检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Configuring Permissions in IAM Creating a User and Granting Permissions SWR Custom Policies SWR Resources Parent Topic: Permissions Management
Why Cannot IAM Users Configure Image Synchronization? Currently, only accounts and IAM users with administrator permissions can configure image synchronization. Parent topic: Image Synchronization
To grant an IAM user permission to access dependent cloud services of SWR, you must have the IAM role Security Administrator. Fine-grained HSS Authorization Log in to the management console.
With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SWR resources.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Example: swr:*:*:namespace:test*: organization whose name starts with test swr:*:*:namespace:test: organization whose name is test Parent Topic: Configuring Permissions in IAM
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Tag-based Fine-Grained Authorization Scenarios After creating a custom policy for the SWR Enterprise Edition on the IAM console, you can add tags for namespaces and repositories.
"StringEquals": { "g:SourceVpc": [ "0bfdf87b-7789-4851-801e-8e726b82beae" ] } } }, { "Effect": "Allow", "Action": [ "swr::createLoginSecret" ] } ] } Parent Topic: Configuring Permissions in IAM
SWR Permissions Overview There are three types of SWR permissions: IAM permissions: Create IAM users and grant them permissions to use SWR. Image permissions: After creating an IAM administrator, you can grant image access permissions to other IAM users.
For more information, see: Public Network Access Private Network Access Constraints To obtain the subnet list of a VPC, IAM users must have the VPC ReadOnlyAccess permission. Use your account to log in to IAM and grant this permission to IAM users. Parent topic: Access Control
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
On the displayed API Credentials page, view the IAM username and IAM user ID. Figure 1 API credentials Parent topic: Appendixes
On the displayed API Credentials page, view the IAM username and IAM user ID. Figure 1 API credentials Parent Topic: Appendixes
With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing SWR resources.
With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing SWR resources.
IAM users must be added to a user group to obtain the permissions assigned to the user group. If a user is added to multiple user groups, the user inherits the permissions assigned to all these groups. IAM role IAM roles are IAM users with special permissions.
Authorization Methods In SWR, you can grant permissions to IAM users in either of the following ways: Grant permissions for a specific image to allow IAM users to read, edit, and manage the image.
IAM helps you secure access to your Huawei Cloud resources. With IAM, you can create IAM users and grant them permission to access only specific resources.
In addition to assigning permissions to users in IAM, the administrator can add, modify, and delete permissions for IAM users on the image details page of the SWR console.
