检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to GeminiDB Redis API Creating a User and Granting GeminiDB Redis API Permissions Custom Policies of GeminiDB Redis API Parent Topic: Working with GeminiDB Redis API
Using IAM to Grant Access to GeminiDB HBase API Creating a User and Granting Permissions to Use GeminiDB HBase API Custom Policies for GeminiDB HBase API Parent Topic: Working with GeminiDB HBase API
Using IAM to Grant Access to GeminiDB DynamoDB-Compatible API Creating a User and Granting Permissions to Use GeminiDB DynamoDB-Compatible API Custom Policies for GeminiDB DynamoDB-Compatible API Parent Topic: Working with GeminiDB DynamoDB-Compatible API
The added IAM user is displayed in the user list. Use the added IAM user to log in to Huawei Cloud Astro Zero. Log in to the Huawei Cloud Astro Zero console as the added IAM user. Figure 2 Logging in as an IAM user On the homepage, access an environment as required.
X-Auth-Token No String IAM user token, federated user token, or agency token. Specify either X-Auth-Token or Authorization (recommended). You can obtain the token from X-Subject-Token by calling the API for obtaining an IAM user token or agency token.
Updating the Mapping Between a User (Group) and an IAM Agency Function This API is used to update the mapping between a user or user group and an IAM agency. Constraints None Debugging You can debug this API in API Explorer. Automatic authentication is supported.
If your Huawei Cloud account does not need individual IAM users, then you may skip over this section. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups.
For IAM users created on the new IAM console, the access method depends on the credential types of the users. If you set a console password when creating an IAM user, the IAM user can access Huawei Cloud through the console.
Querying the Mapping Between a User (Group) and an IAM Agency Function This API is used to obtain details about the mapping between a user or user group and an IAM agency. Constraints None Debugging You can debug this API in API Explorer. Automatic authentication is supported.
Read - - iam:users:getUser iam:users:update Grants permission to update a user. Write - - iam:users:updateUser iam:users:list Grants permission to list users. List - - iam:users:listUsers iam:users:delete Grants permission to delete a user.
An example is given as follows: obs:*:*:object:my-bucket/my-object/* (indicating any object in the my-object directory of bucket my-bucket) Parent Topic: Configuring IAM Permissions
Access Control Policies Supported by IAM An IAM principal can perform operations and access APIs in an account. Principals include IAM users, agencies, and trust agencies.
Permissions Management via IAM Using IAM Roles to Grant Access to CodeArts PerfTest Using IAM Identity Policies to Grant Access to CodeArts PerfTest
Precautions If an IAM user is authorized for an action through both IAM and EPS, the authorization result is subject to IAM configuration. Examples: 1.
APIs using the IAM authentication mode can be authorized only to apps of the IAM type. IAM: APIs using IAM authentication can be authorized to apps of this type. The name of an app of the IAM type is fixed at the a Huawei account.
After you agree to the authorization, IoTDA creates an agency named iotda_admin_trust in IAM, after the authorization is successful, you can view the created agency in the agency list on the IAM console. Parent topic: Granting Permissions Using IAM
Granting Permissions Using IAM Agency Authorization
Process Flow Figure 1 Process of granting DAS permissions On the IAM console, create an IAM user or create a user group. Create a user or user group on the IAM console. Attach a system-defined identity policy to the user or user group.
Resource isolation IAM allows you to create multiple projects in a region for resource isolation. An IAM project can contain resources of only one region.
What Are the Differences Between IAM Users and Enterprise Member Accounts? See What Are the Differences Between IAM Users and Enterprise Member Accounts? Parent topic: Common Issues
