- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Common Operations
- Instance
- Image
-
Disk
- Disk Types
- Attaching Data Disks
-
Initializing Data Disks
- Introduction to Data Disk Initialization Scenarios and Partition Styles
- Initializing a Windows Data Disk (Windows Server 2016)
- Initializing a Linux Data Disk (fdisk)
- Initializing a Linux Data Disk (parted)
- Initializing a Windows Data Disk Greater Than 2 TB (Windows Server 2012)
- Initializing a Linux Data Disk Greater Than 2 TB (parted)
- Detaching a Disk
- Expanding Disk Capacity
- Key Pair and Password
-
Network
- EIP
- VPC
- High-Speed Network
-
Enhanced High-Speed Network
- Overview
- Adding an Enhanced High-Speed NIC
- Deleting an Enhanced High-Speed NIC
- Configuring an Enhanced High-Speed NIC (SUSE Linux Enterprise Server 12)
- Configuring an Enhanced High-Speed NIC (SUSE Linux Enterprise Server 11)
- Configuring an Enhanced High-Speed NIC (Red Hat, CentOS, Oracle Linux, and EulerOS)
- Configuring an Enhanced High-Speed NIC (Ubuntu)
- Configuring an Enhanced High-Speed NIC (Windows Server)
-
User-defined VLAN
- Overview
- Configuring a User-defined VLAN (SUSE Linux Enterprise Server 12)
- Configuring a User-defined VLAN (SUSE Linux Enterprise Server 11)
- Configuring a User-defined VLAN (Red Hat, CentOS, Oracle Linux, and EulerOS)
- Configuring a User-defined VLAN (Ubuntu)
- Configuring a User-defined VLAN (Windows Server)
- IB Network
- Security
- Permissions Management
- Resources and Tags
- Server Monitoring
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- BMS APIs
- Examples
- Public Parameters
- Permissions and Supported Actions
-
Historical APIs
- API Instructions (OpenStack Nova APIs)
- API Version Query (OpenStack Nova APIs)
- BMS Lifecycle Management (OpenStack Nova APIs)
- BMS Status Management (OpenStack Nova APIs)
- BMS Metadata Management (OpenStack Nova APIs)
- BMS IP Address Query (OpenStack Nova APIs)
- BMS Flavor Query (OpenStack Nova APIs)
- BMS NIC Management (OpenStack Nova APIs)
- BMS Disk Management (OpenStack Nova APIs)
- BMS 1D Tag Management (OpenStack Nova APIs)
- Appendix
- Change History
- SDK Reference
-
Private Image Creation Guide
- Overview
- Preparing the Environment
-
Linux
- Software
- Tools
- Creating a Linux VM
- Installing a Linux OS on the VM
- Modifying the Boot File (UEFI Boot Mode)
-
Configuring the VM Environment
- Overview
- (Optional) Installing Basic Components
- Configuring the Network
- Configuring systemd Timeout Parameters
- Disabling the Firewall
- (Optional) Upgrading Wicked Components
- (Optional) Disabling NetworkManager
- (Optional) Deleting the Network Management Tool Plug-in
- (Optional) Deleting the Local User
- (Optional) Modifying DHCP Configuration Items
- (Optional) Configuring the GRUB Timeout
- Setting the Maximum Number of Handles to 65535.
- Upload Required Software Packages
- Installing Cloud-Init
- Configuring Cloud-Init
- Checking the Cloud-Init Status
- Modifying the Hardware Device Drivers That Boot the OS
- Installing bms-network-config
- Installing the Network Service
- Installing the SDI Driver
- Installing the Hi1822 Driver
- (Optional) Installing the IB driver
- Installing FusionServer/TaiShanServer iDrivers
- (Optional) Installing the Multipath Software
- Installing the One-Click Password Reset Plug-in
-
Performing Security Configuration
- Modifying SSH Configuration Items
- (Optional) Modifying the Network Script Permission
- (Optional) Modifying the /etc/motd Configuration Item
- Modifying Historical Record Configuration Items
- Optimizing the udev Configuration
- Optimizing SELinux
- Uninstalling denyhosts
- (Optional) Setting Automatic Hostname Update
- (Optional) Installing Common O&M Tools
- (Optional) Setting the Password Validity Period
-
Configuring Remote Login to a BMS
- x86: Oracle Linux 7.3/Oracle Linux 7.4/Red Hat 7/CentOS 7.2/CentOS 7.4/CentOS 7.5/CentOS 7.6
- x86: Oracle Linux 6 series/Red Hat 6 series/CentOS 6
- x86: SUSE 11 SP4
- ARM: CentOS 7
- x86: SUSE 12/SUSE 15/CentOS 7.3/EulerOS/OpenEuler/Oracle Linux 7.2
- ARM: EulerOS/OpenEuler
- x86: Ubuntu 16.04/Ubuntu 18.04
- Arm: Ubuntu 16.04/Ubuntu 18.04
- x86: Ubuntu 14.04/Debian
- Configuring the Root Partition to Be Automatically Extended
- Installing and Upgrading Drivers and Firmware for Ascend BMSs
- Deleting Files
-
Windows
- Preparing Hardware and Software
- (Optional) Installing x86 V5 Server Drivers
- Using Dism++ to Install the VMTools Driver for an ISO File
- Generating a New ISO File
- Creating a Windows VM
- Configuring the VM Environment
- Installing Cloudbase-Init
- (Optional) Installing bms-network-config
- (Optional) Installing the SDI Driver
- (Optional) Installing One-Click Password Reset Plug-in
- Setting the Windows Time Zone
- Setting the Windows Virtual Memory
- (Optional) Configuring Automatic Windows Update
- Configuring the SID
- Stopping the VM and Obtaining the Image
- Converting the Image Format
-
FAQ
- What Can I Do If Packets from the VLAN Subinterface of bond0 of a Linux BMS Use the MAC Address of bond0 as the Source MAC Address?
- What Can I Do If IP Links Are Disconnected Due to the Incorrect Bond Port Mode Configured by the Wicked Module of SUSE 12 SP1?
- How Do I Set the BMS CPU Frequency Governor?
- What Do I Do If Cloudbase-Init Is Stopped on a Provisioned Windows BMS?
- What Can I Do If Data Cannot Be Injected into BMSs Due to cloud-init-local Failures?
- How Do I Activate a Windows BMS?
- How Do I Improve the UDP Packet Performance for x86 EulerOS 2.3?
- How Do I Verify Software Package Integrity?
- How Do I Check Whether a Physical Server Is Running Properly?
- Appendix
- Change History
-
FAQs
-
General FAQ
- What Restrictions Are There on BMS Use?
- How Are BMSs Different from ECSs?
- What Are the Differences Between BMSs and Traditional Physical Servers?
- What Are the Differences Between BMS and Dedicated Host (DeH)?
- How Do BMSs Ensure Data Security?
- Can I Use APIs to Access BMSs?
- What OS Images Does BMS Support?
- Will Services Be Affected If Hyper-Threading Is Configured for BMS?
- How Do I View and Increase the BMS Quota?
- How Do I Synchronize the Time of a BMS?
-
Instance FAQ
- How Long Does It Take to Create a BMS?
- What Do I Do If I Can't Find My BMS on the Management Console?
- How Can I Obtain board_type of a BMS Flavor?
- Why Is the BMS Creation Task Displayed as Failed But the BMS List Shows the BMS?
- How Do I Create a BMS That Can be Quickly Provisioned?
- What Are the Advanced Features of BMSs Using EVS Disks?
- Can I Transfer a BMS to Another Account?
- Is the BMS Host Name with Suffix novalocal Normal?
- Why Does the System Display a Message Indicating That the BMS Cannot Be Deleted?
- How Do I Monitor BMS Metrics?
- How Do I Create an Agency for Server Monitoring of the BMS?
-
Billing FAQ
- Where Can I Query the BMS Price?
- What Are Pre-payment and Post-payment? How Do I Choose Between Them?
- What Is the Impact on Billing if I Unsubscribe from a BMS?
- How Do I Set Automatic Renewal for BMSs Billed on a Yearly/Monthly Basis?
- When Will a BMS Be Released After It Expires?
- How Do I Unfreeze a BMS?
- Key Pair and Password FAQ
-
Login FAQ
- How Do I Prepare to Log In to a BMS?
- What Can I Do If I Selected the Key Pair Authentication When I Created a BMS But Want to Log In to the BMS Using a Password?
- What Do I Do If I Can't Log In to a Windows BMS?
- What Do I Do If I Can't Log In to a Linux BMS?
- What Browser Versions Can Be Used to Remotely Log In to a BMS?
- What Do I Do If the Login Page Does Not Respond?
- What Do I Do If the BMS Console Is Displayed Improperly After I Remotely Log In to a BMS?
- What Do I Do If the Numeric Keypad Does Not Work During Remote Login?
- What Do I Do If the SSH Login or Data Transmission Is Slow?
-
Network and Security FAQ
- Can BMSs of Different Accounts Communicate with Each Other over an Internal Network?
- How Do Two BMSs in the Same Region But in Different AZs Communicate with Each Other?
- Are My BMSs in the Same Subnet?
- Can I Associate a BMS with Multiple Security Groups?
- Can BMSs Communicate with ECSs in the Same VPC?
- What Are the Differences Between the Primary and Extension NICs of BMSs?
- Can I Bind Multiple EIPs to a BMS?
- Can I Configure an EIP?
- Will I Obtain an EIP That Has Been Released?
- What Are the Differences Between EIPs, Private IP Addresses, and Virtual IP Addresses?
- How Can I Modify the Network Configuration or Restart the Network If I Can Log In to a BMS Using Only SSH?
- How Do I Handle the Failure to Ping a CentOS 7 Extension NIC?
- What Do I Do If a Service Port Is Used by a One-Click Password Reset Plug-in?
- What Do I Do If the Communication Between the Primary NIC and Extension NIC of the BMS is Abnormal?
- How Can I Configure a Static IP Address for a BMS?
- What Do I Do If the Network Performance Is Poor When 128 Ethernet Network Devices Are Bound to a BMS?
-
Disk FAQ
- Can EVS Disks Be Attached to BMSs? How Many Data Disks Can Be Attached to a BMS?
- What Are the Restrictions for Attaching a Disk to a BMS?
- How Do I Know Whether EVS Disks Are Available in a Flavor?
- How Do I Change the Disk Identifier in the fstab file to UUID?
- How Do I Obtain the Drive Letter of an EVS Disk?
- Are the EVS Disk Device Names on the Console and the Device Names in BMS OSs Consistent?
- Why Is the EVS Disk Size Not Updated in the BMS OS After the EVS Disk Capacity Has Been Expanded?
- How Can I Restore System Disk Data Using the Snapshot?
- What Do I Do to Prevent Risks of Attaching or Detaching the System Disk?
- How Do I Select Storage?
- Why Is the Disk Capacity Displayed in the BMS OS Less Than That Displayed on the Official Website?
-
OS FAQ
- Can I Install or Upgrade BMS OSs by Myself?
- Can I Change the OS of a BMS?
- Is a GUI Provided for BMS OSs?
- Is an Upload Tool Delivered with BMS OSs?
- Does the Public Image Used to Create a BMS Have a Swap Partition?
- How Do I Configure the Static Host Name of a BMS?
- How Do I Set the Password Validity Period?
- How Do I Set SSH Configuration Items?
- How Can I Handle the Eight-Hour Difference Between the Windows BMS and Local Time
- How Do I Change the SID of a Windows Server 2012 BMS?
- How Do I Change the Kernel Version of CentOS 7 BMSs?
- How Do I Reserve Log Space If the Root Partition Automatically Expands Disks?
- How Do I Roll Back the Kernel Version If I Mistakenly Upgrade the Kernel?
- How Do I Increase the Swap Partition Size?
- How Do I Increase the Size of the Root Partition of a BMS Which Is Quickly Provisioned?
- Common Linux Commands
- How Do I Update the Disk Metadata After the LVM Volume Is Remounted?
- How Do I Handle a Network Failure After Services Are Switched from a Windows BMS Booted from an EVS Disk to an HA BMS?
-
General FAQ
-
Troubleshooting
- What Do I Do If I Cannot Log In to My BMS or the BMS EVS Disk Is Lost After the BMS Is Started or Restarted?
- What Do I Do If a Key Pair Created Using PuTTYgen Cannot Be Imported to the Management Console?
- What Do I Do If Disks Cannot Be Attached to a BMS That Restarts Abnormally?
- What Do I Do If an EVS Disk Attached to a Windows BMS Is in Offline State?
- Video
-
More Documents
-
User Guide (Paris Region)
- Overview
- Getting Started
- Instance
- Image
-
Disk
- Attaching Data Disks
-
Initializing Data Disks
- Introduction to Data Disk Initialization Scenarios and Partition Styles
- Initializing a Windows Data Disk (Windows Server 2016)
- Initializing a Linux Data Disk (fdisk)
- Initializing a Linux Data Disk (parted)
- Initializing a Windows Data Disk Greater Than 2 TB (Windows Server 2012)
- Initializing a Linux Data Disk Greater Than 2 TB (parted)
- Detaching a Disk
- Expanding Disk Capacity
- Key Pair and Password
-
Network
- EIP
- VPC
- High-Speed Network
-
User-defined VLAN
- Overview
- Configuring a User-defined VLAN (SUSE Linux Enterprise Server 12)
- Configuring a User-defined VLAN (SUSE Linux Enterprise Server 11)
- Configuring a User-defined VLAN (Red Hat, CentOS, Oracle Linux, and EulerOS)
- Configuring a User-defined VLAN (Ubuntu)
- Configuring a User-defined VLAN (Windows Server)
- IB Network
- Security
- Server Monitoring
-
Troubleshooting
- What Do I Do If I Cannot Log In to My BMS or the BMS EVS Disk Is Lost After the BMS Is Started or Restarted?
- What Do I Do If a Key Pair Created Using PuTTYgen Cannot Be Imported to the Management Console?
- What Do I Do If Disks Cannot Be Attached to a BMS That Restarts Abnormally?
- What Do I Do If an EVS Disk Attached to a Windows BMS Is in Offline State?
-
FAQs
- General FAQs
-
Instance FAQs
- How Long Does It Take to Create a BMS?
- Why Is Failed Displayed for a BMS Application Task But the BMS List Shows the Obtained BMS?
- How Can I Quickly Provision BMSs Using EVS Disks?
- What Are the Advanced Features of BMSs Using EVS Disks?
- Is the BMS Host Name with Suffix novalocal Normal?
- How Can I Check the BMS Monitoring Status?
- How Do I Create an Agency for Server Monitoring of the BMS?
- Login FAQs
-
Network and Security FAQs
- Can BMSs of Different Accounts Communicate with Each Other over an Internal Network?
- How Do Two BMSs in the Same Region But Different AZs Communicate with Each Other?
- Are My BMSs in the Same Subnet?
- Can BMSs Communicate with ECSs in the Same VPC?
- Can Multiple EIPs Be Bound to a BMS?
- Can I Configure the EIP?
- How Can I Modify the Network Configuration or Restart the Network If I Can Log In to a BMS Using Only SSH?
- What Do I Do If the Communication Between the Primary NIC and Extension NIC of the BMS is Abnormal?
- How Can I Configure a Static IP Address for a BMS?
- How Do I Configure the DNS Server?
-
Disk FAQs
- Can EVS Disks Be Attached to BMSs?
- What Are the Restrictions for Attaching a Disk to a BMS?
- How Do I Change the Disk Identifier in the fstab file to UUID?
- How Do I Obtain the Drive Letter of an EVS Disk?
- Are the EVS Disk Device Names on the Console and the Device Names in BMS OSs Consistent?
- Why Is the EVS Disk Size Not Updated in the BMS OS After the EVS Disk Capacity Has Been Expanded?
- How Can I Restore System Disk Data Using the Snapshot?
- What Do I Do to Prevent Risks of Attaching or Detaching the System Disk?
- How Should I Select Storage?
- Why Is the Disk Capacity Displayed in the BMS OS Less Than That Displayed on the Official Website?
-
OS FAQs
- Can I Install or Upgrade BMS OSs by Myself?
- Can the BMS OS Be Replaced?
- Is a GUI Provided for BMS OSs?
- Is an Upload Tool Delivered with BMS OSs?
- How Do I Configure the Static Host Name of a BMS?
- How Do I Set the Password Validity Period?
- How Do I Set SSH Configuration Items?
- How Can I Handle the Eight-Hour Difference Between the Windows BMS and Local Time
- How Can I Activate a Windows BMS?
- How Do I Change the SID of a Windows Server 2012 BMS?
- How Do I Reserve Log Space If the Root Partition Automatically Expands Disks?
- How Do I Roll Back the Kernel Version If I Mistakenly Upgrade the Kernel?
- How Do I Increase the Swap Partition Size?
- Change History
-
API Reference (Paris Region)
- Before You Start
- API Overview
- Calling APIs
- BMS APIs
- Native OpenStack Nova V2.1 APIs
- Public Parameters
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
User Guide (Paris Region)
- General Reference
Copied.
Permissions
Background
If you need to assign different permissions to personnel in your enterprise to access your BMSs, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you to securely access your Huawei Cloud resources.
With IAM, you can create IAM users and assign permissions to control their access to specific resources. For example, if you want some software developers in your enterprise to use BMSs but do not want them to delete BMSs or perform any other high-risk operations, you can create IAM users and grant permission to use BMSs but not permission to delete them.
If your Huawei Cloud account does not require individual IAM users for permissions management, you can skip this section.
IAM is a free service. You only pay for the resources in your account.
For more information, see IAM Service Overview.
BMS Permissions
New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
BMS is a project-level service deployed for specific regions. When you set Scope to Region-specific projects and select the specified projects (for example, ap-southeast-2) in the specified regions (for example, AP-Bangkok), the users only have permissions for BMSs in the selected projects. If you set Scope to All resources, users have permissions for BMSs in all region-specific projects. When accessing BMSs, the users need to switch to the authorized region.
You can grant user permissions by using roles and policies.
- Roles: A coarse-grained authorization strategy provided by IAM to assign permissions based on users' job responsibilities. Only a limited number of service-level roles are available for authorization. Huawei Cloud services depend on each other. When you grant permissions using roles, you also need to attach any existing role dependencies. Roles are not ideal for fine-grained authorization and least privilege access.
- Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access. For example, you can grant users only permission to manage BMSs of a certain type. A majority of fine-grained policies contain permissions for specific APIs. For the API actions supported by BMS, see Permissions and Supported Actions.
Table 1 lists all the system-defined permissions for BMS.
Role/Policy Name |
Description |
Type |
---|---|---|
BMS FullAccess |
Administrator permissions for BMS. Users with these permissions can perform all operations on BMSs. |
System-defined policy |
BMS CommonOperations |
Common user permissions for BMS. Users with these permissions can start, stop, restart, and query BMSs. |
System-defined policy |
BMS ReadOnlyAccess |
Read-only permissions for BMS. Users with these permissions can only view BMS data. |
System-defined policy |
Table 2 lists the common operations supported by system-defined permissions for BMS.
Operation |
BMS FullAccess |
BMS CommonOperations |
BMS ReadOnlyAccess |
---|---|---|---|
Creating BMSs |
√ |
x |
x |
Querying BMSs |
√ |
√ |
√ |
Querying BMS details |
√ |
√ |
√ |
Changing the name of a BMS |
√ |
x |
x |
Starting a BMS |
√ |
√ |
x |
Stopping a BMS |
√ |
√ |
x |
Restarting a BMS |
√ |
√ |
x |
Attaching a data disk to a BMS |
√ |
√ |
x |
Detaching a data disk from a BMS |
√ |
√ |
x |
Reinstalling a BMS OS |
√ |
x |
x |
Resetting a BMS password with a few clicks |
√ |
x |
x |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot