Creating an IAM User (Recommended)
Function
This API is provided for the administrator to create an IAM user.
The API can be called using both the global endpoint and region-specific endpoints.
Authorization Information
Each account is authorized to call all APIs, but its IAM users must obtain necessary permissions. For details, see Permissions and Supported Actions.
URI
POST /v3.0/OS-USER/users
Request Parameters
Parameter | Mandatory | Type | Description |
|---|---|---|---|
Content-Type | Yes | String | Fill application/json;charset=utf8 in this field. |
X-Auth-Token | Yes | String | Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
Yes | Object | IAM user information. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
name | Yes | String | IAM username, which consists of 1 to 64 characters. It can contain letters (case-sensitive), digits, spaces, hyphens (-), underscores (_), and periods (.), and cannot start with a digit or space. |
domain_id | Yes | String | Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
password | No | String | Password of the user. |
No | String | Valid email address with a maximum of 255 characters. | |
areacode | No | String | Country code. The country code must be used together with a mobile number. |
phone | No | String | Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code. |
enabled | No | Boolean | Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled. |
pwd_status | No | Boolean | Definition Whether password reset is required at the first login. This parameter is valid only when password is not empty. Constraints N/A Range
Default Value If password is empty, this parameter defaults to false. If password is not empty, this parameter defaults to true. |
xuser_type | No | String | Type of the IAM user in the external system. The user type can contain a maximum of 64 characters. xuser_type must be used together with xuser_id and will be verified based on xaccount_type and xdomain_type of the same account. Currently, the parameter value can only be TenantIdp. NOTE: An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator. |
xuser_id | No | String | ID of the IAM user in the external system. The user ID can contain a maximum of 128 characters, and must be used together with xuser_type. Due to the latency, the IAM console may not be able to display the external identity ID you have set in real time. Refresh the page later. NOTE: An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator. |
access_mode | No | String | Access type of the IAM user.
|
description | No | String | Description of the IAM user. |
Response Parameters
Parameter | Type | Description |
|---|---|---|
Object | IAM user information. |
Parameter | Type | Description |
|---|---|---|
status | Integer | Status of the IAM user. |
pwd_status | Boolean | Definition Whether password reset is required at the first login. Constraints N/A Range
|
xuser_id | String | ID of the IAM user in the external system. NOTE: An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator. |
xuser_type | String | Type of the IAM user in the external system. NOTE: An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator. |
access_mode | String | Access type of the IAM user.
|
description | String | Description of the IAM user. |
name | String | IAM username, which consists of 1 to 32 characters. It can contain letters (case-sensitive), digits, spaces, hyphens (-), underscores (_), and periods (.), and cannot start with a digit or space. |
phone | String | Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code. |
is_domain_owner | Boolean | Indicates whether the IAM user is an administrator. |
domain_id | String | ID of the account used to create the IAM user. |
enabled | Boolean | Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled. |
areacode | String | Country code. |
String | Email address. | |
create_time | String | Time when the IAM user was created. NOTE: The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssss format, for example, 2023-06-28T08:56:33.710000. |
xdomain_id | String | Customer code of the business entity. |
xdomain_type | String | Business entity. |
default_project_id | String | Default project ID. |
id | String | IAM user ID that contains 32 characters. |
password_expires_at | String | Password expiration time. If this parameter is set to null, the password will never expire. NOTE: The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssss format, for example, 2023-06-28T08:56:33.710000. |
Example Request
Request for an administrator to create an IAM user named IAMUser, with the email address IAMEmail@huawei.com and mobile number 0012312345678910 bound, and with both programmatic access and management console access
POST https://iam.myhuaweicloud.eu/v3.0/OS-USER/users {
"user": {
"domain_id": "d78cbac186b744899480f25...",
"name": "IAMUser",
"password": "IAMPassword@",
"email": "IAMEmail@huawei.com",
"areacode": "00123",
"phone": "12345678910",
"enabled": true,
"pwd_status": false,
"xuser_type": "",
"xuser_id": "",
"access_mode" : "default",
"description": "IAMDescription"
}
} Example Response
Status code: 201
The IAM user is created successfully.
{
"user": {
"pwd_status": false,
"xuser_id": "",
"xuser_type": "",
"access_mode" : "default",
"description": "IAMDescription",
"name": "IAMUser",
"phone": "12345678910",
"is_domain_owner": false,
"enabled": true,
"domain_id": "d78cbac186b744899480f25bd...",
"areacode": "00123",
"email": "IAMEmail@huaweiexample.com",
"create_time": "2020-01-06T08:05:16.000000",
"xdomain_id": "",
"xdomain_type": "",
"id": "07664aec578026691f00c003a...",
"status": null,
"password_expires_at": null,
"default_project_id": null
}
} Status Codes
Status Code | Description |
|---|---|
201 | The IAM user is created successfully. |
400 | Invalid parameters. |
401 | Authentication failed. |
403 | Access denied. |
404 | The requested resource cannot be found. |
405 | The method specified in the request is not allowed for the requested resource. |
409 | A resource conflict occurs. |
413 | The request entity is too large. |
500 | Internal server error. |
503 | Service unavailable. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
