检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Table 1 User types and their sources on the O&M Engineer Management page User Type User Data Source Common IAM user Synchronized from IAM IAM Federated User (IAM User SSO) Synchronized from IAM IAM federated user (Virtual User SSO) Manually added on the O&M engineer page IAM Identity
and custom identity policies: "iam:policies:createV5", "iam:policies:listV5", "iam:groups:attachPolicyV5", "iam:groups:detachPolicyV5", "iam:policies:deleteV5", "iam:policies:listVersionsV5", "iam:policies:createVersionV5", "iam:policies:deleteVersionV5" Precautions By default,
Figure 1 Enabling COC and obtaining required permissions Table 1 Permissions in ServiceAgencyForCOC Permission Description Project [Region] Scenario IAM ReadOnlyAccess Read-only permissions for IAM Global service [Global] Used to read personnel information under an IAM account in
For the API for creating an IAM user as an administrator, the message header shown in Figure 1 is returned.
Currently, COC supports IAM login, IAM federated user login (including IAM user SSO and virtual user SSO), and login via IAM Identity Center. Login via IAM agencies is not supported.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Access Control You can use IAM to securely control access to your COC resources. For more information about IAM and COC permissions management, see Permissions Management. Parent topic: Security
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Figure 12 Creating an Identity Policy for a Tenant Agency In the navigation pane of the new IAM console, choose Agencies.
FAQs About Basic Configurations How Do I Log In to COC as a Non-Common IAM User?
Table 5 ReviewerInfo Parameter Mandatory Type Description reviewer_name Yes String Definition: Reviewer name (IAM username). Constraints: IAM username. Value range: N/A. Default value: N/A. reviewer_id Yes String Definition: Reviewer ID (IAM user ID). Constraints: IAM user ID.
The API used to obtain a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Table 4 ReviewerInfo Parameter Mandatory Type Description reviewer_name Yes String Definition: Reviewer name (IAM username). Constraints: IAM username. Value range: N/A. Default value: N/A. reviewer_id Yes String Definition: Reviewer ID (IAM user ID). Constraints: IAM user ID.
Table 7 ReviewerInfo Parameter Type Description reviewer_name String Definition: Reviewer name (IAM username). Constraints: IAM username. Value range: N/A. Default value: N/A. reviewer_id String Definition: Reviewer ID (IAM user ID). Constraints: IAM user ID. Value range: N/A.
Adding a policy to a user: On the IAM console, choose Users user and add permissions, select the policy created in the previous step, and click Next to complete permissions adding.
If you go to the Secure Score area on the Overview page by creating an IAM 3.0 delegation and switching the role, and set the policy authorization scope to global service resources, you need to add the SecMaster ReadOnlyAccess-All resources authorization for the delegation.
Switch to the SRE account. 400 COC.00195008 Failed to obtain IAM data. Failed to obtain IAM data. Contact COC O&M personnel. 400 COC.00227002 The SLA template does not exist. The SLA template does not exist.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
Default value: N/A. x-user-profile No String Definition: IAM 5.0 user information. Constraints: N/A. Value range: N/A. Default value: N/A.
