Notes and Constraints
This section describes notes and constraints on using IAM.
Quotas
You can log in to the console and view your default quotas by referring to How Do I View My Quotas? You can submit a service ticket to increase your quotas if needed.
Category |
Item |
Quota |
Adjustable |
---|---|---|---|
User |
IAM users |
50 |
Yes Submit a service ticket to request for increasing the quota. |
Characters allowed in a username |
64 |
No |
|
Groups that a user can be added to |
10 |
No |
|
AK/SK pairs that a user can create |
2 |
No |
|
Virtual MFA devices that can be associated with a user |
1 |
No |
|
Permissions (including system-defined permissions and custom policies) that can be assigned to a user for enterprise projects |
500 |
Yes Submit a service ticket to request for increasing the quota. |
|
User group |
User groups |
20 |
Yes Submit a service ticket to request for increasing the quota. |
Characters allowed in a user group name |
128 |
No |
|
Users that can be added to a user group |
IAM users in an account |
No |
|
Permissions (including system-defined permissions and custom policies) that can be assigned to a user group for IAM projects |
200 |
Yes Submit a service ticket to request for increasing the quota. |
|
Permissions (including system-defined permissions and custom policies) that can be assigned to a user group for enterprise projects |
500 |
Yes Submit a service ticket to request for increasing the quota. |
|
Project |
Subprojects in each region |
10 |
Yes Submit a service ticket to request for increasing the quota. |
Policy |
Characters allowed in a policy name |
128 |
No |
Custom policy |
Custom policies |
200 |
Yes Submit a service ticket to request for increasing the quota. |
Characters per policy |
6,144 |
No |
|
Statements per policy |
Unlimited |
No |
|
Actions per statement |
Unlimited |
No |
|
Resources per statement |
Unlimited |
No |
|
Conditions per statement |
Unlimited |
No |
|
Agency |
Agencies |
50 |
Yes Submit a service ticket to request for increasing the quota. |
Characters allowed in an agency name |
64 |
No |
|
Permissions (including system-defined permissions and custom policies) that can be assigned to an agency |
200 |
Yes Submit a service ticket to request for increasing the quota. |
|
Identity provider |
Identity providers |
10 |
Yes Submit a service ticket to request for increasing the quota. |
Characters allowed in an identity provider name |
64 |
No |
|
Mapping rules of all identity providers in an account |
10 |
Yes Submit a service ticket to request for increasing the quota. |
|
User groups associated with a federated virtual user |
100 |
No |
|
Characters allowed in a federated virtual user name |
255 |
No |
Naming Rules
Item |
Description |
---|---|
Username |
|
User group name |
|
Name of a custom policy |
|
Project name |
|
Agency name |
A maximum of 64 characters. |
Identity provider name |
|
Operation Constraints
Scenario |
Item |
Description |
---|---|---|
Creating IAM users |
IAM users that can be created at a time |
A maximum of 10 users can be created at a time. |
IAM username |
A new username must be different from existing IAM usernames. |
|
Mobile number and email address |
A mobile number or an email address can be bound only to one account or IAM user. |
|
IAM user password |
An IAM user password cannot be the username or the username spelled backwards. For example, if the username is A12345, the password cannot be A12345, a12345, 54321A, or 54321a. |
|
Creating custom policies |
Policy content |
|
Creating agencies |
Delegated account |
The delegated account can only be an account, rather than an IAM user or a federated user. |
Configuring security settings |
Critical operations |
|
Login authentication policy |
|
|
Password policy |
|
|
ACL |
|
|
Creating projects |
/ |
|
Deleting projects |
/ |
Preset projects cannot be deleted. Before deleting a project, submit a service ticket for technical consultation. |
Accessing Huawei Cloud as a federated user |
Federated user login modes |
IAM supports two types of identity federation:
|
Critical operation protection |
Federated users do not need to perform a 2-step verification when performing critical operations even though login protection or operation protection is enabled. |
|
Permanent access key (AK/SK) |
Federated users cannot create access keys with unlimited validity, but they can obtain temporary access credentials (access keys and security tokens) using user or agency tokens. For details, see Obtaining Temporary Access Keys and Security Tokens of an IAM User. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot