- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Managing Public Images
-
Creating a Private Image
- Introduction
- Creating a System Disk Image from a Windows ECS
- Creating a System Disk Image from a Linux ECS
- Creating a Windows System Disk Image from an External Image File
- Creating a Linux System Disk Image from an External Image File
- Creating a BMS System Disk Image
- Creating a Data Disk Image from an ECS
- Creating a Data Disk Image from an External Image File
- Creating a Full-ECS Image from an ECS
- Creating a Full-ECS Image from a CSBS Backup
- Creating a Full-ECS Image from a CBR Backup
- Creating a Windows System Disk Image from an ISO File
- Creating a Linux System Disk Image from an ISO File
- Importing an Image
- Fast Import of an Image File
-
Managing Private Images
- Modifying an Image
- Exporting Image List
- Checking the Disk Capacity of an Image
- Creating an ECS from an Image
- Deleting Images
- Sharing Images
- Exporting an Image
- Optimizing a Windows Private Image
-
Optimizing a Linux Private Image
- Optimization Process
- Checking Whether a Private Image Needs to be Optimized
- Uninstalling PV Drivers from a Linux ECS
- Changing the Disk Identifier in the GRUB Configuration File to UUID
- Changing the Disk Identifier in the fstab File to UUID
- Installing Native Xen and KVM Drivers
- Installing Native KVM Drivers
- Clearing System Logs
- Encrypting Images
- Replicating Images Within a Region
- Replicating Images Across Regions
- Tagging an Image
- Auditing Key Operations
- Windows Operations
- Linux Operations
- Permissions Management
-
Best Practices
- Overview
- Creating a Linux Image Using VirtualBox and an ISO File
- Cleaning Up the Disk Space of a Windows ECS
- Converting the Image Format
- Creating a Private Image Using Packer
- Configuring an ISO File as a Local Image Source
- Migrating Service Data Across Accounts (Data Disks)
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- IMS APIs
-
Native OpenStack APIs
-
Image (Native OpenStack APIs)
- Querying Images (Native OpenStack API)
- Querying Image Details (Native OpenStack API)
- Updating Image Information (Native OpenStack API)
- Uploading an Image (Native OpenStack API)
- Deleting an Image (Native OpenStack API)
- Creating Image Metadata (Native OpenStack API)
- Deleting an Image (Native OpenStack API v1.1 - Abandoned and Not Recommended)
- Querying Image Metadata (Native OpenStack API v1 - Abandoned and Not Recommended)
- Querying Image Details (Native OpenStack API v1.1 - Abandoned and Not Recommended)
- Image Tagging (Native OpenStack APIs)
- Image Schema (Native OpenStack APIs)
- Image Sharing (Native OpenStack APIs)
- API Version Query (Native OpenStack API)
-
Image (Native OpenStack APIs)
- Examples
- Permission Policies and Supported Actions
- Common Parameters
- Status Codes
- Error Codes
- SDK Reference
-
FAQs
-
Image Consulting
- Basic Concepts
- How Do I Select an Image?
- Are There Any Public Images Already Containing Certain Applications, Such as OpenVPN or PyTorch?
- How Do I Increase the Image Quota?
- What Are the Differences Between Images and Backups?
- Can I Tailor an Image?
- How Can I Back Up the Current Status of an ECS for Restoration in the Case of a System Fault?
- How Can I Apply a Private Image to an Existing ECS?
- Can I Import Data from a Data Disk Image to a Data Disk?
- Can I Use Private Images of Other Accounts?
- End-of-Support for OSs
-
Image Creation
- General Creation FAQs
- Full-ECS Image FAQs
- How Can I Use a Backup to Create an EVS Disk or ECS?
- Is There Any Difference Between the Image Created from a CSBS/CBR Backup and That Created from an ECS?
- Why Can't I Find an ISO Image When I Want to Use It to Create an ECS or Change the OS of an ECS?
- How Do I Create a Full-ECS Image Using an ECS That Has a Spanned Volume?
- Why Is Sysprep Required for Creating a Private Image from a Windows ECS?
- How Do I Handle the Startup Failure of a Windows ECS Created from a Windows Image Generalized by Sysprep?
- What Do I Do If I Cannot Create an Image in ZVHD2 Format Using an API?
- Image Sharing
- OS
-
Image Import
- Can I Use Images in Formats not Described in This Document?
- What Are the Impacts If I Do Not Pre-configure an ECS Used to Create a Private Image?
- How Do I Import an OVF or OVA File to the Cloud Platform?
- What Do I Do If I Chose the Wrong OS or System Disk Capacity When Registering a Private Image?
- Why Did My VHD Upload Fail? Why Does the System Say the System Disk in the VHD Image File Is Larger Than What I Specified on the Management Console?
-
Image Export
- Can I Download My Private Images to a Local PC?
- Can I Use the System Disk Image of an ECS on a BMS After I Export It from the Cloud Platform?
- Why Is the Image Size in an OBS Bucket Different from That Displayed in IMS?
- Can I Download a Public Image to My PC?
- What Are the Differences Between Import/Export and Fast Import/Export?
- Why the Export Option Is Unavailable for My Image?
-
Image Optimization
- Must I Install Guest OS Drivers on an ECS?
- Why Do I Need to Install and Update VirtIO Drivers for Windows?
- What Will the System Do to an Image File When I Use the File to Register a Private Image?
- How Do I Configure an ECS, a BMS, or an Image File Before I Use It to Create an Image?
- What Do I Do If a Windows Image File Is Not Pre-Configured When I Use It to Register a Private Image?
- What Do I Do If a Linux Image File Is Not Pre-Configured When I Use It to Register a Private Image?
- How Do I Enable NIC Multi-Queue for an Image?
- How Do I Configure an ECS to Use DHCPv6?
- How Do I Clean Up the Disk Space of a Windows ECS?
- How Do I Make a System Disk Image Support Fast ECS Creation?
- Why Did I Fail to Install Guest OS Drivers on a Windows ECS?
- How Do I Install Native Xen and KVM Drivers?
- Image Replication
- Image Deletion
- Image Encryption
- Accounts and Permissions
- Cloud-Init
-
ECS Creation
- Can I Change the Image of a Purchased ECS?
- Can I Change the Specifications Defined by a Private Image When I Use the Image to Create an ECS?
- Can I Specify the System Disk Capacity When I Create an ECS Using an Image?
- What Do I Do If a Partition Is Not Found During the Startup of an ECS Created from an Imported Private Image?
- What Do I Do If the Disks of a CentOS ECS Created from an Image Cannot Be Found?
- What Do I Do If I Enabled Automatic Configuration During Image Registration for an ECS Created from a Windows Image and Now It Won't Start?
- What Do I Do If an Exception Occurs When I Start an ECS Created from an Image Using UEFI Boot?
- Billing
-
Image Consulting
- Videos
Show all
Introduction
This section describes fine-grained permissions management for your IMS. If your Huawei account does not need individual IAM users, you may skip over this section.
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on cloud services based on the permissions.
You can grant user permissions by using roles and policies.
- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization.
- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for API-level policies for authorization, meeting requirements for secure access control.
Policy-based authorization is useful if you want to allow or deny the access to an API.
An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully. For example, if an IAM user queries images using an API, the user must have been granted permissions that allow the ims:images:list action.
Supported Actions
IMS provides system-defined policies. You can also create custom policies for more specific access control. The following are related concepts:
- Permissions: Allow or deny certain operations.
- APIs: APIs that will be called for performing certain operations.
- Actions: Operations that will be allowed or denied.
- Dependent actions: When assigning permissions for an action, you also need to assign permissions for the dependent actions.
- IAM projects or enterprise projects: Applicable scope of custom policies. For example, if an action supports both IAM and enterprise projects, the policy that contains this action will take effect for user groups assigned in IAM and Enterprise Management. If an action supports only IAM projects, the policy will take effect only for user groups assigned in IAM. For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
√: supported; x: not supported
IMS supports the following actions that can be defined in custom policies:
- Image Management, including actions supported by IMS's image management APIs, such as the APIs for querying images, updating image information, creating images, registering images, and exporting images.
- Image Tagging, including actions supported by IMS's tag management APIs, such as the APIs for adding tags, deleting tags, and querying images.
- Image Schema, including actions supported by IMS's image schema management APIs, such as the APIs for querying an image schema, querying an image list schema, querying an image sharing member schema, and query an image sharing member list schema.
- Image Sharing, including actions supported by IMS's shared image APIs, such as the APIs for adding an image sharing member, updating the status of image sharing members, querying image sharing member details, and deleting an image sharing member.
- Image Replication, including actions supported by IMS's image replication APIs, such as the API for replicating an image within a region.
- Image Quota, including actions supported by IMS's image quota APIs, such as the API for querying image quotas.
Error messages returned for native OpenStack APIs are in XML format. JSON format of the fine-grained policy is not supported.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.