- What's new
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Introduction
- Permissions Management
- Basics of the Container Engine
-
Image Management
- Uploading an Image Through a Container Engine Client (Recommended)
- Obtaining a Long-Term Valid Login Command
- Uploading an Image Through SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing a Private Image
- Adding a Trigger
- Adding an Image Retention Policy
- Configuring Automatic Image Synchronization Between Regions
- Image Center
- Organization Management
- User Permissions
- Auditing
- Change History
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
- API Overview
-
API
- Organization Management
- Managing Image Repositories
- Image Tag Management
- Shared Account Management
- API Version
- Organization Permission Management
- Image Permission Management
- Image Synchronization Management
- Trigger Management
- Image Retention Policy Management
- Temporary Login Command
- Quota Management
- Other
- Example Applications
- Appendixes
- SDK Reference
-
FAQs
- General FAQs
- Login Issues
- Synchronizing Images
- Pushing an Image
- Pulling an Image
-
Troubleshooting
- Why Does the Login Command Fail to Be Executed?
- Why Does an Image Fail to Be Pushed Through a Container Engine Client?
- Why Does an Image Fail to Be Uploaded Through SWR Console?
- Why Does the docker pull Command Fail to Be Executed?
- What Should I Do If Images Cannot Be Downloaded from Private Networks?
- What Do I Do If an Error Occurs When I Call an API?
-
Other FAQs
- Why Does a CCE Workload Cannot Pull an Image from SWR and a Message "Not Logged In" Is Displayed?
- How Many Tenants Can I Share an SWR Private Image With?
- Why Is an Image Pushed Using a Container Engine Client to SWR Different in Size From One Uploaded Through the SWR Console?
- Can I Pull Images on the SWR Console to a Local PC?
- Videos
- Glossary
-
More Documents
- User Guide
- API Reference
- User Guide (Paris Regions)
- API Reference (Paris Regions)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
-
User Guide (Ankara Region)
- Service Overview
- Overview
- Permissions Management
- Basics of Docker
-
Image Management
- Pushing an Image Through a Container Engine Client
- Obtaining a Long-Term Valid Docker Login Command
- Obtaining a Long-Term Valid containerd Pull/Push Command
- Uploading an Image Through the SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing Private Images
- Adding a Trigger
- Adding an Image Retention Policy
- Organization Management
- User Permissions
- FAQs
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- API
- Appendixes
- Permissions and Supported Actions
- General Reference
Copied.
Identity Authentication and Management
The Identity and Access Management (IAM) service provides free permissions management for secure access to your Huawei Cloud services and resources. The IAM administrator can assign users permissions for accessing SWR resources through identity authentication (login credentials) and authorization (authorized to operate specific resources).
Identity Authentication
If you want to use Huawei Cloud services and resources, you must sign up as an IAM user.
Account
An account is created after you sign up with Huawei Cloud, and you can use it to purchase Huawei Cloud resources. The account has full access permissions for your cloud resources and can be used to make payments for them. You can use the account to reset user passwords, assign permissions, and receive and pay all bills generated by your IAM users for their usage of resources.
You cannot modify or delete your account in IAM, but you can do so in My Account.
IAM user
IAM users are created with an account to use cloud services. Each IAM user has their own identity credentials (passwords and access keys) and uses cloud resources based on assigned permissions. IAM users cannot make payments themselves. You can use your account to pay their bills.
User group
Users in the same user group have the same permissions. IAM users must be added to a user group to obtain the permissions assigned to the user group. If a user is added to multiple user groups, the user inherits the permissions assigned to all these groups.
IAM roles
IAM roles are IAM users with special permissions. But they are irrelevant to a specific account. You can switch between different roles as needed.
Policy-based Permissions Management
You can create a policy and attach it to identities on Huawei Cloud to control access to Huawei Cloud. When a principal (user, root user, or role session) sends a request, Huawei Cloud will determine whether to allow or deny the request based on permissions in these policies. Most policies are stored as JSON documents.
Identity-based policy
An identity-based policy is defined in a JSON document of an identity (IAM user, user group, or role). These policies manage the permissions of users and roles for operating on specific resources under specific conditions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot