tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Infinite
    Documentation
    Download PDF

    Authorizing Sub-Accounts to Access CI Services

    Last updated: 2024-01-31 16:54:06
    Download PDF
      Cloud Infinite (CI) provides a suite of data processing services, among which CI storage is based on COS. Therefore, for a sub-account to use all CI services, it must be granted necessary read/write permissions both for CI and COS. Granting CI operation permissions to a sub-account involves three steps: Create a Sub-Account and Grant CI Permissions, Grant COS permissions to the Sub-Account, and Use the Sub-Account to Process Data.
      Note:
      A sub-account may need the following permissions to view data or change settings in the CI console:
      Operation
      Permission
      Create a bucket
      cos:PutBucket permission for COS bucket
      Unbind a bucket
      cos:DeleteBucket permission for COS bucket
      View feature configuration
      cos:GetBucket permission for COS bucket
      Modify feature configuration
      cos:PutObject permission for COS bucket
      

      Step 1. Create a Sub-Account and Grant CI Permissions

      You can create a sub-account in CAM Console and grant CI access permissions for it. The specific procedure is as follows:
      1. Log in to CAM Console. In the left sidebar, choose Users > User List.
      2. In the user list page, click Create User.
      3. Click Custom Create to open the Select Type page.
      4. Click Access to resources and receive messages > Next to enter the Enter user info page.
      5. Enter user information. Here, you can create multiple sub-users, set the access type and console password, or perform other operations.
      6. Click Next to set user permissions. Choose Select policies from the policy list, and then QcloudCIFullAccess for full CI access from the policy list. Click Next.
      7. After confirming that the information is correct, click OK to create the sub-account.

      Step 2. Grant COS Permissions to the Sub-Account

      To grant COS resource access permissions to the sub-account, associate a preset policy with it as follows:
      1. Log in to CAM Console. In the left sidebar, choose Users > User List.
      2. In the user list page, find the sub-user that you just created, and click Grant Permission under Operation.
      3. In the policy list, select the appropriate permission policy, and click OK to associate it with the sub-user
      You can also grant COS permissions to a sub-account using a custom policy. For more information, see the Authorization Management document and policy examples.

      Step 3. Use the Sub-Account to Process Data

      To use a sub-account to process data, you need the APPID of the root account and the SecretId and SecretKey of the sub-account.
      1. Log in to CAM Console with your root account. In the left sidebar, choose Users > User List.
      2. Click on the name of the sub-account whose SecretId and SecretKey you want.
      3. Select the API Key tab where you can get the SecretId and SecretKey.
      You can also get the API Key from the CAM console using a sub-account by granting it CAM read permission.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy