检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
APIs using the IAM authentication can be authorized only to apps of the IAM type. Authorizing an API to Apps An API that uses app or IAM authentication can be called only after it is authorized. Authorization can be performed by an API developer or an API caller.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI GET /v3 Request Parameters None Response Parameters Table 1 Parameters in the response body Parameter Type Description version Object Information about Keystone API 3.0.
You can use bucket policies to control the access of IAM users or other account to your OBS buckets. You are advised to apply the least privilege principle to ensure that a bucket policy only grants necessary permissions for certain tasks.
IAM can be used free of charge. You pay only for the resources in your account. For more information, see IAM Service Overview. AOM Permissions By default, new IAM users do not have any permissions assigned.
Figure 8 Viewing permissions Step 2: Create an IAM User IAM users can be created for employees or applications of an enterprise. Each IAM user has their own security credentials, and inherits permissions from the groups it is a member of.
Perform the following operations to rectify the fault: If you log in as an IAM user, check whether you have the permissions required to perform cache purge and prefetch. If you do not have the required permissions, apply for them from your account administrator.
For example, to list instances in IAM Identity Center, obtain the endpoint of IAM Identity Center (identitycenter.myhuaweicloud.com) and find resource-path (/v1/instances) in the URI of the API for Listing Instances.
Both an account and its IAM user can create IAM users to manage resources. The Huawei Cloud Enterprise Center allows multiple independent HUAWEI IDs to be associated with each other. Parent topic: Concepts
IAM does not provide APIs for batch querying and modifying personal data. Operation Logs IAM logs all personal data operations, including adding, modifying, querying, and deleting personal data.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate the calling of other APIs.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. SFS Permissions By default, new IAM users do not have permissions assigned.
Company B assigns permissions to one or more of its IAM users to manage company A's resources. Requirements Company B wants to authorize its employees (IAM users) to manage the delegated resources of company A.
If your Huawei Cloud account does not need individual IAM users for permissions management, skip this section. IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see Service Overview.
Disabling IAM User Login Verification as an Administrator An administrator can disable login verification for an IAM user on the IAM console as follows: In the navigation pane, choose Users. Click Security Settings in the row containing the target user.
If your Huawei Cloud account does not need individual IAM users, you can skip this section. By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
Configuring Forcible Backup Policies Forcible backup policies allow IAM users to forcibly back up data to ensure user data accuracy and security and service security.
Maximum length: 2048 Table 3 Parameters in the request body Parameter Mandatory Type Description group_id Yes String Globally unique ID of an IAM Identity Center group in the identity source Minimum length: 1 Maximum length: 47 member_id Yes Object Group member ID Table 4 member_id
Maximum length: 2048 Table 3 Parameters in the request body Parameter Mandatory Type Description group_id Yes String Globally unique ID of an IAM Identity Center group in the identity source Minimum length: 1 Maximum length: 47 member_id Yes Object Group member ID Table 4 member_id
For a policy to be delivered to IAM, each time a maximum of 500 IAM users can be added as blocked objects by each account.
