Identity and Access Management
Identity and Access Management
All results for "
" in this service
All results for "
" in this service
What's New
Function Overview
Service Overview
Infographics
What Is IAM?
Basic Concepts
Functions
Supported Cloud Services
Personal Data Protection
Permissions
Notes and Constraints
Change History
Getting Started
Before You Start
Step 1: Create User Groups and Assign Permissions
Step 2: Create IAM Users and Log In
Change History
User Guide
Before You Start
Logging In to Huawei Cloud
IAM Users
Creating an IAM User
Assigning Permissions to an IAM User
Logging In as an IAM User
Viewing or Modifying IAM User Information
Deleting an IAM User
Changing the Login Password of an IAM User
Managing Access Keys for an IAM User
User Groups and Authorization
Creating a User Group and Assigning Permissions
Adding Users to or Removing Users from a User Group
Deleting User Groups
Viewing or Modifying User Group Information
Revoking Permissions of a User Group
Assigning Dependency Roles
Permissions Management
Basic Concepts
Roles
Policies
Policy Content
Policy Grammar
Authentication Process
Changes to the System-defined Policy Names
Authorization Records
Custom Policies
Creating a Custom Policy
Modifying or Deleting a Custom Policy
Custom Policy Use Cases
Cloud Services that Support Resource-Level Authorization Using IAM
Projects
Agencies
Account Delegation
Delegating Resource Access to Another Account
Creating an Agency (by a Delegating Party)
(Optional) Assigning Permissions to an IAM User (by a Delegated Party)
Switching Roles (by a Delegated Party)
Cloud Service Agency
Deleting or Modifying Agencies
Security Settings
Security Settings Overview
Basic Information
Critical Operation Protection
Login Authentication Policy
Password Policy
ACL
Identity Providers
Introduction
Application Scenarios of Virtual User SSO and IAM User SSO
Virtual User SSO via SAML
Overview of Virtual User SSO via SAML
Step 1: Create an IdP Entity
Step 2: Configure the Enterprise IdP
Step 3: Configure Identity Conversion Rules
Step 4: Verify the Federated Login
(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP
IAM User SSO via SAML
Overview of IAM User SSO via SAML
Step 1: Create an IdP Entity
Step 2: Configure the Enterprise IdP
Step 3: Configure an External Identity ID
Step 4: Verify the Federated Login
(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP
Virtual User SSO via OpenID Connect
Overview of Virtual User SSO via OpenID Connect
Step 1: Create an IdP Entity
Step 2: Configure Identity Conversion Rules
(Optional) Step 3: Configure Login Link in the Enterprise Management System
Syntax of Identity Conversion Rules
Custom Identity Broker
Enabling Custom Identity Broker Access with an Agency
Creating a FederationProxyUrl Using an Agency
Enabling Custom Identity Broker Access with a Token
Creating a FederationProxyUrl Using a Token
MFA Authentication and Virtual MFA Device
MFA Authentication
Virtual MFA Device
Viewing IAM Operation Records
Enabling CTS
Querying Real-Time Traces
Quotas
Change History
API Reference
Before You Start
Overview
API Calling
Endpoints
Constraints
Parameters
Basic Concepts
API Overview
Calling APIs
Making an API Request
Authentication
Response
Getting Started
Periodic Rotation of Access Keys
Federated Authentication for Enterprise Accounts
Security Auditing on Permissions of IAM Users
API
Token Management
Obtaining a User Token Through Password Authentication
Obtaining a User Token Through Password and Virtual MFA Authentication
Obtaining an Agency Token
Verifying a Token
Access Key Management
Obtaining a Temporary Access Key and Security Token Through an Agency
Obtaining a Temporary Access Key and Security Token Through a Token
Creating a Permanent Access Key
Querying Permanent Access Keys
Querying a Permanent Access Key
Modifying a Permanent Access Key
Deleting a Permanent Access Key
Region Management
Querying Regions
Querying Region Details
Project Management
Querying Project Information
Listing Projects
Listing Projects Accessible to an IAM User
Creating a Project
Modifying Project Information
Querying Project Information
Changing Project Status
Querying Project Information and Status
Querying the Quotas of a Project
Account Management
Querying Account Information Accessible to an IAM User
Querying the Password Strength Policy
Querying the Regular Expression or Description of a Password Strength Policy
Querying the Quotas of an Account
IAM User Management
Listing IAM Users
Querying IAM User Details (Recommended)
Querying IAM User Details
Querying the User Groups to Which an IAM User Belongs
Querying the IAM Users in a Group
Creating an IAM User (Recommended)
Creating an IAM User
Changing the Login Password
Modifying IAM User Information (Recommended)
Modifying IAM User Information (Recommended)
Modifying User Information
Deleting an IAM User
User Group Management
Listing User Groups
Querying User Group Details
Creating a User Group
Updating User Group Information
Deleting a User Group
Checking Whether an IAM User Belongs to a User Group
Adding an IAM User to a User Group
Removing an IAM User from a User Group
Permissions Management
Listing Permissions
Querying Permission Details
Querying Permissions Assignment Records
Querying Permissions of a User Group for a Global Service Project
Querying Permissions of a User Group for a Region-specific Project
Granting Permissions to a User Group for a Global Service Project
Granting Permissions to a User Group for a Region-specific Project
Checking Whether a User Group Has Specified Permissions for a Global Service Project
Checking Whether a User Group Has Specified Permissions for a Region-specific Project
Querying All Permissions of a User Group
Checking Whether a User Group Has Specified Permissions for All Projects
Removing Specified Permissions of a User Group in All Projects
Removing Permissions of a User Group for a Global Service Project
Removing the Permissions of a User Group for a Region-specific Project
Granting Permissions to a User Group for All Projects
Custom Policy Management
Listing Custom Policies
Querying Custom Policy Details
Creating a Custom Policy for Cloud Services
Creating a Custom Policy for Agencies
Modifying a Custom Policy for Cloud Services
Modifying a Custom Policy for Agencies
Deleting a Custom Policy
Agency Management
Listing Agencies
Querying Agency Details
Creating an Agency
Modifying an Agency
Deleting an Agency
Querying Permissions of an Agency for a Global Service Project
Querying Permissions of an Agency for a Region-specific Project
Granting Permissions to an Agency for a Global Service Project
Granting Permissions to an Agency for a Region-specific Project
Checking Whether an Agency Has Specified Permissions for a Global Service Project
Checking Whether an Agency Has Specified Permissions for a Region-specific Project
Removing Permissions of an Agency for a Global Service Project
Removing Permissions of an Agency for a Region-specific Project
Querying All Permissions of an Agency
Granting Specified Permissions to an Agency for All Projects
Checking Whether an Agency Has Specified Permissions
Removing Specified Permissions of an Agency in All Projects
Enterprise Project Management
Querying User Groups Associated with an Enterprise Project
Querying the Permissions of a User Group Associated with an Enterprise Project
Granting Permissions to a User Group Associated with an Enterprise Project
Removing Permissions of a User Group Associated with an Enterprise Project
Querying the Enterprise Projects Associated with a User Group
Querying the Enterprise Projects Directly Associated with an IAM User
Querying Users Directly Associated with an Enterprise Project
Querying Permissions of a User Directly Associated with an Enterprise Project
Granting a User Permissions for an Enterprise Project
Removing Permissions of a User Directly Associated with an Enterprise Project
Granting Permissions to Agencies Associated with Specified Enterprise Projects
Removing Permissions of Agencies Associated with Specified Enterprise Projects
Security Settings
Modifying the Operation Protection Policy
Querying the Operation Protection Policy
Modifying the Password Policy
Querying the Password Policy of an Account
Modifying the Login Authentication Policy
Querying the Login Authentication Policy
Modifying the ACL for Console Access
Querying the ACL for Console Access
Modifying the ACL for API Access
Querying the ACL for API Access
Querying MFA Device Information of IAM Users
Querying the MFA Device Information of an IAM User
Querying Login Protection Configurations of IAM Users
Querying the Login Protection Configuration of an IAM User
Modifying the Login Protection Configuration of an IAM User
Binding a Virtual MFA Device
Unbinding a Virtual MFA Device
Creating a Virtual MFA Device
Deleting a Virtual MFA Device
Federated Identity Authentication Management
Obtaining a Token Through Federated Identity Authentication
SP Initiated
IdP Initiated
Identity Providers
Listing Identity Providers
Querying Identity Provider Details
Creating an Identity Provider
Modifying a SAML Identity Provider
Deleting a SAML Identity Provider
Creating an OpenID Connect Identity Provider Configuration
Modifying an OpenID Connect Identity Provider
Querying an OpenID Connect Identity Provider
Mappings
Listing Mappings
Querying Mapping Details
Registering a Mapping
Updating a Mapping
Deleting a Mapping
Protocols
Listing Protocols
Querying Protocol Details
Registering a Protocol
Updating a Protocol
Deleting a Protocol
Metadata
Querying a Metadata File
Querying the Metadata File of Keystone
Importing a Metadata File
Token
Obtaining an Unscoped Token (IdP Initiated)
Obtaining a Scoped Token
Obtaining a Token with an OpenID Connect ID Token
Obtaining an Unscoped Token with an OpenID Connect ID Token
Listing Accounts Accessible to Federated Users
Custom Identity Brokers
Obtaining a Login Token
Version Information Management
Querying the Version Information of Keystone APIs
Querying Information About Keystone API 3.0
Services and Endpoints
Listing Services
Querying Service Details
Querying the Service Catalog
Listing Endpoints
Querying Endpoint Details
Out-of-Date APIs
Querying User Groups Associated with an Enterprise Project
Querying the Permissions of a User Group Associated with an Enterprise Project
Granting Permissions to a User Group Associated with an Enterprise Project
Removing the Permissions of a User Group Associated with an Enterprise Project
Permissions and Actions
Permissions and Supported Actions
Actions
Appendix
Status Codes
Error Codes
Obtaining Account, IAM User, Group, Project, Region, and Agency Information
Change History
SDK Reference
SDK Overview
Best Practices
Recommendations for Using IAM
Assigning Permissions to O&M Personnel
Cross-Account Access Delegation and Resource Management
Agency Configuration
Authorizing IAM Users to Manage Resources of an Account
Configuring an Agency for an ECS
Cross-Region Permissions Assignment (Original Multi-Project Management)
Scenario
Procedure
FAQs
User Groups and Permissions Management
Why Can't I Find Permissions for a Cloud Service?
How Do I Grant Cloud Service Permissions in the Cloud Alliance Regions to IAM Users?
Why Permissions Granted to a User Do Not Take Effect?
How Can I Grant an IAM User Permissions to Place Orders But Disallow Order Payment?
IAM User Management
Why Does IAM User Login Fail?
How Do I Control IAM User Access to the Console?
Security Settings
How Do I Enable Login Verification?
How Do I Disable Login Verification?
How Do I Change the Verification Method for Performing Critical Operations?
How Do I Disable Operation Protection?
How Do I Bind a Virtual MFA Device?
How Do I Obtain a Virtual MFA Verification Code?
How Do I Unbind or Remove a Virtual MFA Device?
Why Does MFA Authentication Fail?
Why Am I Not Getting the Verification Code?
Why Is My Account Locked?
Why Doesn't My API Access Control Policy Take Effect?
Why Do I Still Need to Perform MFA During Login After Unbinding the Virtual MFA Device?
Passwords and Credentials
What Should I Do If I Forgot My Password?
How Do I Change My Password?
How Do I Obtain an Access Key (AK/SK)?
What Should I Do If I Have Forgotten My Access Key (AK/SK)?
What Are Temporary Security Credentials (AK/SK and Security Token)?
How Do I Obtain a Token with Security Administrator Permissions?
How Do I Obtain an Access Key (AK/SK) in the Cloud Alliance Regions?
Project Management
What Are the Differences Between IAM and Enterprise Management?
What Are the Differences Between IAM Projects and Enterprise Projects?
What Are the Differences Between IAM Users and Enterprise Member Accounts?
Agency Management
How Can I Obtain Permissions to Create an Agency?
Account Management
Why Does Account Login Fail?
What Are the Relationships Between a Huawei Cloud Account, HUAWEI ID, IAM User, and Federated User?
What Are the Possible Causes of a HUAWEI ID Upgrade Failure?
Can I Log In with My Huawei Cloud Account After Upgrading It to a HUAWEI ID?
Others
How Do I Obtain a User Token Using Postman?
Why Is the Field-Level Help Always Displayed?
How Do I Disable Autofill Password on Google Chrome?
Region and AZ
How Do I Apply for the Permissions to Access Resources in a Cloud Alliance Region Using My Huawei Cloud Account or HUAWEI ID?
Videos