检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Configuring Permissions in IAM Creating a User and Granting Permissions SWR Custom Policies SWR Resources Parent Topic: Permissions Management
Why Cannot IAM Users Configure Image Synchronization? Currently, only accounts and IAM users with administrator permissions can configure image synchronization. Parent topic: Image Synchronization
With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
To grant an IAM user permission to access dependent cloud services of SWR, you must have the IAM role Security Administrator. Fine-grained HSS Authorization Log in to the management console.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Example: swr:*:*:namespace:test*: organization whose name starts with test swr:*:*:namespace:test: organization whose name is test Parent Topic: Configuring Permissions in IAM
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Tag-based Fine-Grained Authorization Scenarios After creating a custom policy for the SWR Enterprise Edition on the IAM console, you can add tags for namespaces and repositories.
"StringEquals": { "g:SourceVpc": [ "0bfdf87b-7789-4851-801e-8e726b82beae" ] } } }, { "Effect": "Allow", "Action": [ "swr::createLoginSecret" ] } ] } Parent Topic: Configuring Permissions in IAM
SWR Permissions Overview There are three types of SWR permissions: IAM permissions: Create IAM users and grant them permissions to use SWR. Image permissions: After creating an IAM administrator, you can grant image access permissions to other IAM users.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
The token can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing SWR resources.
With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing SWR resources.
IAM users must be added to a user group to obtain the permissions assigned to the user group. If a user is added to multiple user groups, the user inherits the permissions assigned to all these groups. IAM role IAM roles are IAM users with special permissions.
The token can be obtained through the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
IAM helps you secure access to your Huawei Cloud resources. With IAM, you can create IAM users and grant them permission to access only specific resources.
With IAM, you can use your account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
The token can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token.
