Updated on 2023-04-25 GMT+08:00
Preparations
Creating the rf_admin_trust Agency
- Log in to Huawei Cloud official website, open the console, hover over the account name, and choose Identity and Access Management.
Figure 1 Console page
Figure 2 Identity and Access Management
- Choose Agencies in the left navigation pane and search for the rf_admin_trust agency.
Figure 3 Agency list
- If the agency is found, skip the following steps.
- If the agency is not found, perform the following steps to create it.
- Click Create Agency in the upper right corner of the page. On the displayed page, enter rf_admin_trust for Agency Name, select Cloud service for Agency Type, select RFS for Cloud Service, and click Next.
Figure 4 Creating an agency
- Search for Tenant Administrator, select it in the search results, and click Next.
Figure 5 Selecting a policy
- Select All resources and click OK.
Figure 6 Selecting a scope
- Check that the rf_admin_trust agency is displayed in the agency list.
Figure 7 Agency list
Creating the IAM Agency Management FullAccess Policy
- Choose Identity and Access Management.
Figure 8 Identity and Access Management
- Choose Permissions > Authorization, enter IAM Agency Management FullAccess in the search box, and check whether this policy exists.
Figure 9 Permission list
- If the policy is found, you do not need to create it.
- If the policy is not found, create it.
- Choose Permissions > Policies/Roles, and click Create Custom Policy.
Figure 10 Clicking Create Custom Policy
- Enter policy name IAM Agency Management FullAccess, select JSON, enter the following JSON code in the Policy Content text box, and click OK.
Figure 11 Creating a custom policy
{ "Version": "1.1", "Statement": [ { "Action": [ "iam:agencies:createAgency", "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:agencies:deleteAgency", "iam:agencies:updateAgency", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgency", "iam:permissions:grantRoleToAgencyOnDomain", "iam:permissions:grantRoleToAgencyOnProject", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnDomain", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:checkRoleForAgencyOnDomain", "iam:permissions:checkRoleForAgencyOnProject", "iam:permissions:listRolesForAgency", "iam:permissions:checkRoleForAgency", "iam:roles:listRoles" ], "Effect": "Allow" } ] } - If no error message is displayed, the IAM Agency Management FullAccess policy is successfully created.
Assigning the IAM Agency Management FullAccess Policy to Agency rf_admin_trust
- Choose Identity and Access Management.
Figure 12 Identity and Access Management
- Choose Agencies in the left navigation pane and select the rf_admin_trust agency.
Figure 13 Agency list
- Click the Permissions tab and click Authorize.
Figure 14 Permissions
- Enter IAM Agency Management FullAccess in the search box, select the policy, click Next, and then click OK.
Figure 15 Configuring the IAM Agency Management FullAccess policy
- Check that the rf_admin_trust agency has the Tenant Administrator and IAM Agency Management FullAccess permissions.
Figure 16 Permissions
Parent topic: Procedure
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
