检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to TaurusDB Creating a User and Granting TaurusDB Permissions Creating a TaurusDB Custom Policy
IAM User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys). API authentication requires information such as the account, username, and password.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Content-Type Yes String Content type. Value: application/json X-Language No String Request language type. The default value is en-us.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Content-Type Yes String Content type. Value: application/json X-Language No String Request language type. The default value is en-us.
IAM projects or enterprise projects: Type of projects in which policies can be used to grant permissions. A policy can be applied to IAM projects, enterprise projects, or both.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Content-Type Yes String Content type. Value: application/json X-Language No String Language.
To configure TDE, you must have the iam:agencies:createServiceLinkedAgencyV5 permission. If you do not have this permission, create a custom policy. You need to enable Key Management Service (KMS) for your DB instance first.
Configuring only the minimum permissions for IAM users with different roles To better isolate and manage permissions, you are advised to configure an independent IAM administrator and grant them the permission to manage IAM policies.
modify", "gaussdb:instance:delete", "vpc:publicIps:list", "vpc:publicIps:update" ], "Effect": "Allow" } ] } Parent Topic: Using IAM
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Content-Type Yes String Content type. Value: application/json X-Language No String Request language type. The default value is en-us.
Parent Topic: Using IAM to Grant Access to TaurusDB
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints: N/A Range: N/A Default value: N/A X-Language No String Definition: Request language type.
IAM users can use TaurusDB resources only after their accounts and passwords are verified. For details, see Creating an IAM User and Logging In.
actions: iam:agencies:listAgencies iam:roles:listRoles iam:permissions:listRolesForAgencyOnProject GaussDB FullAccess already contains the iam:agencies:listAgencies, iam:roles:listRoles, and iam:agencies:pass actions.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Content-Type Yes String Content type. Value: application/json X-Language No String Request language type. The default value is en-us.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate the calling of other APIs.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Content-Type Yes String Content type. Value: application/json X-Language No String Language.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints: N/A Range: N/A Default value: N/A X-Language No String Definition: Request language type.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Content-Type Yes String Content type. Value: application/json X-Language No String Language.
