tencent cloud


CLB Certificate Operation Permissions

Last updated: 2021-06-29 17:20:38

    Operation Scenarios

    Since March 23, 2020, all certificate operations of CLB have been connected to Cloud Access Management (CAM) for authentication. Therefore, when a sub-user account performs CLB certificate operations, if "You are not authorized for this operation. Please contact your developer." is displayed, you can grant certificate permissions to the sub-user account as instructed below.


    The logged-in account needs to be the root account or a sub-user account with CAM permissions (i.e., associated with the QcloudCamFullAccess policy).


    • To check whether the sub-user account has CAM permissions, go to User List in the CAM Console, enter the details page of the sub-user, and check whether the QcloudCamFullAccess policy has been associated.
    • If the QcloudCamFullAccess policy is associated, but "No API permissions (message:GetReceiversOnAllType). Please contact your developer." is displayed when the sub-user performs certificate operations, they can ignore and proceed anyway.


    Please grant certificate permissions in the following methods:

    Method 1. Associate a custom policy

    1. Log in to the CAM Console.
    2. On the left sidebar, click Policies.
    3. Click Create Custom Policy and select Create by Policy Syntax in the pop-up box.
    4. On the "Select Template Policy" page, select Blank Template and click Next.
    5. On the "Edit Policy" page, enter the policy name and enter the following policy content in the "Edit Policy Content" input box:
      "version": "2.0",
      "statement": [
              "action": "name/ssl:*",
              "resource": "qcs::ssl:::*",
              "effect": "allow"
    6. Then, click Done to return to the "Policy" list page.
    7. At the top of the "Policy" list page, select Custom Policy, find the row of the policy you just created in the list, and click Associate User/Group in the "Operation" column.
    8. In the pop-up box, select the user to be authorized and click OK.

    Method 2. Associate a preset policy

    1. Log in to the CAM Console.
    2. On the left sidebar, select User > User List to enter the "User List" page.
    3. In the row of the sub-user to be authorized, click Authorize in the "Operation" bar.
    4. In the pop-up box, select QcloudSSLFullAccess or QcloudSSLReadOnlyAccess and click OK.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support