检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Assigning Permissions to IAM Users Subscribing to an OCR Service as an IAM User Log in to the IAM console using a master account. Choose User Groups in the left navigation pane.
Granting an IAM User the Permissions to Create and List Buckets Scenario This topic describes how to grant an IAM user the permissions to create and list buckets. An IAM user with this permission can create and list buckets.
Common Errors Related to IAM Authentication Information When an API using IAM authentication is called, the following IAM authentication error may be encountered: Incorrect IAM authentication information: verify aksk signature fail Incorrect IAM authentication information: AK access
Common Errors Related to IAM Authentication Information When an API using IAM authentication is called, the following IAM authentication error may be encountered: Incorrect IAM authentication information: verify aksk signature fail Incorrect IAM authentication information: AK access
Solution To assign permissions to an IAM user for accessing and performing operations on the IAM console, create a user group, assign IAM permissions to the group, and add the IAM user to the group.
Creating an IAM User and Granting MRS Permissions Use IAM to implement fine-grained permission control over your MRS.
Granting an IAM User the Read Permissions on Specific Objects Scenario This topic describes how to grant an IAM user the read permissions on an object or a set of objects in an OBS bucket.
Parent topic: IAM Synchronization
Obtaining an IAM Project ID Obtaining an IAM Project ID by Calling an API You can obtain a project ID by calling the API used to query project information based on the specified criteria.
Table 5 users Parameter Type Description name String IAM username. links Object IAM user resource link information. domain_id String ID of the account used to create the IAM user. enabled Boolean Enabling status of the IAM user. true (default value) indicates that the user is enabled
The API for obtaining an IAM project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication.
All IAM Policies Are in Use Rule Details Table 1 Rule details Parameter Description Rule Name iam-policy-in-use Identifier iam-policy-in-use Description If an IAM policy has not been attached to any IAM users, user groups, or agencies, this policy is noncompliant.
All IAM Roles Are in Use Rule Details Table 1 Rule details Parameter Description Rule Name iam-role-in-use Identifier iam-role-in-use Description If an IAM role has not been attached to any IAM users, user groups, or agencies, this role is noncompliant.
Create a user group on the IAM console and grant the DLI ReadOnlyAccess permission to it. 2 Create a user and add them to the user group. Create a user on the IAM console and add them to the created user group. 3 Log in as the IAM user and verify permissions.
Relationship Between IAM Identities and Operators Huawei Cloud IAM provides the following types of identities: IAM users, IAM agencies, cloud service agencies, IAM Identity Center users, and federated users.
Figure 1 Going to the IAM user security settings page View the basic information about the IAM user. Modifying Basic Information About an Individual IAM User Log in to the IAM console as the administrator.
Ask the administrator to grant the corresponding system-defined MgC permissions and the iam:agencies:createAgency, iam:permissions:grantRoleToAgency, iam:roles:createRole, and iam:roles:updateRole permissions on the IAM console. Sign in as the IAM user and verify permissions.
Calling APIs Through IAM Authentication Token Authentication AK/SK Authentication
Granting UCS Permissions to IAM Users Application Scenarios UCS permissions management offers fine-grained control over permissions using IAM and Kubernetes RBAC. It also supports IAM-based fine-grained permissions control and IAM token-based authentication.
Recommended Configuration To grant resource-level permissions to an IAM user, use a bucket policy. Precautions After configuration, the IAM user can download objects using APIs or SDKs.
