Updated on 2024-09-10 GMT+08:00

Identity Authentication and Management

The Identity and Access Management (IAM) service provides free permissions management for secure access to your cloud services and resources. The IAM administrator controls who can access SWR resources through identity authentication (logging in) and authorization (assigning permissions).

Identity Authentication

If you want to use Huawei Cloud services and resources, you must register as an IAM user.

Account

An account is created after you successfully register with Huawei Cloud, and you can use it to purchase Huawei Cloud resources. The account has full access permissions for your cloud resources and can be used to make payments for them. You can use the account to reset user passwords, assign permissions, and receive and pay all bills generated by your IAM users for their usage of resources.

You cannot modify or delete your account in IAM, but you can do so in My Account.

IAM user

IAM users are created with an account to use cloud services. Each IAM user has their own identity credentials (passwords and access keys) and uses cloud resources based on assigned permissions. IAM users cannot make payments themselves. You can use your account to pay their bills.

User group

Users in the same user group have the same permissions. IAM users must be added to a user group to obtain the permissions assigned to the user group. If a user is added to multiple user groups, the user inherits the permissions assigned to all these groups.

IAM roles

IAM roles are IAM users with special permissions. But they are irrelevant to a specific account. You can switch between different roles as needed.

Policy-based Permissions Management

You can create a policy and attach it to Huawei Cloud identities to control access to Huawei Cloud. When a principal (user, root user, or role session) sends a request, Huawei Cloud will determine whether to allow or reject the request based on permissions in these policies. Most policies are stored as JSON documents.

Identity-based policy

An identity-based policy is defined in a JSON document of an identify (IAM user, user group, or role). These policies manage the permissions of users and roles for operating on specific resources under specific conditions.