检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Can I Enable IoTDA for IAM Users or Sub-Projects? Which Regions of Huawei Cloud Are Supported by the IoT Platform? Does Huawei Provide Modules, Hardware Devices, and Application Software? What Should I Do If I Want to Call an API But Have No Permissions to Do So as an IAM User?
Can I Enable IoTDA for IAM Users or Sub-Projects? 1. You can enable IoTDA as an IAM user. However, the enabled IoTDA service belongs to the IAM master account. That is, the master account is the payment entity. 2. IoTDA cannot be enabled for sub-projects created using IAM.
To assign permissions of the IoTDA FullAccess policy to the user group that the IAM user belongs to, do as follows: Procedure: Visit IAM and click Try Free to access the IAM console. In the navigation pane, choose User Groups. Click Authorize in the row of the target user group.
When you use the new domain name, the IAM API for authentication is called, and the Huawei Cloud account and password need to be carried in the request.
Granting Permissions Using IAM Agency Authorization
On the IAM console, choose Agencies, locate the iotda_admin_trust agency, and grant KMS Administrator and OBS OperateAccess permissions to the agency.
{Endpoint} indicates the endpoint of IAM, which can be obtained from Platform Connection Information. For details about API authentication, see Authentication.
"iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:checkRoleForAgencyOnProject", "iam:permissions:checkRoleForAgencyOnDomain", "iam:roles:createRole", "iam:roles:listRoles",
Figure 2 Creating a data subscription - AOM When configuring DMS subscription for the first time, you need to configure an IAM agency. For details, see How Do I Create the apm_admin_trust Agency?
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. Users An Identity and Access Management (IAM) user is created by an account to use cloud services.
On the IAM console, choose Agencies, locate the iotda_admin_trust agency, and grant KMS Administrator and OBS OperateAccess permissions to the agency.
Debugging the API Obtaining the Token for an IAM User Before using platform APIs, an application must call the API Obtaining the Token of an IAM User for authentication. After the authentication is successful, Huawei Cloud returns X-Subject-Token.
Roles are provided by IAM to define service-based permissions that match user's job responsibilities.
IAM users can be granted permissions to access all resources in a specific project. Edge node An open platform located close to devices or data sources.
Creating a User and Granting IoTDA Permissions You can use Identity and Access Management (IAM) for fine-grained permissions control for your IoTDA resources. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
After configuring Postman, debug the following APIs when the application simulator connects to IoTDA using HTTPS: Obtaining the Token for an IAM User Listing Projects Accessible to an IAM User Creating a Product Querying a Product Creating a Device Querying a Device Advanced Experience
The application needs to be authenticated by the IAM service. To obtain a token, see Debugging the API Obtaining the Token for an IAM User. Application Development Resources The platform provides a wealth of application-side APIs to ease application development.
After you agree to the authorization, IoTDA creates an agency named iotda_admin_trust in IAM, after the authorization is successful, you can view the created agency in the agency list on the IAM console. Parent topic: Granting Permissions Using IAM
An agency named iotda_admin_trust is created on the Identity and Access Management (IAM) console and an administrator role is bound by default. Figure 1 Agency - iotda_admin_trust Parent topic: Rules
IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by IoTDA to the user group.
