tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Serverless Cloud Function
    Documentation
    Download PDF

    Sub-users and Authorization

    Last updated: 2023-04-27 17:48:00
    Download PDF
      Note
      The root account needs to check on the**Role page whether the SCF_QcsRole policy is associated, and if not, grant the permissions as instructed in Service Authorization** in Role and Authorization; otherwise, sub-users will not be able to use the SCF console and call other Tencent Cloud resources through SCF.

      Creating a Sub-user and Granting it All SCF Permissions

      Step 1. Create a sub-user by using the root account

      1. Log in to the CAM console and select Users > User List on the left sidebar.
      2. On the User List page, select Create User > Custom to enter the Create Sub-User page.
      3. In the User Type step, after selecting Access Resources and Receive Messages, click Next to enter the user information.
      4. Enter and confirm the information as prompted and click Complete.
      Note
      For more information, see Creating Sub-User.

      Step 2. Create a custom policy

      1. Log in to the CAM console. Click Create Custom Policy in the top-left corner.
      2. In the pop-up window, click Create by Policy Generator to go to the Edit Policy page.
      3. Select the service in the Visual Policy Generator, enter the following information, and edit an authorization statement.
      Effect: Allow
      Service: SCF
      Action: All
      Resource Description: *
      **Condition (optional)**: Empty
      4. After editing the policy authorization statement, click Next to enter the Associate User/User Group/Role page.
      5. On the Associate User/User Group/Role page, add the policy name and description, and you can associate users, user groups, or roles for quick authorization at the same time.
      6. Click Complete to complete the custom policy creation.

      Step 3. Add CAM read-only permissions for the sub-user

      1. Log in to the CAM console and enter the User List page.
      2. Locate the sub-user you want to grant permission to.
      3. Click Authorize in the Operation column on the right.
      4. In the Associate Policy pop-up window, select QcloudCamReadOnlyAccess.
      5. Click OK.

      Completion

      After the settings above are configured, you can log in to the sub-account to view the permissions. Log in to the CAM console and select Overview on the left sidebar to access the overview page and view the sub-user login address.

      Creating a Sub-user and Granting it Certain SCF Permissions

      Step 1. Create a sub-user by using the root account

      1. Log in to the CAM console and select Users > User List on the left sidebar.
      2. On the User List page, select Create User > Custom to enter the Create Sub-User page.
      3. In the User Type step, after selecting Access Resources and Receive Messages, click Next to enter the user information.
      4. Enter and confirm the information as prompted and click Complete.
      Note
      For more information, see Creating Sub-User.

      Step 2. Create a custom policy

      1. Log in to the CAM console. Click Create Custom Policy in the top-left corner.
      2. In the pop-up window, click Create by Policy Generator to go to the Edit Policy page.
      3. Copy the code of the sample policy in SCF Policy Syntax and edit the policy content in Edit Policy > JSON.
      Note
      The resource description in resource needs to be replaced with the ID of the root account and the names of the functions under it. The region needs to be the same as that of the functions.
      4. Click Next to enter the Associate User/User Group/Role page.
      5. On the Associate User/User Group/Role page, add the policy name and description, and you can associate users, user groups, or roles for quick authorization at the same time.
      6. Click Complete to complete the custom policy creation.

      Step 3. Add CAM read-only permissions for the sub-user

      1. Log in to the CAM console and enter the User List page.
      2. Locate the sub-user you want to grant permission to.
      3. Click Authorize in the Operation column on the right.
      4. In the Associate Policy pop-up window, select QcloudCamReadOnlyAccess.
      5. Click OK.

      Completion

      After the settings above are configured, you can log in to the sub-account to view the permissions. Click Overview on the left sidebar to access the overview page and view the sub-user login address.
      Note
      After the policy takes effect, the current sub-account will be able to see all the function names but will only be able to operate on and view the functions listed in resource.
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy