检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
If your Huawei Cloud account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Preparations Preparing a Huawei Account Before using MgC, prepare a HUAWEI ID or an IAM user that can access MgC and obtain an AK/SK pair for the account or IAM user. For details about how to obtain an access key, see Preparations.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Introduction You can use Identity and Access Management (IAM) for fine-grained permissions management of your EIP. If your HUAWEI ID does not need individual IAM users, you can skip this section. By default, new IAM users do not have permissions assigned.
If your Huawei ID does not need individual IAM users, then you may skip over this section. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups.
Possible causes: Your IAM agency quota has been used up. On the Quotas page of the IAM console, check whether the agency quota has been used up. If yes, delete unnecessary agencies or submit a service ticket to increase the quota. You are an IAM user.
Prerequisites A Huawei Cloud account or IAM user that has passed real-name authentication is available. Parent topic: Tenant Management
Prerequisites A Huawei Cloud account or IAM user that has passed real-name authentication is available. Parent topic: Viewing Dashboards
During remote logins, you can select local, IAM, or admin login mode. In local or IAM login mode, use the accounts as required. In admin login mode, you can log in to a bastion host as user admin without entering passwords.
An IAM policy with the action element set to *:*:*, *:*, or * is of high security risk. Solution The administrator can modify noncompliant IAM policies or roles. For more details, see Modifying or Deleting a Custom Policy.
Using OBS Browser+ OBS Browser+ is a GUI client for easily managing data stored in OBS. It can be used on Windows 10, macOS, and Windows Server 2016. The following describes how to use basic functions on OBS Browser+, including creating a bucket (test-example-bucket as an example)
IAM Identity Center automatically synchronizes the account permission information to IAM without the complexity of managing individual accounts.
Changing the Identity Source Enabling and configuring ABAC in IAM Identity Center IAM Identity Center as identity source: Enable ABAC on the IAM Identity Center console and add user attributes for configuring ABAC.
IAM Identity Center supports identity federation with Security Assertion Markup Language (SAML). IAM Identity Center adds SAML IdP capabilities to either your IAM Identity Center identity store or external identity provider (IdP) applications.
OBT What Is IAM Identity Center?
Permissions Management Creating a User and Granting IAM Identity Center Permissions Creating IAM Custom Policies for IAM Identity Center
Regions for Using SCPs SCPs are available in the following regions: Regions for using SCPs also support the use of IAM identity policies.
You can set the duration as follows: If you use an external identity provider (IdP) as the identity source of IAM Identity Center, the duration of the user portal session is the shorter one that you set in the IdP or IAM Identity Center.
This happens when your identity authentication on the IAM console fails. To resolve this problem, perform the following steps: Contact the security administrator of the tenant to log in to the IAM console. Check whether the user corresponding to the AK is disabled.
