Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ User Guide/ Identity/ IAM Users/ Overview
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Overview

IAM Users

As the account administrator, you can use your account to create IAM users and assign permissions to access resources of your account. Each IAM user has their own identity credentials (password and access keys). IAM users cannot make payments themselves. You can use your account to pay for the resources they use.

Relationship Between an Account and Its IAM Users

Conceptual models

  • Account: An account is the entity that owns and pays for used resources. An account does not directly use resources.
  • IAM user: IAM users are entities that use resources in an account.

Usage habits

There are an account root user and IAM users in an account.
  • Account root user: An account root user is an IAM user with the same name as the account. It is created by default when an account is created. There are some restrictions on account root users.
  • IAM user: An IAM user is manually created after an account is created. IAM users can be modified and deleted.

Identifying IAM Users

When you create an IAM user, IAM provides the following methods to identify that user:

  • An IAM username, which is specified when you create the IAM user. The username must be unique under an account.
  • A unique IAM user ID, which is generated when you create the IAM user.
  • A Uniform Resource Name (URN) for the IAM user, which is used to identify Huawei Cloud resources. Each Huawei Cloud resource has its own URN. An IAM user is also a Huawei Cloud resource. You can specify the URN of a resource in the Resource element of a custom identity policy and in global condition keys such as g:PrincipalUrn and g:SourceUrn. For details about how to use these condition keys, see Global Condition Key.

    The URN of an IAM user is in the format of iam::<account-id>:user:<user-name>. For more information about resource URNs, see Using URNs to Identify Huawei Cloud Resources.

    • The value * represents any value in the angle brackets (<>).
    • <account-id> indicates the ID of the current account.
    • <user-name> indicates the IAM username. The value * indicates all IAM users within an account.

IAM User Credentials and Access Methods

You can access Huawei Cloud in different ways, depending on the credentials of IAM users:

  • Console password: IAM users can log in to Huawei Cloud using their passwords. For details, see Logging In as an IAM User. If you do not set a console password when creating an IAM user, the user cannot log in using this credential.
  • Access keys: You can create access keys for IAM users so that they can make programmatic calls to Huawei Cloud. For more information, see Access Keys.
Parent topic: IAM Users