Identity and Access Management
Identity and Access Management
Identity and Access Management
Identity and Access Management (New Edition)
All results for "
" in this service
Identity and Access Management
Identity and Access Management (New Edition)
All results for "
" in this service
Service Overview
What Is IAM?
Basic Concepts
Functions
How IAM Works
Personal Data Protection
Differences Between the Old and New IAM Consoles
IAM-based Permissions Management
Permissions Management Based on ABAC
Security
Shared Responsibilities
Authentication and Access Control
Identity Authentication
Access Control
Data Protection
IAM Side
User Side
Resilience
Audit and Monitoring
Certificates
Notes and Constraints
Getting Started
Before You Start
Creating a User Group and Assigning Permissions
Creating IAM Users and Logging In
User Guide
Before You Start
Logging In to Huawei Cloud
Identity
IAM Users
Overview
Creating an IAM User
Assigning Permissions to an IAM User
Logging In as an IAM User
Viewing or Modifying IAM User Information
Deleting an IAM User
Modifying Security Settings for an IAM User
Managing Access Keys for an IAM User
Checking Unused IAM Credentials
Multi-Factor Authentication
Overview
Virtual MFA Device
Security Key
User Group
Overview
Creating a User Group and Assigning Permissions
Adding Users to or Removing Users from a User Group
Deleting User Groups
Viewing or Modifying a User Group
Revoking Permissions of a User Group
Trust Agencies
Overview
Trust Agency Operations Management
Delegating Another Account for Resource Management
Overview
Creating a Trust Agency (by a Delegating Party)
Deleting or Modifying an Agency (by a Delegated Party)
(Optional) Managing Trust Agency Permissions to an IAM User (by a Delegated Party)
Switching the Role (by a Delegated Party)
Cloud Service Delegation
Granting IAM Users Permissions to Pass an Agency to a Cloud Service
Service-linked Agency
Confused Deputy Problem
Temporary Security Credentials
Overview
Obtaining Temporary Security Credentials
Using Temporary Security Credentials
Managing Permissions for Temporary Security Credentials
Granting Permission to Obtaining Temporary Security Credentials
Granting Permission to Generate Temporary Security Credentials
Disabling Permissions for Temporary Security Credentials
Monitoring Temporary Security Credentials
Using Bearer Tokens
IAM Resource Tags
Managing IAM User Tags
Managing Trust Agency Tags
Passing Session Tags
Permissions
Policies and Permissions
Basic Concepts About Permissions
Identity Policy Grammar
Using Tags to Control Access to Huawei Cloud Resources
Using Tags to Control Access to IAM Users and Trust Agencies
Accessing Resource Across Accounts
Forward Access Sessions
Example Custom Identity Policies
Identity Policies Management
Overview of Identity Policies
Identity Policy–based Authorization
Creating a Custom Identity Policy
Viewing Content of an Identity Policy
Attaching an Identity Policy to a Principal
Modifying or Deleting a Custom Identity Policy
Identity Policy Versions
Identity Policy Variables
Permissions Required for Accessing IAM Resources
Account Security Settings
Account Security Settings Overview
Password Policy
Login Authentication Policy
Access Analyzer
Setting Access Analyzers
Introducing Access Analyzer
Creating an External Access Analyzer
Creating an Unused Access Analyzer
Creating a Best Practice Compliance Analyzer
Viewing the Findings Overview
Managing the Access Analyzer
Viewing an Access Analyzer
Deleting an Access Analyzer
Adding, Modifying, or Deleting Tags for an Analyzer
Managing Findings
Reviewing Findings
Resolving Findings
Archiving Findings
Unarchiving Findings
Creating Archive Rules
Previewing Access
Previewing External Access in a Trust Agency
Setting a Delegated Administrator to Manage Analyzers
Configuring Message Notifications
Validating Policies
Validating a Custom Identity Policy
Access Analyzer Policy Check Reference
Checking New Access Granted by Policies
Viewing IAM Operation Records
IAM Operations Supported by CTS
Viewing CTS Traces in the Trace List
References
Using URNs to Identify Huawei Cloud Resources
Cloud Services for Using Identity Policies and Trust Agencies
Access Control Policies Supported by IAM
Policy Reference
JSON Element Reference
Policy Evaluation Logic
Policy Grammar
Global Condition Key
Actions, Resources, and Condition Keys
Quotas
Best Practices
Security Best Practices in IAM
Best Practices for the Root User
Assigning Permissions to O&M Personnel Using IAM
Delegating Permissions Across Accounts with Trust Agencies
Controlling Access to Resources Using Tags
API Reference
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
API
IAM
Managing IAM Users
Listing IAM Users
Creating an IAM User
Querying the Last Login Time of an IAM User
Querying IAM User Details
Modifying an IAM User
Deleting an IAM User
Managing Credentials
Querying the Last Usage Time of a Specified Permanent Access Key
Modifying a Specified Permanent Access Key
Deleting a Specified Permanent Access Key
Querying All Permanent Access Keys
Creating a Permanent Access Key
Changing the Login Password of an IAM User
Querying the Login Information of an IAM User
Creating the Login Information of an IAM User
Modifying the Login Information of an IAM User
Deleting the Login Information of an IAM User
Managing MFA Devices
Listing All Virtual MFA Devices
Enabling a Virtual MFA Device
Disabling a Virtual MFA Device
Creating a Virtual MFA Device
Deleting a Virtual MFA Device
Configuring Security Settings
Querying the Token Policy of an Account
Modifying the Token Policy of an Account
Querying the Account Password Policy
Modifying the Account Password Policy
Querying the Account Login Policy
Modifying the Account Login Policy
Managing User Groups
Listing Groups
Creating a Group
Querying Group Details
Modifying a Group
Deleting a Group
Adding an IAM User to a Group
Removing an IAM User from a Group
Managing Identity Policies
Querying All Identity Policies
Creating a Custom Identity Policy
Obtaining an Identity Policy Based on the Identity Policy ID
Deleting a Custom Identity Policy
Creating a Version for a Specified Identity Policy
Querying All Versions of a Specified Identity Policy
Querying the Version of a Specified Identity Policy
Deleting the Version of a Specified Identity Policy
Setting a Specified Identity Policy Version as the Default Version
Managing Permissions
Attaching an Identity Policy to an Agency or Trust Agency
Attaching an Identity Policy to a Group
Attaching an Identity Policy to an IAM User
Detaching an Identity Policy from an Agency or Trust Agency
Detaching an Identity Policy from a Group
Detaching an Identity Policy from an IAM User
Querying All Entities Attached to a Specified Identity Policy
Querying All Identity Policies Attached to a Specified Agency or Trust Agency
Querying All Identity Policies Attached to a Specified Group
Querying All Identity Policies Attached to a Specified IAM User
Querying the Authorization Summary
Querying the Authorization Summary of a Specified Service
Listing Registered Cloud Services
Obtaining All Service Principals
Managing Agencies and Trust Agencies
Creating a Service-linked Agency
Deleting a Service-linked Agency
Obtaining the Deletion Status of a Service-linked Agency
Listing Agencies and Trust Agencies Based on Specified Conditions
Creating a Trust Agency
Querying Agency or Trust Agency Details
Modifying a Trust Agency
Deleting a Trust Agency
Modifying the Trust Policy of a Trust Agency
Managing Account Functions
Obtaining the Summary of the Usage and Quota of IAM Entities in an Account
Obtaining the Function Status of an Account
Enabling or Disabling the Asymmetric Signature for an Account
Obtaining the Asymmetric Signature Switch Status of an Account
Managing Resource Tags
Adding Tags to IAM Resources
Deleting Some Tags of a Specified Resource
Obtaining All Tags of a Specified Resource
STS
Temporary security credentials
Obtaining a Temporary Security Credential Through an Agency or Trust Agency
Querying the Information of a Caller
Obtaining the Identity Information of a Caller
Querying the Authentication Result
Decoding the Authentication Failure Cause
Access Analyzer
Analyzers
Retrieving a List of Analyzers
Creating an Analyzer
Listing the Specified Analyzer
Deleting the Specified Analyzer
Updating the Configuration of an Analyzer
Starting Policy Scan for Specified Resources
Archive Rules
Creating an Archive Rule for the Specified Analyzer
Retrieving a List of Archive Rules Created for the Specified Analyzer
Retrieving Information About an Archive Rule
Deleting the Specified Archive Rule
Updating the Criteria and Values of the Specified Archive Rule
Applying Archiving Rules
Findings
Retrieving a List of Findings Generated by the Specified Analyzer
Updating the Status of the Specified Findings
Retrieving Information About the Specified Finding
Access Preview
Creating an Access Preview
Obtaining All Access Previews
Obtaining Access Preview Details
Obtaining Findings Generated for an Access Preview
Tags
Deleting Tags from the Specified Resource
Adding Tags to the Specified Resource
Policy Validation
Validating a Policy
Checking Whether a Policy Has New Access
Resource Analysis Configuration
Listing Resource Analysis Configurations
Creating the Resource Analysis Configuration
Deleting the Resource Analysis Configuration
Message Notification Configuration
Obtaining the Message Notification Configuration List
Creating a Message Notification Configuration
Obtaining a Message Notification Configuration
Updating a Message Notification Configuration
Deleting a Message Notification Configuration
Example Applications
Periodic Rotation of Access Keys
Security Auditing on Permissions of IAM Users
Permissions and Supported Actions
Permissions and Supported Actions
IAM Identity Policy-based Authorization Reference
STS Identity Policy-based Authorization Reference
IAM Access Analyzer Identity Policy-based Authorization Reference
Appendix
Status Codes
Error Codes
FAQs
Permissions Management
What Can I Do If I Cannot Find a Specific Service in a Custom Identity Policy or Cannot Find a System-defined Identity Policy for a Specific Service During Authorization?
How Do I Grant Cloud Service Permissions in the EU-Dublin Region to IAM Users?
Why Have Permissions Granted to a User Not Been Applied?
How Can I Grant an IAM User Permissions to Place Orders But Disallow Order Payment?
What Can I Do If I Cannot Find the Action in an Error Message During Policy-based Authorization?
How Are Identity Policies Compatible with Policies?
What Can I Do If I Cannot Find the Action in an Error Message During Enterprise Project Authorization?
Why Can Users with Permissions to View Resources in an Enterprise Project View All Resources of the Account?
What Should I Do If Permissions Are Not Working as Expected When "NotAction" Is Used in an Identity Policy?
Which Cloud Services Support the Global Condition Key G:CalledVia?
How Do I Handle Access Denied by Identity Policies?
IAM User Management
Why Does IAM User Login Fail?
How Do I Control IAM User Access to the Console?
Security Settings
How Do I Enable Login Authentication?
How Do I Disable Login Authentication?
How Do I Bind a Virtual MFA Device?
How Do I Obtain a Virtual MFA Verification Code?
How Do I Unbind a Virtual MFA Device?
What Should I Do If My MFA Device Is Lost?
Why Does MFA Authentication Fail?
Why Am I Not Getting the Verification Code?
Why Is My Account Locked?
What Can I Do If the System Displays a Message Indicating that the MFA Device Already Exists When I Attempt to Add It?
Passwords and Credentials
What Should I Do If I Forgot My Password?
How Do I Change My Password?
How Do I Obtain an Access Key (AK/SK)?
What Should I Do If I Have Forgotten My Access Key (AK/SK)?
Why Can't I Add a Security Key Device?
How Do I Obtain an Access Key (AK/SK) in the EU-Dublin Region?
How Do I Disable Tokens and Only Use Identity Policy-based Authentication?
Agency Management
How Can I Obtain Permissions to Create a Trust Agency?
What Can I Do If I Cannot Access the Consoles and APIs of Some Cloud Services After I Switch to a Trust Agency?
Account Management
Why Does Account Login Fail?
What Are the Relationships Between a Huawei Cloud Account, HUAWEI ID, IAM User, and Federated User?
What Are the Possible Causes of a HUAWEI ID Upgrade Failure?
Can I Log In with My Huawei Cloud Account After Upgrading It to a HUAWEI ID?
What Can I Do If the Account Root User Does Not Have Permissions?
General Reference
Glossary
Service Level Agreement
White Papers
Endpoints
Permissions