What Are the Differences Between IAM and Enterprise Management?
Enterprise Management enables enterprises to manage cloud resources at the organization and project levels. It includes enterprise project, personnel, accounting, and application management.
Identity and Access Management (IAM) is an identity management service that provides identity authentication, permissions management, and access control.
You can use both IAM and Enterprise Management to manage users and access permissions. However, Enterprise Management also allows accounting and application management, and supports more fine-grained authorization for resource usage. It is recommended for medium- and large-sized enterprises.
For more information about IAM features, see Identity and Access Management.
Differences Between IAM and Enterprise Management
- Enabling method
- IAM is free of charge and you can use it immediately after you register with the Huawei Cloud system.
- Enterprise Management is a resource management service. You can apply for Enterprise Management from Huawei Cloud. For details, see Enabling the Enterprise Center and Enabling the Enterprise Project Function.
The Enterprise Management service is free of charge. You only need to pay for resources managed in enterprise projects.
- Resource isolation
- Using IAM, you can create multiple projects in a region to isolate resources, and authorize users to access resources in specific projects.
- Using Enterprise Management, you can create enterprise projects to isolate resources across regions. Enterprise Management makes it easy for you to assign permissions for specific cloud resources. For example, you can add an Elastic Cloud Server (ECS) to an enterprise project, and assign permissions to a user for managing the ECS in the project. The user then can manage only this ECS.
- Supported services
- See Supported Cloud Services.
- For details about the cloud services supported by Enterprise Management, see Supported Cloud Services.
Authentication Process
When a user initiates an access request, the system authenticates the request based on the actions in the policies that have been attached to the group to which the user belongs. The following figure shows the authentication process.
- A user initiates an access request.
- The system looks for IAM project policies and then looks for matched actions in the policies.
- If a matched Allow or Deny action is found, the system returns an authentication result (Allow or Deny). Then the authentication is finished.
- If no matched actions are found in IAM project policies, the system continues to look for enterprise project policies and matched actions.
- If a matched Allow or Deny action is found, the system returns an authentication result (Allow or Deny). Then the authentication is finished.
- If no matched actions are found, the system returns a Deny. Then the authentication is finished.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
