检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
ReadOnlyAccess permissions (read-only permissions on IAM) to IAM users to obtain the IAM user list.
Granting UCS Permissions to IAM Users Application Scenarios UCS permissions management offers fine-grained control over permissions using IAM and Kubernetes RBAC. It also supports IAM-based fine-grained permissions control and IAM token-based authentication.
Why Can't an IAM User Obtain Cluster or Fleet Information After Logging In to UCS? Symptom After an IAM user logs in to the UCS console and goes to the Fleets page, information about the created fleet and registered clusters cannot be obtained.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
UCS.00010012 400 IAM agency quota insufficient, please expand agency quota IAM agency quota exceeded. UCS.00010013 400 fail to get iam pdp authorize result Failed to obtain the PDP authentication result. UCS.00010014 403 iam pdp authentication denied PDP authentication rejected.
UCS.00010012 400 IAM agency quota insufficient, please expand agency quota IAM agency quota exceeded. Submit a service ticket to increase the agency quota. UCS.00010013 400 fail to get iam pdp authorize result Failed to obtain the PDP authentication result.
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
API to obtain the IAM token.
Ensure that the IAM domain name resolution and the IAM service connectivity are normal.
Ensure that the IAM domain name resolution and the IAM service connectivity are normal.
Figure 4 Choosing general settings Click Service Endpoints, click Create Service Endpoint, and select IAM user from the drop-down list. Figure 5 Configuring a service endpoint Configure IAM information for the service endpoint. For details, see Table 1.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Administrator: Performing IAM Authorization The administrator with the Tenant Administrator role performs IAM authorization for each functional team by creating four user groups, granting the UCS FullAccess, UCS CommonOperations, UCS CIAOperations, and UCS ReadOnlyAccess permissions
figure shows the permissions management flow of a new IAM user.
ReadOnlyAccess permissions (read-only permissions on IAM) to IAM users to obtain the IAM user list.
verbs: - list - get Replace <user-id> with the IAM user ID and <group-id> with the IAM user group ID.
ReadOnlyAccess permissions (read-only permissions on IAM) to IAM users to obtain the IAM user list.
domain ID IAM_DOMAIN_ID: # IAM service address IAM_ENDPOINT: Parent topic: Managing an On-Premises Cluster
Authentication and Access UCS provides refined permission management based on the role access control (RBAC) capability of IAM and Kubernetes. Permission control can be implemented by UCS service resource and Kubernetes resource in a cluster.
Permissions Granting UCS Permissions to IAM Users
