Help Center> >Glossary


    • A-E
      access control list

      An access control list (ACL) is a group of IP addresses or network segments. Users can only access the public cloud system from the IP addresses or network segments contained in the ACL.

      access key

      An access key consists of an Access Key ID (AK) and a Secret Access Key (SK). Access keys (AK/SK) are used to verify the identity of a sender who initiates a request through APIs. Access keys and passwords have similar functions. Access keys can be generated and managed on the My Credential page.


      An account is created automatically when a user registers with HUAWEI CLOUD. An account has full access permissions for all the resources under the account.


      See access control list


      See access key


      • F
        federated identity authentication

        Federated identity authentication allows users on different systems to access multiple systems through a single sign-on (SSO).

        federated user

        Users who access the public cloud system using federated identity authentication.

      • I

        See Identity and Access Management

        IAM user

        A user created by the administrator in IAM. An IAM user uses cloud services and corresponds to an employee, system, or application. IAM users have identity credentials (passwords and access keys) and can log in to the management console or access APIs.

        Identity and Access Management

        Identity and Access Management (IAM) is a security management service provided by the public cloud system. This service includes identity management, permission management, and access control functions.

        identity provider

        An identity provider (IdP) is a system that provides identity authentication to users. For example, IAM is the IdP for the public cloud system. In IAM, the IdP for federated identity authentication is the enterprise's own identity authentication system.


        See identity provider


        • K-O
          metadata file

          Metadata files are SAML 2.0-compliant interface files. They contain the interface addresses and certificate information required by the SAML2.0 protocol. Two such files are available, one for the identity provider (IdP) and the other for the service provider (SP). The IdP and SP set up a trust relationship by exchanging their metadata files and configuring data in the file of each other. The public cloud system (SP) communicates with the IdP server using the address and certificate in the metadata file.

          My Credential

          My Credential contains a user's attribute information and security information, including their user ID, verified mobile number, verified email address, password, and access key.


          • P

            Permissions are used to control which operations users can perform on which objects.


            A policy consists of one or more statements, each of which describes one set of permissions and grants permissions to a set of resources. You can flexibly define permissions in a policy as required. A policy can contain multiple operation permissions for multiple cloud services or a single operation permission for a single cloud service. IAM uses policies to implement fine-grained permission management.


            A collection of accessible resources in services. An account can create multiple projects in a region and authorize users based on these projects.

          • R

            Regions are divided from the dimensions of geographical location and network delay. Public services, such as Object Storage Service (OBS), Virtual Private Cloud (VPC), and Image Management Service (IMS), are shared within the same region. Users can select a region closest to them to reduce access latencies.

          • S
            service provider

            A service provider (SP) is a system that provides services to users. In IAM, the SP for federated identity authentication is the public cloud system.


            See service provider

          • T

            A token contains user information such as the identity and permissions. A token is issued to a user after the user identity is authenticated.


            • U-Z
              user group

              A group of users who share the same responsibilities. After a user is added to a user group, it has all of the permissions that are assigned to the group. User groups help improve the efficiency of permission management.