检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
the root user, the root user is noncompliant. iam-policy-in-use iam If an IAM policy has not been attached to any IAM users, user groups, or agencies, this policy is noncompliant. iam-role-in-use iam If an IAM role has not been attached to any IAM users, user groups, or agencies,
an IAM User POST /v3/users iam:users:createUser - - Modifying User Information PATCH /v3/users/{user_id} iam:users:updateUser - - Deleting an IAM User DELETE /v3/users/{user_id} iam:users:deleteUser - - Creating an IAM User (Recommended) POST /v3.0/OS-USER/users iam:users:createUser
", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgency", "iam:permissions:grantRoleToAgencyOnDomain
", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgency", "iam:permissions:grantRoleToAgencyOnDomain
", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgency", "iam:permissions:grantRoleToAgencyOnDomain
", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgency", "iam:permissions:grantRoleToAgencyOnDomain
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
iam:roles:createRole, iam:permissions:grantRoleToAgencyOnDomain, iam:agencies:getAgency, iam:agencies:createAgency, iam:roles:updateRole, iam:permissions:grantRoleToAgency, and iam:permissions:grantRoleToAgencyOnProject.
Table 1 User types and their sources on the O&M Engineer Management page User Type User Data Source Common IAM user Synchronized from IAM IAM Federated User (IAM User SSO) Synchronized from IAM IAM federated user (Virtual User SSO) Manually added on the O&M engineer page IAM Identity
IAM User Management API Description Listing IAM Users Provided for the administrator to list all IAM users.
If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-root-access-key-check iam If the account root user has an available access
Table 1 lists IAM endpoints. IAM is a global service with all data stored in the Global service project. All APIs of IAM can be called using the endpoint of a global service.
a Bucket Granting an IAM User the Specified Permissions for a Bucket Granting an IAM User the Read Permissions on Specific Objects Granting an IAM User the Specific Permissions on Specific Objects Granting permissions to multiple IAM users or user groups under the current account
If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-root-access-key-check iam If the account root user has an available access
Separation of duties Assign different IAM users to manage resources and permissions. For example, you can let one IAM user assign permissions, and let another IAM user manage OBS resources.
Associated Cloud Service Permission IAM iam:roles:listRoles iam:roles:createRole iam:agencies:listAgencies iam:agencies:createAgency iam:permissions:checkRoleForAgency iam:permissions:grantRoleToAgency After creating an agency, IAM users can configure certificates for domain names
IAM permissions IAM permissions define the actions that can be performed on your cloud resources, specifying what actions are allowed or denied. IAM permissions can be used to grant access to various IAM users under the same parent account.
"iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:roles:createRole" ] } ] } Create a user group and assign permissions.
"iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:roles:createRole" ] } ] } Create a user group and assign permissions.
"iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:roles:createRole" ] } ] } Create a user group and assign permissions.
