检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details about the permissions required for IAM users to access different MgC functions, see IAM User Permissions.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to OA resources. Grant only the permissions required for users to perform a specific task.
Constraints IAM users can enable SCM authorization only when they have the following permissions: Associated Cloud Service Permission IAM Listing permissions: iam:roles:listRoles Creating a custom policy: iam:roles:createRole Listing agencies: iam:agencies:listAgencies Creating an
Log in to the IAM console using a Huawei Cloud account or as an IAM user, locate the IAM user that the target instance belongs to, and add it to the user group created in 3. The IAM user will inherit permissions of the user group.
Log in to the IAM console using a Huawei Cloud account or as an IAM user, locate the IAM user that the target instance belongs to, and add it to the user group created in 3. The IAM user will inherit permissions of the user group.
Log in to the IAM console using a Huawei Cloud account or as an IAM user, locate the IAM user that the target instance belongs to, and add it to the user group created in 3. The IAM user will inherit permissions of the user group.
If your HUAWEI ID does not need individual IAM users for permissions management, skip this section. IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
Log in to the IAM console using a Huawei Cloud account or an IAM account, locate the IAM user that the target instance belongs to, and add it to the user group created in 2. The IAM user will inherit permissions of the user group.
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
Access Control You can use IAM to control access to your CBR resources. Table 1 CBR access control Method Description Reference Permissions management IAM permissions IAM permissions define which actions are allowed or denied on your cloud resources.
Critical Operations Administrator: Full access IAM users: Read-only access Login Authentication Policy Administrator: Full access IAM users: Read-only access Password Policy Administrator: Full access IAM users: Read-only access ACL Administrator: Full access IAM users: Read-only
If there is a blocked action for KMS in an IAM policy, this policy is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the password strength requirements, this IAM user is noncompliant. iam-policy-no-statements-with-admin-access iam If an IAM policy
You must obtain the authentication information from Huawei Cloud Identity and Access Management (IAM) before you can access EVS. For details about IAM authentication, see Authentication. Access Control You can use IAM to securely control access to your EVS resources.
All IAM Policies Are in Use All IAM Roles Are in Use Login Protection Check IAM Agencies Contain Specified Policies The Admin User Group Only Contains the Root User IAM Users Do Not Have Directly Assigned Policies or Permissions Access Key Used Within the Specified Period Parent
Inherit permissions from user groups: Add the IAM user to certain groups with the DRS FullAccess permission to make the user inherit their permissions. Select permissions: Directly assign the DRS FullAccess permission to the IAM user.
If the authorization scope is set to IAM projects only, the custom policy will take effect only for user groups in IAM projects.
For details, see Changing the Login Password of an IAM User. Rule Logic If an IAM user does not have a password configured, this user is compliant. If an IAM user is in the disabled state, this user is compliant.
If a master account only grants the OCR ReadOnlyAccess permission or no permission at all to an IAM user, only the master account (or IAM users with the OCR FullAccess permission) can subscribe to OCR services for that IAM user.
IAM user name Yes Name of the IAM user created by your Huawei Cloud account or HUAWEI ID. To view an IAM username, see Obtaining IAM User Information.
IAM users can then be assigned permissions to access only specific resources in the subprojects. Create an IAM project. Figure 1 IAM projects Enterprise projects group and manage resources across regions. Resources in enterprise projects are logically isolated from each other.
