检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
(Administrator) Enabling login protection for an IAM user To enable login protection for an IAM user, go to the Users page and choose Security Settings in the row that contains the IAM user.
Supported Cloud Services IAM provides identity authentication and permissions management for other Huawei Cloud services. Users created in IAM can access these services based on assigned permissions.
Querying Permanent Access Keys - ListPermanentAccessKeys Function This API can be used by the administrator to query all permanent access key of an IAM user or used by an IAM user to query all of their own permanent access keys.
Creating a Virtual MFA Device - CreateMfaDevice Function This API is provided for IAM users to create a virtual MFA device. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
Unbinding a Virtual MFA Device - DeleteBindingDevice Function This API is used by the administrator to unbind a virtual MFA device from an IAM user, or used by an IAM user to unbind their own virtual MFA device.
A token is an access credential issued to an IAM user to bear its identity and permissions. When calling the APIs of IAM or other cloud services, you can use this API to obtain a user token for authentication.
Only the following users can use IAM: Account administrator (with full permissions for all services, including IAM) IAM users added to the admin group (with full permissions for all services, including IAM) IAM users assigned the Security Administrator role or an xxx FullAccess policy
including IAM) IAM users assigned the Security Administrator role (with permissions to access IAM) If you want to view, audit, and track the records of key operations performed on IAM, enable Cloud Trace Service (CTS).
For example, if a user or user group has the IAM ReadOnlyAccess permission, the user or user group only has the read-only permission on IAM service data. IAM also supports custom policies to assign IAM service permissions.
Parent topic: IAM User SSO via SAML
Parent topic: IAM User SSO via SAML
Parent topic: IAM User SSO via SAML
Parent topic: IAM User SSO via SAML
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
Feature Description Phase Document 1 Changing the access type of IAM users The administrator can change the access type of an IAM user on the Basic Information page.
To identify the principal that uses access keys, create an IAM user with the same name as the corresponding IAM user or your account. Click OK. Obtain an access key for the IAM user. Log in to the IAM console and select the EU-Dublin region.
If you select iam_user_sso, ensure that you have created an IAM user on the cloud service platform.
For details about how to obtain the project ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
For details about how to obtain the project ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI DELETE /v3.0/OS-ROLE/roles/{role_id} Table 1 URI parameters Parameter Mandatory Type Description role_id Yes String Custom policy ID.
