Identity and Access Management User Guide Issue 21 Date 2021-09-02 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Issue 21 (2021-09-02) Copyright © Huawei Technologies Co., Ltd. i Identity and Access Management User Guide Contents Contents 1 Before You Start....................................................................................................................... 1 2 Logging In to HUAWEI CLOUD.............................................................................................5 3 IAM Users................................................................................................................................ 12 3.1 Creating an IAM User.......................................................................................................................................................... 12 3.2 Assigning Permissions to an IAM User.......................................................................................................................... 15 3.3 Logging In as an IAM User................................................................................................................................................ 15 3.4 Viewing or Modifying IAM User Information..............................................................................................................17 3.5 Deleting an IAM User.......................................................................................................................................................... 19 3.6 Changing the Login Password of an IAM User...........................................................................................................19 3.7 Managing Access Keys for an IAM User....................................................................................................................... 20 4 User Groups and Authorization......................................................................................... 22 4.1 Creating a User Group and Assigning Permissions................................................................................................... 22 4.2 Adding Users to or Removing Users from a User Group........................................................................................ 28 4.3 Viewing or Modifying User Group Information......................................................................................................... 29 4.4 Canceling Permissions of a User Group........................................................................................................................ 32 4.5 Assigning Dependency Roles............................................................................................................................................ 32 5 Permissions............................................................................................................................. 34 5.1 Basic Concepts....................................................................................................................................................................... 34 5.2 Roles.......................................................................................................................................................................................... 35 5.3 Policies...................................................................................................................................................................................... 37 5.3.1 Policy Content.....................................................................................................................................................................37 5.3.2 Policy Syntax....................................................................................................................................................................... 37 5.3.3 Authentication Process.................................................................................................................................................... 43 5.4 Change to the System-Defined Policy Names............................................................................................................ 44 5.5 Viewing Assignment Records............................................................................................................................................ 49 5.6 Custom Policies......................................................................................................................................................................50 5.6.1 Creating a Custom Policy................................................................................................................................................50 5.6.2 Modifying or Deleting a Custom Policy.....................................................................................................................56 5.6.3 Custom Policy Use Cases................................................................................................................................................ 57 5.6.4 Cloud Services Supported by IAM................................................................................................................................59 6 Projects.................................................................................................................................... 61 Issue 21 (2021-09-02) Copyright © Huawei Technologies Co., Ltd. ii Identity and Access Management User Guide Contents 7 Agencies...................................................................................................................................64 7.1 Account Delegation..............................................................................................................................................................64 7.1.1 Delegating Resource Access to Another Account...................................................................................................64 7.1.2 Creating an Agency (by a Delegating Party)...........................................................................................................65 7.1.3 (Optional) Assigning Permissions to an IAM User (by a Delegated Party)..................................................67 7.1.4 Switching Roles (by a Delegated Party).................................................................................................................... 69 7.2 Cloud Service Delegation................................................................................................................................................... 70 8 Security Settings....................................................................................................................72 8.1 Security Settings Overview................................................................................................................................................ 72 8.2 Basic Information.................................................................................................................................................................. 74 8.3 Critical Operation Protection............................................................................................................................................ 75 8.4 Login Authentication Policy.............................................................................................................................................. 83 8.5 Password Policy..................................................................................................................................................................... 84 8.6 ACL............................................................................................................................................................................................. 86 9 Identity Providers.................................................................................................................. 87 9.1 Introduction............................................................................................................................................................................ 87 9.2 SAML-based Federated Identity Authentication........................................................................................................ 89 9.2.1 Configuration of SAML-based Federated Identity Authentication..................................................................