Updated on 2025-09-23 GMT+08:00

Functions

IAM provides a variety of functions for you to secure access to your resources.

Refined Permissions Management

You can grant IAM users permissions to manage different resources in your account. As shown in the following figure, you can grant Charlie permission to manage Virtual Private Cloud (VPC) resources in project B, and only grant James permission to view VPC resources in project B.
Figure 1 Permissions management model

Secure Access

Instead of sharing your password with others, you can create IAM users for employees or applications in your organization. Then, you generate identity credentials for them to securely access specific resources based on assigned permissions.

Critical Operation Protection

IAM provides login protection and critical operation protection, making your account and resources more secure. When you or the users of your account log in to the console or perform a critical operation, you all need to complete authentication by email, SMS, or virtual MFA device.

User Group–based Permissions Assignment

With IAM, you do not need to assign permissions to single users. Instead, you can manage users by group and assign permissions to the specified group. Each user then inherits permissions from their groups. To change the permissions of a user, you can remove the user from the original groups or add the user to other groups.

Project-based Resource Isolation

You can create subprojects in a region to isolate resources in that region.

Federated Identity Authentication

Enterprises with identity authentication systems can access Huawei Cloud through single sign-on (SSO), eliminating the need to create users on Huawei Cloud.

Resource Management Delegation

You can delegate more professional, efficient accounts or other cloud services to manage specific resources in your account.

Account Security Settings

Login authentication and password policies and access control list (ACL) improve security of user information and system data.

Eventual Consistency

IAM does not apply your operations immediately, such as creating users and user groups and assigning permissions. It takes time to replicate data across different servers in Huawei Cloud's data centers around the world. Do not perform any other operations until IAM has applied the operations you just made.