(Optional) Authorizing Subaccounts to Use ImageSearch
This section describes how to grant the Tenant Guest permission of ImageSearch and the OBS Buckets Viewer policy of OBS to a user group, and add users to the user group. In this way, subaccounts have corresponding operation rights. The operation process is shown in Figure 1.
Process Flow
For details about the Tenant Guest permission and how to apply for the permission, see System Permissions and Creating a User Group and Assigning Permissions in the Identity and Access Management User Guide.
Step 1: Create a User Group and Grant Permissions
User groups facilitate centralized user management and streamlined permission management. Users in the same user group have the same permissions. Users created in IAM inherit permissions from the groups to which they belong. To create a user group and grant it permissions, perform the following steps:
- Log in to Huawei Cloud using an account.
- On the management console, mouse over the username on the upper right corner and then choose Identity and Access Management.
- On the IAM console, choose User Groups in the navigation pane. Then click Create User Group.
- Enter a user group name, and click OK.
The user group is displayed in the user group list.
- In the row of the created user group, click Manage Permissions in the Operation column. The Permissions Assigned tab page is displayed. Click Assign. Select Global service project for Scope. Select Tenant Guest and click OK, as shown in Figure 2.
- In the row of the user group you created, click Manage Permissions in the Operation column. The Permissions Assigned tab page is displayed. Click Assign. Set Scope to Region-specific projects and select All projects (including future projects in all regions). Select Tenant Guest and click OK, as shown in Figure 3.
- Return to the user group list, click Manage Permissions under the Operation column in the row that contains the newly created user group. On the Permissions tab page, view the configured permissions, as shown in Figure 4.
Step 2: Create an IAM User
IAM users can be created for employees or applications of an enterprise. Each IAM user has their own security credentials, and inherits permissions from the groups it is a member of. To create an IAM user, perform the following steps:
- In the navigation pane of the IAM console, choose Users. Then click Create User.
- Set user information and click Next. For details about the parameters, see Creating an IAM User.
- On the next page, set a password type, an email address, and a mobile number, and click OK.
- Add users to user groups so that the users inherit permissions from the groups to which they belong. For details about how to add users, see Adding Users to a User Group.
Step 3: Log In and Verify Permissions
After the user is created, use the username and identity credential to log in to HUAWEI CLOUD, and verify that the user has the permissions.
- On the HUAWEI CLOUD login page, click IAM User Login.
- Enter the account name, username, and password, and click Log In.
- The account name is the name of the Huawei Cloud account that created the IAM user.
- The username and password are those set by the account when creating the IAM user.
- If the login fails, contact the entity owning the account to verify the username and password. Alternatively, you can reset the password.
- After successful login, switch to a region where the user has been granted permissions on the management console. The default region is CN North-Beijing4.
- In Service List, select ImageSearch. If the instance creation, offline import, and service test and calling can all be performed properly, the permissions are granted successfully.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot