检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Granting Permissions to Use WAF Using IAM Using IAM Roles or Policies to Grant Access to WAF Using IAM Identity Policies to Grant Access to WAF Parent Topic: Permissions Management
Using IAM Roles or Policies to Grant Access to WAF If you want to manage the permissions of roles and policies in WAF, you can use Identity and Access Management (IAM).
For details about all the permissions supported by IAM, see Permissions. Authorization Process Figure 1 Process for granting WAF permissions On the IAM console, create an IAM user or create a user group. Log in to the IAM console to create a user or user group.
This parameter is returned only when an IAM 5 authentication error occurs. details Array of IAM5ErrorDetails objects The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.
This parameter is returned only when an IAM 5 authentication error occurs. details Array of IAM5ErrorDetails objects The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.
These dependency policies will allow the IAM user to access resources of other cloud services.
Please check the current user's IAM permissions." is displayed when a user attempted to access the Dedicate Engine page under Instance Management. Possible Cause The IAM ReadOnly permission is not granted to the login account.
The permissions are as follows: iam:agencies:listAgencies iam:agencies:getAgency iam:permissions:listRolesForAgency iam:permissions:listRolesForAgencyOnProject iam:permissions:listRolesForAgencyOnDomain For details, see Creating a User Group and Granting Permissions.
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
Sharing WAF Among Multiple IAM Users Assume that you have created an account, domain1, by registering with Huawei Cloud, and used domain1 to create two IAM users, sub-user1a and sub-user1b, in IAM.
This parameter is returned only when an IAM 5 authentication error occurs. details Array of IAM5ErrorDetails objects The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.
Creating a User Group and Granting Permissions This topic describes how to use IAM to implement fine-grained permissions control for your WAF resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to WAF resources. Grant only the permissions required for users to perform a task.
An account can allocate funds to IAM users so that IAM users can manage resources independently. Both an account and its IAM user can create IAM users. An account can only manage its own IAM users but cannot manage the IAM users of other accounts.
To learn more about how IAM is different from Organizations for access control, see How IAM Is Different from Organizations for Access Control?. This section describes the elements used by IAM custom identity policies and Organizations SCPs.
The following provides an example request with a body included. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
Identity and Access Management (IAM) is a basic service of Huawei Cloud that provides permissions management to help you securely control access to the WAF service. With IAM, you can add users to a user group and configure policies to control their access to WAF resources.
For the API for creating an IAM user as the administrator, the following message body is returned.
With IAM, you can control access to specific Huawei Cloudcloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
The IAM system role Security Administrator is required for first-time buyers. For non-first-time buyers, you need to assign IAM system policy IAM ReadOnlyAccess or custom permissions to them.
