise.
Constraints The following permissions are required for IAM users to stop a scan: HSS permission: batch image scan (hss:images:set) or container asset management (hss:containers:set) For details about the authorization, see Using IAM to Grant Access to HSS.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
