检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details about IAM operations that can be recorded by CTS, see "IAM operations that can be recorded by CTS" in Key IAM Operations Supported by CTS. After you enable CTS and create and configure a tracker, CTS starts to record operations for auditing.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
If you enable this option, the setting will take effect only for IAM users created using your account. If an IAM user is disabled, the user can request the administrator to enable their account again.
Project Management What Are the Differences Between IAM and Enterprise Management? What Are the Differences Between IAM Projects and Enterprise Projects? What Are the Differences Between IAM Users and Enterprise Member Accounts?
Request URL The request URL is in the format "https://IAM region and endpoint/API URI". Obtain the IAM region and endpoint from Regions and Endpoints. Figure 1 IAM regions and endpoints Obtain the API URI from Obtaining a User Token.
This parameter is valid only when subject is set to user or subject.user_id is specified. true: Query authorization records of IAM users and user groups which the IAM users belong to. false: Only query authorization records of IAM users. page No Integer Page number for pagination
Solution Account A creates an agency on the IAM console to authorize account B to manage its resources. Account B assigns permissions to its IAM users to manage account A's resources specified in the agency. Account A can modify or delete the agency at any time.
You can view the agency in the agency list on the IAM console. Creating a Cloud Service Agency on the IAM Console Log in to the IAM console. On the IAM console, choose Agencies from the navigation pane, and click Create Agency. Enter an agency name.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI DELETE /v3.0/OS-MFA/virtual-mfa-devices Table 1 Query parameters Parameter Mandatory Type Description user_id Yes String ID of the IAM user whose MFA device is to be deleted.
For example: "uri": ["/iam/agencies/agencyTest"] Example Request Request to modify the custom policy IAMAgencyPolicy for the agency whose URI is /iam/agencies/agencyTest to take effect for global services.
IAM user SSO After a federated user logs in to Huawei Cloud, the system automatically maps the external identity ID to an IAM user so that the federated user has the permissions of the mapped IAM user.
Belongs to a User Group - KeystoneCheckUserInGroup Adding an IAM User to a User Group - KeystoneAddUserToGroup Removing an IAM User from a User Group - KeystoneRemoveUserFromGroup Parent topic: API
Account A creates an agency in IAM to delegate resource access to account B. Figure 1 (Account A) Creating an agency (Optional) Account B assigns permissions to an IAM user to manage specific resources for account A.
Only the administrator and an entrusted identity can configure the password policy, and IAM users can only view the configurations.
IAM user login: IAM users are created by an administrator to use specific cloud services. IAM user: An account and IAM users have a parent-child relationship. IAM users can only use specific cloud services based on assigned permissions.
Prerequisites Before creating a user group, learn about the following: Basic concepts of permissions System-defined permissions provided by IAM Video Tutorial Creating a User Group Log in to the IAM console as the administrator.
Table 14 token.assumed_by.user Parameter Type Description name String IAM username. id String IAM user ID. domain Object Account information about delegated party B. password_expires_at String Password expiration time of the IAM user.
IAM projects are different from enterprise projects. For details about their differences, see What Are the Differences Between IAM Projects and Enterprise Projects? Figure 1 Project isolation Resources cannot be transferred across IAM projects.
If an IAM user or a federated user accesses Huawei Cloud through a proxy server, set the allowed IP addresses, address ranges or CIDR blocks based on the proxy IP address.
Constraints An IAM user can have only one virtual MFA device added. An IAM user can have a maximum of eight security keys added. Parent topic: MFA Authentication
