Cloud Infinite (CI) provides a suite of data processing services, among which CI storage is based on COS. Therefore, for a sub-account to use all CI services, it must be granted necessary read/write permissions both for CI and COS.
Granting CI operation permissions to a sub-account involves three steps: Create a Sub-Account and Grant CI Permissions, Grant COS permissions to the Sub-Account, and Use the Sub-Account to Process Data.
A sub-account may need the following permissions to view data or change settings in the CI console:
Operation Permission Create a bucket cos:PutBucket permission for COS bucket Unbind a bucket cos:DeleteBucket permission for COS bucket View feature configuration cos:GetBucket permission for COS bucket Modify feature configuration cos:PutObject permission for COS bucket
You can create a sub-account in CAM Console and grant CI access permissions for it. The specific procedure is as follows:
Log in to CAM Console. In the left sidebar, choose Users > User List.
In the user list page, click Create User.
Click Custom Create to open the Select Type page.
Click Access to resources and receive messages > Next to enter the Enter user info page.
Enter user information. Here, you can create multiple sub-users, set the access type and console password, or perform other operations.
Click Next to set user permissions. Choose Select policies from the policy list, and then QcloudCIFullAccess for full CI access from the policy list. Click Next.
After confirming that the information is correct, click OK to create the sub-account.
To grant COS resource access permissions to the sub-account, associate a preset policy with it as follows:
You can also grant COS permissions to a sub-account using a custom policy. For more information, see the Authorization Management document and policy examples.
To use a sub-account to process data, you need the APPID of the root account and the SecretId and SecretKey of the sub-account.
You can also get the API Key from the CAM console using a sub-account by granting it CAM read permission.