No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Object Storage Service (Compatible with Amazon S3 APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IAM Services

IAM Services

Identity and Access Management (IAM) enhances the account management. Accounts can manage users, groups, IAM policy, and credentials. Accounts use the IAM service to manage users.

Overview

With an account of the object storage service, you can create users under the account. The account uses the IAM service to manage its users. This section briefly presents the IAM function. For details about operations and configuration, see OceanStor 9000 IAM API Reference.

User Management

The account performs the following operations to manage its users:

  • Create a user: Creates a user with the specified name and path (for differentiating the user's organizations).
  • Modify user information: Modifies the name and path of a specified user.
  • Query user information: Queries the specified user's information.
  • List users: Lists all users under the account.
  • List groups owning a user: Lists groups owning the user.
  • Delete a user: Deletes a user with the specified name.

Group Management

A group is a collection of users. Each account can own a maximum of 100 groups. The account performs the following operations to manage its groups:

  • Create a group: Creates a group with the specified name and path (for differentiating the group's organizations).
  • Modify group information: Modifies the name and path of the specified group.
  • Query group information: Queries basic information and the user list of the specified group.
  • List groups: Lists groups under the account.
  • Delete a group: Deletes a group with the specified name.
  • Add users to a group: Adds the specified users to a group.
  • Delete users from a group: Deletes the specified users from a group.

Access Policy Management

Each account has multiple access policies and can set access policies for its users and groups. The account performs the following operations to manage its access policies:

  • Set user's access policies: Sets access policies for a user to control it.
  • Query user's access policy information: Queries information about a certain access policy of a user.
  • List user's access policies: Queries all access policies of a user.
  • Delete user's access policies: Deletes the access policies associated with a user.
  • Set group's access policies: Sets access policies for a group to control the users in the group.
  • Query group's access policy information: Queries information about a certain access policy of a group.
  • List group's access policies: Queries all access policies of a group.
  • Delete group's access policies: Deletes the access policies associated with a group.

Credential Management

Each user must have a credential as an identity for accessing services. An account can create up to three sets of credentials for itself or each of its users. Users with administrative rights can create up to three sets of credentials for itself or each of its users authorized by the account. Performing the following operations to manage credentials:

  • Create a credential: Creates credential for a specific account or user.
  • Modify credential status: The credential status can be changed to active or inactive.
  • List credential: Accounts or users with administrative rights can list credential of a specified account or user.
  • Import a credential: Accounts or users with administrative rights can import a credential for a user without one.
  • Delete credential: Accounts or users with administrative rights can delete credential of a specified account or user.
Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122523

Views: 12743

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next