检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM User and Granting TaurusDB Permissions This section describes how to use IAM for fine-grained permissions control over your TaurusDB resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Using IAM to Grant Access to TaurusDB Creating an IAM User and Granting TaurusDB Permissions Creating a TaurusDB Custom Policy
Prerequisites To use DBA Assistant of HTAP Standard Edition on the console, IAM users must have the GaussDB FullAccess, DAS FullAccess, DAS Administrator, and CES FullAccess permissions. To grant these permissions, see Creating an IAM User and Granting TaurusDB Permissions.
Prerequisites To use DBA Assistant on the TaurusDB console, IAM users must have the GaussDB FullAccess, DAS FullAccess, DAS Administrator, and CES FullAccess permissions. For details, see Creating an IAM User and Granting TaurusDB Permissions.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints N/A Range N/A Default Value N/A X-Language No String Definition Request language type.
IAM User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys). API authentication requires information such as the account, username, and password.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints N/A Range N/A Default Value N/A X-Language No String Definition Request language type.
IAM projects or enterprise projects: Type of projects in which policies can be used to grant permissions. A policy can be applied to IAM projects, enterprise projects, or both.
To configure TDE, you must have the iam:agencies:createServiceLinkedAgencyV5 permission. If you do not have this permission, create a custom policy. You need to enable KMS for your DB instance first. The data keys used for encryption are generated and managed by KMS.
Configuring only the minimum permissions for IAM users with different roles To better isolate and manage permissions, you are advised to configure an independent IAM administrator and grant them the permission to manage IAM policies.
modify", "gaussdb:instance:delete", "vpc:publicIps:list", "vpc:publicIps:update" ], "Effect": "Allow" } ] } Parent Topic: Using IAM
Table 1 Common query actions Permission API Action IAM Project Enterprise Project Querying the DB engine version GET /v3/{project_id}/datastores/{database_name} gaussdb:instance:list √ √ Querying database specifications GET /v3/{project_id}/flavors/{database_name} gaussdb:instance
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints N/A Range N/A Default Value N/A X-Language No String Definition Request language type.
IAM users can use TaurusDB resources only after their accounts and passwords are verified. For details, see Creating an IAM User and Logging In.
actions: iam:agencies:listAgencies iam:roles:listRoles iam:permissions:listRolesForAgencyOnProject TaurusDB FullAccess already contains the iam:agencies:listAgencies, iam:roles:listRoles, and iam:agencies:pass actions.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints N/A Range N/A Default Value N/A X-Language No String Definition Request language type.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints N/A Range N/A Default Value N/A X-Language No String Definition Request language type.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
To obtain this value, call the IAM API for obtaining a user token. The value of X-Subject-Token in the response header is the token value. Constraints N/A Range N/A Default Value N/A X-Language No String Definition Request language type.
