检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to HSS Creating a User and Granting Permissions HSS Custom Policies HSS Actions
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
For details about how to grant permissions, see Assigning Permissions to an IAM User. Parent topic: Others
IAM provides identity authentication, permissions management, and access control, helping you efficiently manage access to your HSS resources. For details, see HSS Permissions Management.
Preparations If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
To view the delegation records of each region, go to the IAM console, choose Agencies, and click hss_policy_trust. Table 1 describes the cloud service resource permissions that HSS needs you to assign.
In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions: IAM permissions: Tenant Administrator or CCE Administrator. Namespace permissions (authorized by Kubernetes RBAC): O&M permissions.
If your Huawei Cloud account does not need individual IAM users, then you may skip over this section. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups.
Related Services You can use SMN to receive alarm notifications, IAM service to manage user permissions, and Cloud Trace Service (CTS) to audit user behaviors.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see What Is IAM? HSS Permissions By default, new IAM users do not have permissions assigned.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
On the Permissions tab, click Authorize User Group to go to the User Groups page on the IAM console. Associate the enterprise project with a user group and assign permissions to the group. For details, see Creating a User Group and Assigning Permissions in the IAM help.
"Action": [ "hss:hosts:switchVersion", "hss:hosts:manualDetect", "hss:manualDetectStatus:get" ] } ] } Parent Topic: Using IAM
Preparations If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
Identity Authentication and Access Control Identity and Access Management (IAM) provides refined permissions management for HSS resources. You can: Create IAM users for employees based on the organizational structure of your enterprise.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. Response Parameters Status code: 200 Request succeeded.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Parent Topic: Using IAM to Grant Access to HSS
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
