Viewing or Modifying IAM User Information
As an administrator, you can modify the basic information about an IAM user, change the security settings of the user and the groups which the user belongs to, and view or delete the assigned permissions. To view or modify user information, click Security Settings in the row containing the IAM user.
To adjust the item columns displayed on the list, click . The Username, Status, and Operation columns are displayed by default. You can also select Description, Last Login, Created, Access Type, Login Authentication, Virtual MFA Status, Password Age, Access Key (Status, Age, and AK), and External Identity ID.
Basic Information
You can view the basic information of each IAM user. The username, user ID, and creation time cannot be modified.
- Status: New IAM users are enabled by default. You can set Status to Disabled to disable an IAM user. A disabled user is no longer able to log in to Huawei Cloud through the management console or programmatic access.
- Access Type: You can change the access type of the IAM user.
- Pay attention to the following when you set the access type of an IAM user:
- If the user accesses cloud services only by using the management console, specify the access type as Management console access and the credential type as Password.
- If the user accesses cloud services only through programmatic calls, specify the access type as Programmatic access and the credential type as Access key.
- If the user needs to use a password as the credential for programmatic access to certain APIs, specify the access type as Programmatic access and the credential type as Password.
- If the user needs to perform access key verification when using certain services in the console, such as creating a data migration job in the Cloud Data Migration (CDM) console, specify the access type as Programmatic access and Management console access and the credential type as Access Key and Password.
- If the access type of the user is Programmatic access or both Programmatic access and Management console access, deselecting Programmatic access will restrict the user's access to cloud services. Exercise caution when performing this operation.
- Pay attention to the following when you set the access type of an IAM user:
- Description: You can modify the description of the IAM user.
- External Identity ID: Identifies an enterprise user in federated login using SSO.
User Groups
An IAM user inherits permissions from the groups which the user belongs to. You can change the permissions assigned for an IAM user by changing the groups which the user belongs to. To modify the permissions of a user group, see Viewing or Modifying User Group Information.
Your account belongs to the default group admin, which cannot be changed.
- Click Add to User Group, and select one or more groups which the user will belong to. The user then inherits permissions of these groups.
Figure 3 Adding the user to a user group
- Click Remove on the right of a user group and click Yes. The user no longer has the permissions assigned to the group.
Figure 4 Removing the user from a user group
Security Settings
As an administrator, you can modify the MFA device, login credential, login protection, and access keys of an IAM user on this page. If you are an IAM user and need to change your mobile number, email address, or virtual MFA device, see Security Settings Overview.
- MFA Authentication: You can change the multi-factor authentication (MFA) settings of an IAM user on the Security Settings page.
- Change the mobile number or email address of the user.
The mobile number and email address of the IAM user cannot be the same as those of your account or other IAM users.
- Remove the virtual MFA device from the user. For more information about MFA authentication and virtual MFA device, see MFA Authentication and Virtual MFA Device.
- Change the mobile number or email address of the user.
- Login Credentials: You can change the login password of the IAM user. For more information, see Changing the Login Password of an IAM User.
- Login Protection: You can change the login verification method of the IAM user. Three verification methods are available: virtual MFA device, SMS, and email.
This option is disabled by default. If you enable this option, the user will need to enter a verification code in addition to the username and password when logging in to the console.
- Access Keys: You can manage access keys of the IAM user. For more information, see Managing Access Keys for an IAM User.
Permissions
You can view or delete permissions of IAM users. To modify permissions of IAM users, see User Groups.
To view all authorization records under your account, see Authorization Records.
Deleting the permissions of an IAM user will delete the permissions assigned to the group which the user belongs to. All users in the group will no longer have the permissions. Exercise caution when performing this operation.
Batch Modifying IAM User Information
IAM allows you to batch modify the status, access type, and verification method of IAM users. The following describes how to batch modify the status of IAM users. The methods of modifying other information about users are similar to this method.
- Log in to the IAM console. In the navigation pane, choose Users.
- In the user list, select the users whose information you want to modify, and click Modify above the user list.
Figure 7 Modifying user information
- Select the attribute you want to modify. In this example, select Status from the drop-down list.
Figure 8 Selecting the status attribute
- Select the target status to be configured for the selected IAM users.
Figure 9 Selecting the target status
Make sure that this user is no longer in use. Disabling an active user may affect services.
- Click OK.
- In the displayed dialog box, click OK to confirm the change.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.