检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details, see Creating an IAM User and Assigning Permissions to Use DataArtsFabric and Configuring DataArtsFabric Service Agency Permissions. You have at least one workspace available. For details, see Creating a Workspace. You have at least one Ray service.
Parameter Mandatory Type Description limit No Integer Maximum number of results returned for each request Minimum value: 1 Maximum value: 100 Default value: 100 marker No String Pagination marker Minimum length: 24 Maximum length: 24 group_id Yes String Globally unique ID of an IAM
Making a Management Plane API Request This section describes the structure of a REST API request on the management plane of GES, and uses the IAM API for obtaining a user token as an example to demonstrate how to call an API.
Method 1: Delete the email address or mobile number on the IAM console. For details, see Modifying Security Settings for an IAM User. Note: The organization member account cannot be the same as an existing IAM account. Method 2: Delete the IAM account.
a RAM-based shared KMS key, configure the following actions: iam:agencies:listAgencies iam:roles:listRoles iam:agencies:pass iam:agencies:createAgency iam:permissions:grantRoleToAgency RDS FullAccess already contains the iam:agencies:listAgencies, iam:roles:listRoles, and iam:agencies
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
Creating a Stack Note: If the error shown in the following figure is displayed, grant permissions to the user by referring to Granting Permissions to Use the RFS Frontend Based on IAM Policies.
Temporary access keys and security tokens are issued by the system to IAM users, and can be valid for 15 minutes to 24 hours. Temporary access keys and security tokens are granted permissions based on the principle of least privilege (PoLP).
After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by CloudDC to the user group. Then, all users in this group automatically inherit those permissions. For details about IAM, see IAM Functions.
For more information about IAM, see IAM Service Overview. CBS Permissions By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
With IAM, you can use your HUAWEI ID to create IAM users, and assign permissions to the users to control their access to specific resources. If your HUAWEI ID does not require individual IAM users for permissions management, skip this section. IAM is a free service.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate other APIs.
For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
IAM projects/Enterprise projects: Authorization scope of custom policies, which can be IAM projects, enterprise projects, or both.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Project Management Service (EPS). Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
