检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The token can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token. For details about how to obtain a user token, seeObtaining a User Token.
When a custom KMS key in a non-default IAM project is used to encrypt objects, only the key owner can upload or download the encrypted objects. When the default KMS key in a region is used to encrypt an object, this default key belongs to the object owner.
You need to create an agency on the IAM console. This field is mandatory when a function needs to access other services.
or How Do I Create an AK/SK Pair for an IAM User? SMS does not support AK/SK-based authentication for federated users (virtual users). Ensure that the source server OS is supported by SMS. See Supported Linux OSs.
The IAM service provides fine-grained access control. On IAM, the administrator (that is, a user in the admin user group) can create a custom policy containing various required permissions.
For details, see Interconnecting an MRS Cluster with OBS Using an IAM Agency. To bind an agency to an MRS cluster, you need to create an IAM agency with required permissions in advance. By default, the system generates an MRS_ECS_DEFAULT_AGENCY agency.
agencies:listV5 iam:agencies:getV5 iam:agencies:createServiceLinkedAgencyV5 iam:roles:getRole iam:roles:listRoles iam:agencies:getAgency iam:agencies:listAgencies iam:agencies:createAgency iam:permissions:listRolesForAgencyOnProject iam:permissions:grantRoleToAgencyOnProject GET
You can grant fine-grained permission policies to IAM user groups. IAM provides identity authentication, permissions management, and access control, helping you secure access to your HUAWEI CLOUD resources. Commercial use Permissions Management January 2020 No.
To configure a lifecycle rule for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutLifecycleConfiguration in IAM or PutLifecycleConfiguration in a bucket policy).
Request Parameters Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header).
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header).
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header).
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header).
Restrictions To obtain object metadata, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
To configure a lifecycle rule for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutLifecycleConfiguration in IAM or PutLifecycleConfiguration in a bucket policy).
Restrictions To list multipart uploads, you must be the bucket owner or have the required permission (obs:bucket:ListBucketMultipartUploads in IAM or ListBucketMultipartUploads in a bucket policy).
Restrictions To obtain object metadata, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
IAM is recommended for granting permissions. For details, see IAM Custom Policies. To learn about the mappings between OBS regions and endpoints, see Regions and Endpoints.
The agency is created by the tenant administrator on the IAM console. If you have created an agency in IAM, you can select the agency from the drop-down list. If you have no agency, click Create Agency to create one. Currently, agencies are mainly used for server monitoring.
Prerequisites The IAM users have been synchronized in advance. You can do this by clicking Synchronize next to IAM User Sync on the Dashboard page of the cluster details. You have logged in to MRS Manager. For how to log in, see Accessing MRS Manager.
