Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ API Reference/ Before You Start
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Before You Start

Welcome to Identity and Access Management (IAM). IAM provides identity authentication, permissions management, and access control. With IAM, you can create and manage users and grant them permissions to allow or deny their access to cloud resources.

IAM supports the console access and programmatic access (API access). This document describes how to use APIs to perform operations on IAM, such as creating users and user groups. Before calling IAM APIs, ensure that you have understood the basic concepts of this service. For details, see the Identity and Access Management Service Overview.

Basic Concepts

  • Account

    An account is created upon successful registration with Huawei Cloud. The account has full access permissions for all of its cloud services and resources. It can be used to reset user passwords and grant user permissions. The account is a payment entity and should not be used directly to perform routine management. For security purposes, create IAM users and grant them permissions for routine management.

  • IAM user

    An IAM user is created using an account to use cloud services. Each IAM user has their own identity credentials (password and access keys).

    An IAM user can view the account ID and IAM user ID on the page of the console.

  • Region

    Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified into universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides specific services for specific tenants.

  • AZ

    An AZ contains one or more physical data centers. Each AZ has independent cooling, fire extinguishing, moisture-proof, and electricity facilities. Within an AZ, computing, network, storage, and other resources are logically divided into multiple clusters. AZs within a region are interconnected by optical fibers for high-availability networking.