Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ Service Overview/ Functions
Updated on 2025-11-06 GMT+08:00
View PDF
Share

Functions

IAM provides a variety of functions for you to secure access to your resources.

IAM ensures eventual consistency for its functionalities. Operations performed within IAM, such as creating users and user groups or granting authorizations to these entities, might experience delayed effects due to data replication across various servers in data centers of Huawei Cloud, facilitating multi-region data sync. It is advisable to verify that any committed policy changes have been effectively implemented prior to proceeding with further actions.

Refined Permissions Management

You can grant IAM users permissions to manage different resources in your account.

Secure Access

You can create IAM users for employees or applications in your organization and generate identity credentials for them to securely access specific resources based on assigned permissions.

User Group–based Permissions Assignment

With IAM, you do not need to assign permissions to single users. Instead, you can manage users by group and assign permissions to the specified group. Each user then inherits permissions from their groups. To change the permissions of a user, you can remove the user from the original groups or add the user to other groups.

Policy Attachment to Users

You can directly attach policies to users for agile, flexible permissions control.

Resource Management Delegation

You can delegate more professional, efficient accounts or other cloud services to manage specific resources in your account.

Account Security Settings

Login verification and password policies improve security of user information and system data.

Access Analyzer

IAM Access Analyzer helps identify resources and unused passwords and keys (such as OBS bucket policies, KMS keys, IAM agencies, or trust agencies) that are shared with external principals in your organization or account.

IAM Access Analyzer can:
  • Identify resources in your account or organization that are shared with an external principal.

    IAM Access Analyzer analyzes your resources to identify unintended external access to your resources.

  • Identify unused access in your organization or account.

    Unused access analyzers generate findings for unused access. The findings provide visibility into unused passwords, access keys and permissions, and unused permissions of trust agencies for IAM users in your organization or account.

  • Validate custom policies against policy grammar.

    The access analyzer checks your policy against policy grammar and provides check findings. The check results include security warnings, errors, suggestions, and general warnings.