检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
How Do I Grant Cloud Service Permissions in the EU-Dublin Region to IAM Users? Why Have Permissions Granted to a User Not Been Applied? What Should I Do If an IAM User Does Not Have the Required Permissions to Access the IAM Console?
Figure 1 Content of the IAM ReadOnlyAccess policy { "Version": "1.1", "Statement": [ { "Action": [ "iam:*:get*", "iam:*:list*", "iam:*:check*" ], "Effect": "Allow" } ] }
For details about the two services, see What Are the Differences Between IAM and Enterprise Management? Solution to requirement 2: In IAM, company A creates IAM users for employees and adds the IAM users to different groups.
Project Management What Are the Differences Between IAM and Enterprise Management? What Are the Differences Between IAM Projects and Enterprise Projects? What Are the Differences Between IAM Users and Enterprise Member Accounts?
These settings take effect for both your account and the IAM users created using the account. Only the administrator can configure the login authentication policy, and IAM users can only view the configurations.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
User Group Management Listing User Groups Querying User Group Details Creating a User Group Updating User Group Information Deleting a User Group Checking Whether an IAM User Belongs to a User Group Adding an IAM User to a User Group Removing an IAM User from a User Group Parent topic
You can view the agency in the agency list on the IAM console. Creating a Cloud Service Agency on the IAM Console Log in to the IAM console. On the IAM console, choose Agencies from the navigation pane, and click Create Agency. Enter an agency name.
Request URL The request URL is in the format "https://IAM region and endpoint/API URI". Obtain the IAM region and endpoint from Regions and Endpoints. Figure 1 IAM regions and endpoints Obtain the API URI from Obtaining a User Token.
This parameter is valid only when subject is set to user or subject.user_id is specified. true: Query authorization records of IAM users and user groups which the IAM users belong to. false: Only query authorization records of IAM users. page No Integer Page number for pagination
Solution Account A creates an agency on the IAM console to authorize account B to manage its resources. Account B assigns permissions to its IAM users to manage account A's resources specified in the agency. Account A can modify or delete the agency at any time.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI DELETE /v3.0/OS-MFA/virtual-mfa-devices Table 1 Query parameters Parameter Mandatory Type Description user_id Yes String ID of the IAM user whose MFA device is to be deleted.
For example: "uri": ["/iam/agencies/agencyTest"] Example Request Request to modify the custom policy IAMAgencyPolicy for the agency whose URI is /iam/agencies/agencyTest to take effect for global services.
For details about IAM operations that can be recorded by CTS, see "IAM operations that can be recorded by CTS" in Enabling CTS. After you enable CTS and create and configure a tracker, CTS starts to record operations for auditing. For details, see Enabling CTS.
Only the administrator can configure the password policy, and IAM users can only view the configurations. If an IAM user needs to modify the configurations, the user can request the administrator to perform the modification or grant the required permissions.
Account A creates an agency in IAM to delegate resource access to account B. Figure 1 (Account A) Creating an agency (Optional) Account B assigns permissions to an IAM user to manage specific resources for account A.
IAM user SSO After a federated user logs in to Huawei Cloud, the system automatically maps the external identity ID to an IAM user so that the federated user has the permissions of the mapped IAM user.
The value can be true or false. manage_email boolean Specifies whether IAM users are allowed to change their email addresses. The value can be true or false. manage_mobile boolean Specifies whether IAM users are allowed to change their mobile numbers.
IAM user login: IAM users are created by an administrator to use specific cloud services. IAM user: An account and IAM users have a parent-child relationship. IAM users can only use specific cloud services based on assigned permissions.
IAM projects are different from enterprise projects. For details about their differences, see What Are the Differences Between IAM Projects and Enterprise Projects? Figure 1 Project isolation Resources cannot be transferred across IAM projects.
