Help Center/ Enterprise Management/ User Guide/ Project Management/ FAQs/ What Are the Differences Between IAM and Enterprise Management?
Updated on 2024-09-20 GMT+08:00

What Are the Differences Between IAM and Enterprise Management?

Enterprise Management allows you to hierarchically manage resources with enterprise projects to align with your organizational structure. It includes enterprise project, personnel, accounting, and application management.

Identity and Access Management (IAM) is an identity management service that provides identity authentication, permissions management, and access control.

You can use both IAM and Enterprise Management to manage personnel and permissions. Enterprise Management also provides accounting and application management, and supports more fine-grained access control. For medium- and large-sized enterprises, Enterprise Management is a better choice.

For more information about IAM features, see Identity and Access Management.

Differences Between IAM and Enterprise Management

  • Enabling method
    • IAM is an identity management service. It is free of charge, and you can use it immediately after signing up for Huawei Cloud.
    • Enterprise Management is a resource management service. You need to enable it after you sign up for Huawei Cloud. For details, see Enabling Enterprise Center and Enabling the Enterprise Project Function.

      The Enterprise Management service is free of charge. You only need to pay for your resources.

  • Resource isolation
    • IAM allows you to create multiple projects in a region for resource isolation. An IAM project can contain resources of only one region. If you assign permissions based on IAM projects, users with related permissions can access all resources in a specific project.
    • Enterprise Management allows you to create multiple enterprise projects in a region for resource isolation. An enterprise project can contain resources of multiple regions. You can control access to a specific resource. For example, you can add an Elastic Cloud Server (ECS) to an enterprise project, and assign permissions to a user for managing the ECS in the project instead of other ECSs.
  • Supported services

Authentication Process

When a user initiates an access request, the system authenticates the request based on the actions in the policies that have been attached to the group to which the user belongs. The following figure shows the authentication process.

Figure 1 Authentication process
  1. A user initiates an access request.
  2. The system checks actions in IAM-project-based policies.
  3. If a matched Allow or Deny action is found, the system returns an authentication result (Allow or Deny), and the authentication finishes.
  4. If no matched actions are found in IAM project policies, the system continues to check actions in enterprise-project-based policies.
  5. If a matched Allow or Deny action is found, the system returns an authentication result (Allow or Deny), and the authentication finishes.
  6. If no matched actions are found, the system returns a Deny, and the authentication finishes.