检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM User and Granting SFS Turbo Permissions This section describes how to use IAM to implement fine-grained permissions control for your SFS Turbo resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Using IAM to Grant Access to APM Using IAM Roles or Policies to Grant Access to APM Using IAM Identity Policies to Grant Access to APM
Step 4: Create a Non-administrator IAM User This topic walks you through how to create a non-administrator IAM user. IAM authentication is used for tenant log collection.
Parent topic: IAM User Management
Parent topic: IAM User Management
Parent topic: IAM User Management
Querying the User Groups Which an IAM User Belongs to Function This API can be used by the administrator to query the groups of a specified IAM user or used by an IAM user to query their own groups.
ALM-45743 Failed to Call the IAM API This section applies only to MRS 3.1.5 or later. Alarm Description This alarm is generated when Guardian fails to call the IAM API to obtain a temporary AK/SK.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user is assigned their own unique credentials for accessing CSS resources.
With IAM, you can: Create IAM users for employees. In this way, each IAM user has a unique security credential to use Huawei Cloud Astro Zero resources. Grant only the permissions required for users to perform a specific task.
Creating a User and Adding the User to a User Group On the IAM console, create an IAM user and add it to the user group created in 1. Log in as an IAM user and verify the permissions.
Using IAM Identity Policies to Grant Permissions to Use Huawei Cloud Astro Zero System-defined permissions in identity policy-based authorization provided by IAM let you control access to Huawei Cloud Astro Zero. With IAM, you can: Create users or user groups for employees.
What Are the Differences Between IAM Projects and Enterprise Projects? IAM Projects IAM projects can group and physically isolate resources. Resources cannot be transferred between IAM projects, but can only be deleted and then created or purchased again.
What Are the Differences Between IAM Projects and Enterprise Projects? IAM Projects An IAM project can contain resources of only one region. You cannot transfer resources between IAM projects. Enterprise Projects An enterprise project can contain resources of different regions.
If the delegator account deletes the agency from IAM after cross-account ingestion is configured, LTS will not detect the deletion and the ingestion configuration will continue to take effect.
agencies:list (Querying agencies based on specified conditions) iam:roles:list (Listing permissions) iam:quotas:list (Listing quotas) iam:agencies:listRoles (Listing permissions of an agency) iam:agencies:create (Creating an agency) iam:agencies:grantRole (Granting specified permissions
Can I Enable IoTDA for IAM Users or Sub-Projects? 1. You can enable IoTDA as an IAM user. However, the enabled IoTDA service belongs to the IAM master account. That is, the master account is the payment entity. 2. IoTDA cannot be enabled for sub-projects created using IAM.
agencies:listAgencies (Querying agencies based on specified conditions) iam:roles:listRoles (Listing permissions) iam:quotas:listQuotas (Listing quotas) iam:permissions:listRolesForAgency (Listing permissions of an agency) iam:agencies:createAgency (Creating an agency) iam:permissions
In IAM user SSO, the IdP user has a IAM user mapped by external identity ID on the IAM console. 3. Permissions assignment in IAM: In virtual user SSO, the permissions of the IdP user are defined by the identity conversion rule.
Querying the Enterprise Projects Directly Associated with an IAM User Function This API is used to query the enterprise projects directly associated with an IAM user. The API can be called using both the global endpoint and region-specific endpoints.
