Help Center/ CloudPond/ Service Overview/ Security/ Identity Authentication and Access Control/ Access Control for CloudPond
Updated on 2025-05-20 GMT+08:00
View PDF
Share

Access Control for CloudPond

Access Control

You can create IAM users to grant minimum permissions required for completing specific tasks, and periodically review the granted permissions. For details, see IAM Best Practices.

Enterprise Project

You can group, manage, and isolate resources by project or enterprise project to control resource access and manage permissions by organization like enterprise, department, or project team.

Enterprise projects are used to categorize and manage multiple resources. Resources in different regions can belong to one enterprise project. You can classify resources by department or project group and put related resources into one enterprise project for management. Resources can be moved between enterprise projects.

An enterprise project can be managed by one or more user groups. Users who manage enterprise projects belong to user groups. You can authorize a user group by applying policies to it. Then users inherit permissions defined by the policies.

For details about how to create an enterprise project and assign permissions, see Enterprise Project.

Communication Security

O&M and service connectivity between edge sites and the cloud is secured as follows:

  • O&M connectivity: CloudPond provides a built-in Virtual Private Network (VPN) for ensuring secure transmission of O&M data and management data over the network.
  • Service connectivity: Service data is securely transmitted between CloudPond sites and the cloud over the VPC.

CloudPond Infrastructure Security

Huawei Cloud is committed to building a trusted cloud platform. CloudPond inherits all security specifications of Huawei Cloud. For details, see the Huawei Cloud Security White Paper.

  • CloudPond adopts strict security isolation policies at both the user and platform layers. Huawei Cloud provides 24/7 security monitoring and operation services as well as the O&M of the CloudPond platform.
  • Host Security Service (HSS) is used to periodically scan for vulnerabilities, and patches are installed in a timely manner based on the Service Level Agreement (SLA) to fix vulnerabilities.
  • Huawei Cloud manages CloudPond account permissions in a centralized manner and changes access keys for each account periodically to prevent unauthorized access.