Granting Operation-Level Permissions to Sub-accounts

Last updated:2026-01-30 14:55:28

Granting Operation-Level Permissions to Sub-accounts

Last updated: 2026-01-30 14:55:28

Scenarios
This introduces you to use the Tencent Cloud root account to perform operation-level authorization for a sub-account. Based on your actual needs, you can grant the sub-account different read/write permissions.
Prerequisites
The Tencent Cloud root account has been used to create a sub-account for the employee. For detailed operations, see Creating Sub-account.
Operation Steps
Granting Full Read and Write Permissions
Note:
 After a sub-account is granted full read/write permissions, the sub-account will have full read/write capabilities for all resources under the root account.
1. Log in with your root account to the CAM console.
2. Select Policies in the left sidebar to enter the policy management list page, then input QcloudMQTTFullAccess in the search box on the right to search.
﻿
3. In the search result, click QcloudMQTTFullAccess Associate User/Group/Role, then select the sub-account that requires authorization.
﻿
4. Click OK to complete authorization. The policy will appear in the user's policy list.
﻿
Granting Read-Only Permission
Note:
After being granted the read-only permission, the sub-accounts will have the read-only capability for all resources under the root account.
1. Log in with your root account to the CAM console.
2. Select Policies in the left sidebar to enter the policy management list page, then input QcloudMQTTReadOnlyAccess in the search box on the right to search.
﻿
3. In the search result, click QcloudMQTTReadOnlyAccess Associate User/Group/Role in the Operation column, then select the sub-account to authorize.
﻿
4. Click OK to complete authorization. The policy will appear in the user's policy list.
﻿