检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If your Huawei Cloud account does not need individual IAM users for permissions management, then you may skip over this section. IAM can be used for free. You pay only for the resources in your account. For details about IAM, see IAM Service Overview.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently obtaining the token.
IAM or enterprise projects: Authorization scope of custom policies, which can be IAM projects, enterprise projects, or both.
Do not add the IAM user to any user group. System policy None Astro Zero IAM User QueryAccess Only a Huawei Cloud account or an IAM user with the Astro Zero IAM User QueryAccess permission can create a Huawei Cloud Astro Zero developer account.
a specific IAM user (user 2), and not for the current account.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API.
Task Creation Process Process of Creating a Migration Task Figure 1 Process of creating a real-time migration task Obtaining a User Token: Call an IAM API to obtain a user token. Creating Tasks in Batches: Create a migration task.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
You can use bucket policies to control the access of IAM users or other account to your OBS buckets. You are advised to apply the least privilege principle to ensure that a bucket policy only grants necessary permissions for certain tasks.
If you disable this function, you and the IAM users only need to enter the account name/username and password during login. Procedure On the IAM console, enable login verification for IAM users as an administrator. In the navigation pane, choose Users.
You can use IAM to control cloud resource access and prevents misoperations on cloud resources. This section describes how to configure the read-only permission for an IAM user.
Roles: A coarse-grained IAM authorization strategy to assign permissions based on user responsibilities. IAM provides a limited number of roles for permission management. When grant permissions to a role, you also need to assign other roles on which the permissions depend.
IAM user login: IAM users are created by an administrator to use specific cloud services. Federated user login: Federated users are registered with an enterprise IdP that is created by the administrator in IAM.
IAM users can use DDS resources only after their accounts and passwords are verified. For details, see Creating an IAM User and Logging In.
Creating an IAM User If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users.
For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
Please check the current user's IAM permissions." is displayed when a user attempted to access the Dedicate Engine page under Instance Management. Possible Cause The IAM ReadOnly permission is not granted to the login account.
IAM projects or enterprise project: Scope of users a permission is granted to. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
