IAM UMN 25.9.0 Version

Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>

docs/iam/umn/ALL_META.TXT.json

@@ -313,7 +313,7 @@
 		"node_id":"en-us_topic_0046661675.xml",
 		"product_code":"iam",
 		"code":"18",
-		"des":"You can modify the user information, including the status, access type, description, external identity ID, and belonged user group.If the job responsibilities of a user a",
+		"des":"You can click the user to view user details. The administrator can change the user status, access method, description, external identity ID, and groups to which the user ",
 		"doc_type":"usermanual",
 		"kw":"Viewing and Modifying User Information,IAM Users,User Guide",
 		"search_title":"",
@@ -691,7 +691,7 @@
 		"node_id":"iam_01_0704.xml",
 		"product_code":"iam",
 		"code":"39",
-		"des":"The Login Authentication Policy tab of the Security Settings page provides the Session Timeout, Account Lockout, Account Disabling, Recent Login Information, and Custom I",
+		"des":"The Login Authentication Policy tab of the Security Settings page provides the Session timeout, Account Lockout, Account Disabling, Recent Login Information, and Custom I",
 		"doc_type":"usermanual",
 		"kw":"Login Authentication Policy,Security Settings,User Guide",
 		"search_title":"",
@@ -799,7 +799,7 @@
 		"node_id":"iam_06_0001.xml",
 		"product_code":"iam",
 		"code":"45",
-		"des":"The agency function enables you to delegate another account to implement O&M on your resources based on assigned permissions.You can delegate resource access only to acco",
+		"des":"An agency enables you to delegate another account or service to implement O&M on your resources based on assigned permissions.You can delegate resource access only to acc",
 		"doc_type":"usermanual",
 		"kw":"Process for Account Delegation,Delegating Another Account for Resource Management,User Guide",
 		"search_title":"",
@@ -943,7 +943,7 @@
 		"node_id":"iam_08_0251.xml",
 		"product_code":"iam",
 		"code":"53",
-		"des":"IAM supports two SSO types: virtual user SSO and IAM user SSO. This section describes the two SSO types and their differences, helping you to choose an appropriate type f",
+		"des":"IAM supports two SSO types: virtual user SSO and IAM user SSO. An account cannot have both types of IdPs. This section describes the two SSO types and their differences, ",
 		"doc_type":"usermanual",
 		"kw":"Application Scenarios of Virtual User SSO and IAM User SSO,Identity Providers,User Guide",
 		"search_title":"",
@@ -1465,7 +1465,7 @@
 		"node_id":"iam_01_0004.xml",
 		"product_code":"iam",
 		"code":"82",
-		"des":"You can unbind the virtual MFA device as long as the mobile phone used to bind the MFA device is available and the MFA application is still installed on the phone.On the ",
+		"des":"You can unbind the virtual MFA device as long as the mobile phone used to bind the MFA device is available and the MFA application is still installed on the phone.",
 		"doc_type":"usermanual",
 		"kw":"How Do I Unbind a Virtual MFA Device?,FAQs,User Guide",
 		"search_title":"",

docs/iam/umn/CLASS.TXT.json

@@ -153,7 +153,7 @@
 		"code":"17"
 	},
 	{
-		"desc":"You can modify the user information, including the status, access type, description, external identity ID, and belonged user group.If the job responsibilities of a user a",
+		"desc":"You can click the user to view user details. The administrator can change the user status, access method, description, external identity ID, and groups to which the user ",
 		"product_code":"iam",
 		"title":"Viewing and Modifying User Information",
 		"uri":"en-us_topic_0046661675.html",
@@ -342,7 +342,7 @@
 		"code":"38"
 	},
 	{
-		"desc":"The Login Authentication Policy tab of the Security Settings page provides the Session Timeout, Account Lockout, Account Disabling, Recent Login Information, and Custom I",
+		"desc":"The Login Authentication Policy tab of the Security Settings page provides the Session timeout, Account Lockout, Account Disabling, Recent Login Information, and Custom I",
 		"product_code":"iam",
 		"title":"Login Authentication Policy",
 		"uri":"iam_01_0704.html",
@@ -396,7 +396,7 @@
 		"code":"44"
 	},
 	{
-		"desc":"The agency function enables you to delegate another account to implement O&M on your resources based on assigned permissions.You can delegate resource access only to acco",
+		"desc":"An agency enables you to delegate another account or service to implement O&M on your resources based on assigned permissions.You can delegate resource access only to acc",
 		"product_code":"iam",
 		"title":"Process for Account Delegation",
 		"uri":"iam_06_0001.html",
@@ -468,7 +468,7 @@
 		"code":"52"
 	},
 	{
-		"desc":"IAM supports two SSO types: virtual user SSO and IAM user SSO. This section describes the two SSO types and their differences, helping you to choose an appropriate type f",
+		"desc":"IAM supports two SSO types: virtual user SSO and IAM user SSO. An account cannot have both types of IdPs. This section describes the two SSO types and their differences, ",
 		"product_code":"iam",
 		"title":"Application Scenarios of Virtual User SSO and IAM User SSO",
 		"uri":"iam_08_0251.html",
@@ -729,7 +729,7 @@
 		"code":"81"
 	},
 	{
-		"desc":"You can unbind the virtual MFA device as long as the mobile phone used to bind the MFA device is available and the MFA application is still installed on the phone.On the ",
+		"desc":"You can unbind the virtual MFA device as long as the mobile phone used to bind the MFA device is available and the MFA application is still installed on the phone.",
 		"product_code":"iam",
 		"title":"How Do I Unbind a Virtual MFA Device?",
 		"uri":"iam_01_0004.html",

docs/iam/umn/en-us_topic_0046611269.html

@@ -5,7 +5,7 @@
 <div class="section" id="en-us_topic_0046611269__section30804749"><h4 class="sectiontitle">Procedure</h4><ol id="en-us_topic_0046611269__o025a4cf6ce6648bba2ce47207fa01037"><li id="en-us_topic_0046611269__lc08cd25179a54f4f92db62fcf9afdf49"><span>In the navigation pane, choose <span class="uicontrol" id="en-us_topic_0046611269__uicontrol1092519519453"><b>User Groups</b></span>.</span></li><li id="en-us_topic_0046611269__lbdf5d121c2ac4d20b03354ca18e14647"><span>On the <strong id="en-us_topic_0046611269__en-us_topic_0046611269_b2385397092151">User Groups</strong> page, click <strong id="en-us_topic_0046611269__en-us_topic_0046611269_b362570492353">Create User Group</strong>.</span></li><li id="en-us_topic_0046611269__l339bc6f533a94445b1e9211f8c5f234c"><span>Enter a user group name.</span></li><li id="en-us_topic_0046611269__l97e2ee9e0c904c658edc5adca5716ef9"><span>(Optional) Enter a description for the user group.</span><p><div class="note" id="en-us_topic_0046611269__note11678786105823"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0046611269__p348815281144">To enable users to directly view their permissions, set a description for the user group. For example, if you assign the <strong id="en-us_topic_0046611269__b449778452">Security Administrator</strong> role to a user group, you can set any description in the <strong id="en-us_topic_0046611269__b145034817517">Description</strong> text box. For example: <strong id="en-us_topic_0046611269__b350318816517">Security Administrator: Permissions for creating, deleting, and modifying users as well as granting permissions to users.</strong> For details about the permissions for all cloud services, see <a href="https://docs.otc.t-systems.com/additional/permissions.html" target="_blank" rel="noopener noreferrer">Permissions</a>.</p>
 </div></div>
 </p></li><li id="en-us_topic_0046611269__la3352beb5df44860b8f7ed621884e09f"><span>Click <span class="uicontrol" id="en-us_topic_0046611269__uicontrol835913281425"><b>OK</b></span>.</span><p><p id="en-us_topic_0046611269__ae95b4587c0894d58bad84b876a8ee99d">The user group is displayed in the user group list.</p>
-</p></li><li id="en-us_topic_0046611269__en-us_topic_0111879498_li2918054318"><span>In the row containing the user group, click <strong id="en-us_topic_0046611269__b18588864173">Authorize</strong> in the <strong id="en-us_topic_0046611269__b5320131414170">Operation</strong> column.</span></li><li id="en-us_topic_0046611269__li5217237183211"><span>On the <strong id="en-us_topic_0046611269__b20950191771811">Authorize User Group</strong> page, select the permissions to be assigned to the user group. You can also click <strong id="en-us_topic_0046611269__b10996164481816">Go to Old Edition</strong> to use the old version for authorization.</span><p><p id="en-us_topic_0046611269__p14614448153414">If the system-defined policies do not meet your requirements, you can click <strong id="en-us_topic_0046611269__b202021780193">Create Policy</strong> in the upper right to create custom policies for fine-grained permissions control. For details, see <a href="iam_01_0016.html">Creating a Custom Policy</a>.</p>
+</p></li><li id="en-us_topic_0046611269__en-us_topic_0111879498_li2918054318"><span>In the row containing the user group, click <strong id="en-us_topic_0046611269__b18588864173">Authorize</strong> in the <strong id="en-us_topic_0046611269__b5320131414170">Operation</strong> column.</span></li><li id="en-us_topic_0046611269__li5217237183211"><span>On the <strong id="en-us_topic_0046611269__b20950191771811">Authorize User Group</strong> page, select the permissions to be assigned to the user group.</span><p><p id="en-us_topic_0046611269__p14614448153414">If the system-defined policies do not meet your requirements, you can click <strong id="en-us_topic_0046611269__b202021780193">Create Policy</strong> in the upper right to create custom policies for fine-grained permissions control. For details, see <a href="iam_01_0016.html">Creating a Custom Policy</a>.</p>
 <div class="fignone" id="en-us_topic_0046611269__fig41851951835"><span class="figcap"><b>Figure 1 </b>Selecting permissions</span><br><span><img id="en-us_topic_0046611269__image181852512316" src="en-us_image_0000001656493417.png" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="en-us_topic_0046611269__li1444519351044"><span>Click <strong id="en-us_topic_0046611269__b196303152112">Next</strong>.</span></li><li id="en-us_topic_0046611269__li18217237103214"><span>Specify the scope. The system automatically recommends an authorization scope for the permissions you selected. <a href="#en-us_topic_0046611269__table13959113218281">Table 1</a> describes all the authorization scopes provided by IAM.</span><p>
 <div class="tablenoborder"><a name="en-us_topic_0046611269__table13959113218281"></a><a name="table13959113218281"></a><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0046611269__table13959113218281" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Authorization scopes</caption><thead align="left"><tr id="en-us_topic_0046611269__row119591322288"><th align="left" class="cellrowborder" valign="top" width="14.01%" id="mcps1.3.2.2.9.2.1.2.3.1.1"><p id="en-us_topic_0046611269__p11958133215282">Scope</p>

docs/iam/umn/en-us_topic_0046611300.html

@@ -2,13 +2,19 @@
 
 <h1 class="topictitle1">Change History</h1>
 <div id="body1481683858040">
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0046611300__table21997797145555" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Change history</caption><thead align="left"><tr id="en-us_topic_0046611300__row57680627145555"><th align="left" class="cellrowborder" valign="top" width="29.95%" id="mcps1.3.1.2.3.1.1"><p id="en-us_topic_0046611300__p15004592145747"><strong id="en-us_topic_0046611300__b301217941">Released On</strong></p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="en-us_topic_0046611300__table21997797145555" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Change history</caption><thead align="left"><tr id="en-us_topic_0046611300__row57680627145555"><th align="left" class="cellrowborder" valign="top" width="29.95%" id="mcps1.3.1.2.3.1.1"><p id="en-us_topic_0046611300__p15004592145747"><strong id="en-us_topic_0046611300__b137516854">Released On</strong></p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="70.05%" id="mcps1.3.1.2.3.1.2"><p id="en-us_topic_0046611300__p49738431145747">Description</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="en-us_topic_0046611300__row3798827155214"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p179815273526">2025-06-24</p>
+<tbody><tr id="en-us_topic_0046611300__row271432553015"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p137141525183019">2026-03-06</p>
+</td>
+<td class="cellrowborder" valign="top" width="70.05%" headers="mcps1.3.1.2.3.1.2 "><p id="en-us_topic_0046611300__p4714102523014">This release incorporates the following changes:</p>
+<p id="en-us_topic_0046611300__p1129142173110">Updated the document based on the changes on the console version 25.9.</p>
+</td>
+</tr>
+<tr id="en-us_topic_0046611300__row3798827155214"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p179815273526">2025-06-24</p>
 </td>
 <td class="cellrowborder" valign="top" width="70.05%" headers="mcps1.3.1.2.3.1.2 "><p id="en-us_topic_0046611300__p879862725215">This release incorporates the following changes:</p>
 <p id="en-us_topic_0046611300__p75145394528">Added the description of <strong id="en-us_topic_0046611300__b1114105108">Last Activity</strong> in <a href="en-us_topic_0046661675.html">Viewing and Modifying User Information</a>.</p>
@@ -61,7 +67,6 @@
 <p id="en-us_topic_0046611300__p118737535246">Added section <a href="iam_01_0430.html">Deleting User Groups</a>.</p>
 <p id="en-us_topic_0046611300__p880921010259">Added section <a href="iam_03_0004.html">Managing Permissions of a User Group</a>.</p>
 <p id="en-us_topic_0046611300__p1881275253">Added section <a href="iam_01_0657.html">Assigning Dependency Roles</a>.</p>
-<p id="en-us_topic_0046611300__p485974516258"></p>
 <p id="en-us_topic_0046611300__p6741125882518">Modified content in section <a href="en-us_topic_0079496985.html">Assigning Permissions to an IAM User</a>.</p>
 <p id="en-us_topic_0046611300__p7826191732619">Modified content in section <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>.</p>
 <p id="en-us_topic_0046611300__p4433165732614">Modified content in section <a href="iam_01_019.html">Basic Concepts</a>.</p>
@@ -201,7 +206,7 @@
 <tr id="en-us_topic_0046611300__row6624510145555"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p2879788145747">2017-10-15</p>
 </td>
 <td class="cellrowborder" valign="top" width="70.05%" headers="mcps1.3.1.2.3.1.2 "><p id="en-us_topic_0046611300__p33751315145747">This release incorporates the following changes:</p>
-<p id="en-us_topic_0046611300__p38476524145747">Deleted chapter "Permission Description." For details, see <a href="https://docs.otc.t-systems.com/en-us/permissions/index.html" target="_blank" rel="noopener noreferrer">Permission Description</a>.</p>
+<p id="en-us_topic_0046611300__p38476524145747">Deleted chapter "Permissions." For permissions details, see <a href="https://docs.otc.t-systems.com/en-us/permissions/index.html" target="_blank" rel="noopener noreferrer">Permissions</a>.</p>
 </td>
 </tr>
 <tr id="en-us_topic_0046611300__row8240325145555"><td class="cellrowborder" valign="top" width="29.95%" headers="mcps1.3.1.2.3.1.1 "><p id="en-us_topic_0046611300__p20041550145747">2017-09-15</p>

docs/iam/umn/en-us_topic_0046611303.html

@@ -65,7 +65,7 @@
 <td class="cellrowborder" valign="top" width="12.248775122487752%" headers="mcps1.3.2.2.4.2.1.1.5.1.2 "><p id="en-us_topic_0046611303__p235110595212">Set by user</p>
 </td>
 <td class="cellrowborder" valign="top" width="59.86401359864014%" headers="mcps1.3.2.2.4.2.1.1.5.1.3 "><p id="en-us_topic_0046611303__p16604125616917">If you are the administrator setting the password for the user, select this option. The user can set a password by clicking on the one-time login URL sent over email.</p>
-<p id="en-us_topic_0046611303__p42391524917">The URL is valid for 7 days. Remind the user to log in and set a password before the URL expires.</p>
+<p id="en-us_topic_0046611303__p42391524917">The URL is valid for 2 days. Remind the user to log in and set a password before the URL expires.</p>
 </td>
 </tr>
 <tr id="en-us_topic_0046611303__row1088319122116"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.4.2.1.1.5.1.1 "><p id="en-us_topic_0046611303__p18351135914212">Automatically generated</p>
@@ -99,7 +99,7 @@
 </table>
 </div>
 <div class="note" id="en-us_topic_0046611303__note13678131620345"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0046611303__ul106131224588"><li id="en-us_topic_0046611303__li12553124511814">For security purposes, select only one access type for each user.<ul id="en-us_topic_0046611303__ul095841211910"><li id="en-us_topic_0046611303__li016681141913">Programmatic access: Users can access cloud services using development tools (including APIs, CLI, and SDKs) that support key authentication. This access type is recommended for developers.</li><li id="en-us_topic_0046611303__li7949434111919">Management console access: Users can log in to the management console using their own usernames and passwords.</li></ul>
-</li><li id="en-us_topic_0046611303__li478762443513">Users can log in to the cloud platform using the username, mobile number, or email address.</li><li id="en-us_topic_0046611303__li1158571103311">If users forget their password, they can reset it through email address or mobile number verification. If no email address or mobile number has been bound to users, users need to contact the administrator to reset their password.</li><li id="en-us_topic_0046611303__li027874016814">After you set the access type for IAM users, you cannot change it later. However, you can control their access by enabling or disabling their accounts.</li></ul>
+</li><li id="en-us_topic_0046611303__li478762443513">Users can log in to the cloud platform using the username, mobile number, or email address.</li><li id="en-us_topic_0046611303__li1158571103311">If users forget their password, they can reset it through email address or mobile number verification. If no email address or mobile number has been bound to users, users need to contact the administrator to reset their password.</li></ul>
 </div></div>
 </p></li><li id="en-us_topic_0046611303__li1219835071316"><span>(Optional) Click <strong id="en-us_topic_0046611303__b5621421151017">Next</strong> and add the user to one or more user groups.</span><p><ul id="en-us_topic_0046611303__ul13163164116"><li id="en-us_topic_0046611303__li816374116">The user will inherit the permissions assigned to the user groups to which the user belongs.</li><li id="en-us_topic_0046611303__li1516364612">You can also create new groups as required.</li></ul>
 <div class="note" id="en-us_topic_0046611303__note514453815218"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0046611303__ul19859123954411"><li id="en-us_topic_0046611303__li1420014994411">If a user will be an administrator, add the user to the default group <strong id="en-us_topic_0046611303__b1777011325446">admin</strong>.</li><li id="en-us_topic_0046611303__li1574502831212">You can enter a keyword to quickly find the target user group.</li><li id="en-us_topic_0046611303__li38601839144410">You can add a user to multiple user groups.</li></ul>
@@ -107,6 +107,7 @@
 </p></li><li id="en-us_topic_0046611303__li5861111121219"><span>Click <strong id="en-us_topic_0046611303__b7547115951011">Create</strong>.</span><p><div class="note" id="en-us_topic_0046611303__note12420195431414"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0046611303__p1682811181511">If you have specified the access type as <strong id="en-us_topic_0046611303__b1853420396113">Programmatic access</strong>, download the access key on the <strong id="en-us_topic_0046611303__b1353453913111">Finish</strong> page.</p>
 </div></div>
 </p></li></ol>
+<p id="en-us_topic_0046611303__p1995652217268">2</p>
 </div>
 <div class="section" id="en-us_topic_0046611303__section5017677711856"><h4 class="sectiontitle">Related Operations</h4><ul id="en-us_topic_0046611303__ul3778710211856"><li id="en-us_topic_0046611303__li171511617371">View and modify information about the user, including the user status, email address, mobile number, user groups, and logs.</li><li id="en-us_topic_0046611303__li5579358816642">In the user list, click <strong id="en-us_topic_0046611303__b842352706155642">Delete</strong> in the row that contains the user you want to delete and click <strong id="en-us_topic_0046611303__b54531221183715">Yes</strong>.</li></ul>
 </div>

docs/iam/umn/en-us_topic_0046613147.html

@@ -1,7 +1,7 @@
 <a name="en-us_topic_0046613147"></a><a name="en-us_topic_0046613147"></a>
 
 <h1 class="topictitle1">Creating an Agency and Assigning Permissions</h1>
-<div id="body1484205204048"><p id="en-us_topic_0046613147__en-us_topic_0170090713_p54443803141539">By creating an agency, you can share your resources with another account, or delegate an individual or team to manage your resources. You do not need to share your security credentials (the password or access keys) with the delegated party. Instead, the delegated party can log in with its own account credentials and then switches the role to your account and manage your resources.</p>
+<div id="body1484205204048"><p id="en-us_topic_0046613147__en-us_topic_0170090713_p54443803141539">By creating an agency, you can share your resources with another account, or delegate an individual or team to manage your resources. You do not need to share your security credentials (the password and access keys) with the delegated party. Instead, the delegated party can log in with its own account credentials and then switches the role to your account and manage your resources.</p>
 <div class="section" id="en-us_topic_0046613147__en-us_topic_0170090713_section8461153510110"><h4 class="sectiontitle">Prerequisites</h4><p id="en-us_topic_0046613147__en-us_topic_0170090713_p15905144410368">Before creating an agency, complete the following operations:</p>
 <ul id="en-us_topic_0046613147__en-us_topic_0170090713_ul6238854161714"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li32381254121719">Understand the <a href="en-us_topic_0046611276.html">basic concepts</a> of permissions.</li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li17692133582712">Determine the <a href="https://docs.otc.t-systems.com/additional/permissions.html" target="_blank" rel="noopener noreferrer">permissions</a> to be assigned to the agency, and check whether the permissions have dependencies. If yes, assign dependent permissions by referring to <a href="iam_01_0657.html#iam_01_0657">Assigning Dependency Roles</a>.</li></ul>
 </div>
@@ -9,7 +9,7 @@
 </p></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li63471691104814"><span>Enter an agency name.</span><p><div class="fignone" id="en-us_topic_0046613147__en-us_topic_0170090713_fig1866281034218"><span class="figcap"><b>Figure 2 </b>Setting the agency name</span><br><span><img id="en-us_topic_0046613147__en-us_topic_0170090713_image1366211054214" src="en-us_image_0000001562564797.png" title="Click to enlarge" class="imgResize"></span></div>
 </p></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li4558455145011"><span>Specify the agency type as <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b141201757224">Account</strong>, and enter the name of a delegated account.</span><p><div class="note" id="en-us_topic_0046613147__en-us_topic_0170090713_note660374821820"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0046613147__en-us_topic_0170090713_ul1360364851812"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li860334841812"><strong id="en-us_topic_0046613147__en-us_topic_0170090713_b79222852216">Account</strong>: Share resources with another account or delegate an individual or team to manage your resources. The delegated account can only be an account, rather than an IAM user or a federated user.</li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li196031248121815"><strong id="en-us_topic_0046613147__en-us_topic_0170090713_b124915392320">Cloud service</strong>: Delegate a specific service to access other services. For more information, see <a href="iam_06_0004.html">Delegating Another Service for Resource Management</a>.</li></ul>
 </div></div>
-</p></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li21344527114840"><span>Set the validity period and enter a description for the agency.</span></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li1694181217579"><span>Click <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b15726203610118">Next</strong>.</span></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li65324613265"><span>Select the policies or roles to be attached to the agency, click <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b9767325341">Next</strong>, and select the authorization scope.</span><p><div class="note" id="en-us_topic_0046613147__en-us_topic_0170090713_note164823561285"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0046613147__en-us_topic_0170090713_ul5482115682816"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li2482195618283">Assigning permissions to an agency is similar to assigning permissions to a user group. The two operations differ only in the number of available permissions. For details about how to assign permissions to a user group, see <a href="en-us_topic_0079496985.html">Assigning Permissions to an IAM User</a>.</li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li18482195614284">Agencies cannot be assigned the <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b12141738184415">Security Administrator</strong> role. For account security purposes, only grant the required permissions to the agency based on the principle of least privilege (PoLP).</li></ul>
+</p></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li21344527114840"><span>Set the validity period and enter a description for the agency.</span></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li1694181217579"><span>Click <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b15726203610118">Next</strong>.</span></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li65324613265"><span>Select the policies or roles to be attached to the agency, click <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b9767325341">Next</strong>, and select the authorization scope.</span><p><div class="note" id="en-us_topic_0046613147__en-us_topic_0170090713_note164823561285"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0046613147__en-us_topic_0170090713_ul5482115682816"><li id="en-us_topic_0046613147__en-us_topic_0170090713_li2482195618283">Assigning permissions to an agency is similar to assigning permissions to a user group. The two operations differ only in the number of available permissions. For details about how to assign permissions to a user group, see <a href="en-us_topic_0079496985.html">Assigning Permissions to an IAM User</a>.</li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li149361451116">You can assign the <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b1885154794419">Security Administrator</strong> role to the agency, but we do not recommend you to do so. For account security purposes, only grant the required permissions to the agency based on the principle of least privilege (PoLP).</li></ul>
 </div></div>
 </p></li><li id="en-us_topic_0046613147__en-us_topic_0170090713_li1940263053914"><span>Click <strong id="en-us_topic_0046613147__en-us_topic_0170090713_b29042401776">OK</strong>.</span><p><div class="note" id="en-us_topic_0046613147__en-us_topic_0170090713_note1570810524218"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0046613147__en-us_topic_0170090713_p9708052423">After creating an agency, provide your domain name, agency name, agency ID, and agency permissions to the delegated party. The delegated party can then switch the role to your account and manage specific resources based on the assigned permissions.</p>
 </div></div>

docs/iam/umn/en-us_topic_0046613148.html

@@ -6,12 +6,12 @@
 </div>
 <div class="section" id="en-us_topic_0046613148__en-us_topic_0170090706_section1608192323216"><h4 class="sectiontitle">Procedure</h4><ol id="en-us_topic_0046613148__en-us_topic_0170090706_ol1523164310324"><li id="en-us_topic_0046613148__en-us_topic_0170090706_li9238437320"><span>Log in to the management console using your account, or log in as the IAM user created in "Assigning Permissions to an IAM User (by a Delegated Party)".</span><p><div class="note" id="en-us_topic_0046613148__en-us_topic_0170090706_note173853818336"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0046613148__en-us_topic_0170090706_p173993812333">The IAM user created in "Assigning Permissions to an IAM User (by a Delegated Party)" has permission to manage agencies and switch roles.</p>
 </div></div>
-</p></li><li id="en-us_topic_0046613148__en-us_topic_0170090706_li223144317322"><span>Move the cursor to the username in the upper right corner and choose <span class="uicontrol" id="en-us_topic_0046613148__en-us_topic_0170090706_uicontrol773314127317"><b>Switch Role</b></span>.</span></li><li id="en-us_topic_0046613148__en-us_topic_0170090706_li1623124320322"><span>On the <span class="wintitle" id="en-us_topic_0046613148__en-us_topic_0170090706_wintitle26214253314"><b>Switch Role</b></span> page, enter the domain name of the delegating party.</span><p><div class="p" id="en-us_topic_0046613148__en-us_topic_0170090706_p171044544561"><div class="note" id="en-us_topic_0046613148__en-us_topic_0170090706_note11259104465416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0046613148__en-us_topic_0170090706_p31891546134011">After you enter the domain name, the agencies created under this account will be automatically displayed after you click the agency name text box. Select an authorized one from the drop-down list.</p>
+</p></li><li id="en-us_topic_0046613148__en-us_topic_0170090706_li223144317322"><span>Move the cursor to the username in the upper right corner and choose <span class="uicontrol" id="en-us_topic_0046613148__en-us_topic_0170090706_uicontrol911225419720"><b>Switch Role</b></span>.</span></li><li id="en-us_topic_0046613148__en-us_topic_0170090706_li1623124320322"><span>On the <span class="wintitle" id="en-us_topic_0046613148__en-us_topic_0170090706_wintitle1618315413810"><b>Switch Role</b></span> page, enter the domain name of the delegating party.</span><p><div class="p" id="en-us_topic_0046613148__en-us_topic_0170090706_p171044544561"><div class="note" id="en-us_topic_0046613148__en-us_topic_0170090706_note11259104465416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0046613148__en-us_topic_0170090706_p31891546134011">After you enter the domain name, the agencies created under this account will be automatically displayed after you click the agency name text box. Select an authorized one from the drop-down list.</p>
 </div></div>
 </div>
-</p></li><li id="en-us_topic_0046613148__en-us_topic_0170090706_li32394312324"><span>Click <strong id="en-us_topic_0046613148__en-us_topic_0170090706_b1686618443318">OK</strong> to switch to the delegating Domain name.</span></li></ol>
+</p></li><li id="en-us_topic_0046613148__en-us_topic_0170090706_li32394312324"><span>Click <strong id="en-us_topic_0046613148__en-us_topic_0170090706_b62432911812">OK</strong> to switch to the delegating Domain name.</span></li></ol>
 </div>
-<div class="section" id="en-us_topic_0046613148__en-us_topic_0170090706_section633104085020"><h4 class="sectiontitle">Follow-Up Procedure</h4><p id="en-us_topic_0046613148__en-us_topic_0170090706_p1491910416500">Move the cursor to the username in the upper right corner and choose <span class="uicontrol" id="en-us_topic_0046613148__en-us_topic_0170090706_uicontrol1856215597313"><b>Switch Role</b></span>.</p>
+<div class="section" id="en-us_topic_0046613148__en-us_topic_0170090706_section633104085020"><h4 class="sectiontitle">Follow-Up Procedure</h4><p id="en-us_topic_0046613148__en-us_topic_0170090706_p1491910416500">Move the cursor to the username in the upper right corner and choose <span class="uicontrol" id="en-us_topic_0046613148__en-us_topic_0170090706_uicontrol11152124519820"><b>Switch Role</b></span>.</p>
 </div>
 </div>
 <div>

docs/iam/umn/en-us_topic_0046661675.html

@@ -1,11 +1,10 @@
 <a name="en-us_topic_0046661675"></a><a name="en-us_topic_0046661675"></a>
 
 <h1 class="topictitle1">Viewing and Modifying User Information</h1>
-<div id="body1484269500700"><p id="en-us_topic_0046661675__p1699191844810">You can modify the user information, including the status, access type, description, external identity ID, and belonged user group.</p>
+<div id="body1484269500700"><p id="en-us_topic_0046661675__p1699191844810">You can click the user to view user details. The administrator can change the user status, access method, description, external identity ID, and groups to which the user belongs.</p>
 <p id="en-us_topic_0046661675__p294752944613">If the job responsibilities of a user are changed, you can change the permissions assigned for that user by changing the groups which the user belongs to. You can also change the virtual MFA device and access keys of the user by choosing <strong id="en-us_topic_0046661675__b1727185533412">More</strong> &gt; <strong id="en-us_topic_0046661675__b15211185710342">Security Settings</strong> in the row containing the target user. If a user forgot their password or access keys, you can modify the login credentials of the user.</p>
 <div class="section" id="en-us_topic_0046661675__section17362720871"><p id="en-us_topic_0046661675__p0641185914718">As an administrator, you can modify the basic information about an IAM user, change the security settings of the user and the groups to which the user belongs, and view or delete the assigned permissions. To view or modify user information, click <strong id="en-us_topic_0046661675__b929813392517">Security Settings</strong> in the row containing the IAM user.</p>
-<p id="en-us_topic_0046661675__p1016014114476">To adjust the item columns displayed on the list, click <span><img id="en-us_topic_0046661675__image4682335744" src="en-us_image_0000001524684833.png"></span>. The <strong id="en-us_topic_0046661675__b0565114110512">Username</strong> and <strong id="en-us_topic_0046661675__b17565204110515">Operation</strong> columns are displayed by default, and the <strong id="en-us_topic_0046661675__b126598019011555">Status</strong> column cannot be removed. You can also select <strong id="en-us_topic_0046661675__b183805615511555">Description</strong>, <strong id="en-us_topic_0046661675__b43332226011555">Last Login</strong>, <strong id="en-us_topic_0046661675__b13656405577">Last Activity</strong>, <strong id="en-us_topic_0046661675__b72555193811555">Created</strong>, <strong id="en-us_topic_0046661675__b204451079011555">Access Type</strong>, <strong id="en-us_topic_0046661675__b162510438011555">Virtual MFA Device</strong>, <strong id="en-us_topic_0046661675__b172387985011555">Password Age</strong>, and <strong id="en-us_topic_0046661675__b90532330711555">Access Key (Status, Age, and AK)</strong>.</p>
-<p id="en-us_topic_0046661675__p1619061513148"><strong id="en-us_topic_0046661675__b3816185710220">Last Activity</strong> displays the first login time of your account or all the IAM users who have logged in within a 5-minute span. If you just use the account to obtain a token, <strong id="en-us_topic_0046661675__b174224191821">Last Activity</strong> shows last time there was any activity.</p>
+<p id="en-us_topic_0046661675__p1016014114476">To adjust the item columns displayed on the list, click <span><img id="en-us_topic_0046661675__image4682335744" src="en-us_image_0000001524684833.png"></span>. The <strong id="en-us_topic_0046661675__b0565114110512">Username</strong> and <strong id="en-us_topic_0046661675__b17565204110515">Operation</strong> columns are displayed by default, and the <strong id="en-us_topic_0046661675__b126598019011555">Status</strong> column cannot be removed. Optional columns include: User ID, <strong id="en-us_topic_0046661675__b1378844414192">External Identity ID</strong>, <strong id="en-us_topic_0046661675__b1578994411198">Description</strong>, <strong id="en-us_topic_0046661675__b478914445194">Last Login</strong>, <strong id="en-us_topic_0046661675__b147897444190">Created</strong>, <strong id="en-us_topic_0046661675__b1578914412192">Access Type</strong>, <strong id="en-us_topic_0046661675__b187891344181920">MFA Type</strong>, <strong id="en-us_topic_0046661675__b77891244111912">Password Age</strong>, and <strong id="en-us_topic_0046661675__b147891144101919">Access Key (Status, Age, and AK)</strong>.</p>
 </div>
 <div class="section" id="en-us_topic_0046661675__section1916211354916"><a name="en-us_topic_0046661675__section1916211354916"></a><a name="section1916211354916"></a><h4 class="sectiontitle">Basic Information</h4><p id="en-us_topic_0046661675__p62242130567">You can modify the basic information of IAM users, but cannot modify the basic information of your account. The username, user ID, and creation time can be viewed but cannot be modified.</p>
 <ul id="en-us_topic_0046661675__ul143322252207"><li id="en-us_topic_0046661675__li10481132225010"><strong id="en-us_topic_0046661675__b76866032211555">Status</strong>: New IAM users are enabled by default. You can set <strong id="en-us_topic_0046661675__b434011332111">Status</strong> to <strong id="en-us_topic_0046661675__b39041437181119">Disabled</strong> to disable an IAM user. A disabled user is no longer able to log in to the cloud platform through the management console or programmatic access.</li><li id="en-us_topic_0046661675__li146693231712"><strong id="en-us_topic_0046661675__b57184660911555">Access Type</strong>: You can change the access type of the IAM user.<div class="note" id="en-us_topic_0046661675__note11111719217"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0046661675__ul16409193291914"><li id="en-us_topic_0046661675__li19409932131912">Pay attention to the following when you set the access type for an IAM user:<ul id="en-us_topic_0046661675__ul147413541956"><li id="en-us_topic_0046661675__li94741545520">If you intend to enable the user to access cloud services only by using the management console, select <strong id="en-us_topic_0046661675__b671950181215">Management console access</strong>.</li><li id="en-us_topic_0046661675__li347411541654">If you intend to enable the user to access cloud services only by using programmatic access, select <strong id="en-us_topic_0046661675__b8911104611136">Programmatic access</strong>.</li><li id="en-us_topic_0046661675__li154741654059">If the user needs to use a password as the credential for programmatic access to certain APIs, select <strong id="en-us_topic_0046661675__b64080578011555">Programmatic access</strong>.</li><li id="en-us_topic_0046661675__li4474185411512">If the user needs to perform access key verification when using certain services in the console, select both <strong id="en-us_topic_0046661675__b89082016226">Programmatic access</strong> and <strong id="en-us_topic_0046661675__b390172062214">Management console access</strong>.</li></ul>
@@ -17,14 +16,6 @@
 <p id="en-us_topic_0046661675__p927615217167">Your account belongs to the default group <strong id="en-us_topic_0046661675__b121647041611555">admin</strong>, which cannot be changed.</p>
 <ul id="en-us_topic_0046661675__ul96216281165"><li id="en-us_topic_0046661675__li2068632113575">Click <strong id="en-us_topic_0046661675__b134134401716">Add to User Group</strong>, and select one or more groups to which the user will belong. The user then inherits permissions of these groups.</li><li id="en-us_topic_0046661675__li46213281168">Click <strong id="en-us_topic_0046661675__b38679096811555">Remove</strong> on the right of a user group and click <strong id="en-us_topic_0046661675__b79605040211555">Yes</strong>. The user no longer has the permissions assigned to the group.</li></ul>
 </div>
-<div class="section" id="en-us_topic_0046661675__section04991493273"><h4 class="sectiontitle">Security Settings</h4><p id="en-us_topic_0046661675__p133641626216">As an administrator, you can modify the MFA device, login credential, login protection, and access keys of an IAM user on this page. If you are an IAM user and need to change your mobile number, email address, or virtual MFA device, see <a href="en-us_topic_0046611308.html">Security Settings</a>.</p>
-<ul id="en-us_topic_0046661675__ul8366114719383"><li id="en-us_topic_0046661675__li763310524382"><strong id="en-us_topic_0046661675__b53748094211555">MFA Authentication</strong>: You can change the multi-factor authentication (MFA) settings of an IAM user on the <strong id="en-us_topic_0046661675__b36445479211555">Security Settings</strong> page.<ul id="en-us_topic_0046661675__ul153341166395"><li id="en-us_topic_0046661675__li1388974755917">Change the mobile number or email address of the user.<div class="note" id="en-us_topic_0046661675__note947485511013"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0046661675__p96400765313">The mobile number and email address of the IAM user cannot be the same as those of your account or other IAM users.</p>
-</div></div>
-</li><li id="en-us_topic_0046661675__li12141115123916">Remove the virtual MFA device from the user. For more information about MFA authentication and virtual MFA device, see <a href="iam_10_0002.html">MFA Authentication and Virtual MFA Device</a>.</li></ul>
-</li></ul>
-<ul id="en-us_topic_0046661675__ul126848275213"><li id="en-us_topic_0046661675__li1268410235213"><strong id="en-us_topic_0046661675__b211888094711555">Login Credentials</strong>: You can change the login password of the IAM user. For more information, see <a href="iam_01_0653.html">Modifying Security Settings for an IAM User</a>.</li><li id="en-us_topic_0046661675__li3684102125212"><strong id="en-us_topic_0046661675__b203261012311555">Login Protection</strong>: You can change the login verification method of the IAM user. Three verification methods are available: virtual MFA device, SMS, and email.<p id="en-us_topic_0046661675__p146847214521">This option is disabled by default. If you enable this option, the user will need to enter a verification code in addition to the username and password when logging in to the console.</p>
-</li><li id="en-us_topic_0046661675__li46842021522"><strong id="en-us_topic_0046661675__b163079549411555">Access Keys</strong>: You can manage access keys of the IAM user.</li></ul>
-</div>
 </div>
 <div>
 <div class="familylinks">

docs/iam/umn/en-us_topic_0066738518.html

@@ -7,9 +7,6 @@
 </p></li><li id="en-us_topic_0066738518__li54379570101332"><span>(Optional) Enter a description for the project.</span></li><li id="en-us_topic_0066738518__li40445067101332"><span>Click <span class="uicontrol" id="en-us_topic_0066738518__uicontrol17656183341311"><b>OK</b></span>.</span><p><p id="en-us_topic_0066738518__p48476965101332">The project list is displayed, and the newly created project is in the <strong id="en-us_topic_0066738518__b69241853192017">Normal</strong> state.</p>
 </p></li></ol>
 </div>
-<div class="section" id="en-us_topic_0066738518__section13675102471011"><h4 class="sectiontitle">Follow-Up Procedure</h4><p id="en-us_topic_0066738518__p10693103864813">Assigning permissions for a specific project</p>
-<p id="en-us_topic_0066738518__p2361193814422">On the user group details page, click the <strong id="en-us_topic_0066738518__b1831511287118">Permissions</strong> tab, select <strong id="en-us_topic_0066738518__b169811037110">Project View</strong>, click <strong id="en-us_topic_0066738518__b1915712121227">Modify Permissions</strong> in the row containing the target project, and then modify the permissions for this project. For details, see <a href="en-us_topic_0046611269.html">Creating a User Group and Assigning Permissions</a>.</p>
-</div>
 <div class="section" id="en-us_topic_0066738518__section645408871296"><h4 class="sectiontitle">Related Operations</h4><ul class="subitemlist" id="en-us_topic_0066738518__ul10146306101110"><li id="en-us_topic_0066738518__li24207892101110">Viewing project details<ol class="subitemlist" id="en-us_topic_0066738518__ol16544437101110"><li id="en-us_topic_0066738518__li4509552119243">View the projects of the corresponding region in the project list.</li><li id="en-us_topic_0066738518__li2885857319243">Click <strong id="en-us_topic_0066738518__b1248156510274_1">View</strong> in the <strong id="en-us_topic_0066738518__b437381410274_1">Operation</strong> column of the row that contains the target project.<p class="litext" id="en-us_topic_0066738518__p5840056519243">View project details and the users bound to the project.</p>
 <div class="note" id="en-us_topic_0066738518__note40555512114658"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0066738518__p87042515457">After you add a user to a user group that has been granted permissions for a specific project, the user inherits permissions of the group and is associated with the project. The user can switch to this project to access resources in it.</p>
 </div></div>