This document describes how to use a Tencent Cloud root account to grant operation-level permissions to its sub-accounts. You may grant different read/write permissions to sub-accounts as required.
Prerequisites
A sub-account has been created for an employee using the Tencent Cloud root account. For detailed operations, see Creating a Sub-account.
Operation Steps
Granting Full Read/Write Permissions
Note:
After a sub-account is granted full read/write permissions, the sub-account will have full read/write capabilities for all resources under the root account.
2. In the left sidebar, select Policy to go to the Policy Management list page. In the search bar on the right, enter QcloudCKafkaFullAccess to search for the policy.
3. In the search results, click Associate User/Group/Role of QcloudCKafkaFullAccess and select the sub-accounts to be authorized.
4. Click OK to complete the authorization. This policy will appear in the user's policy list.
Granting the Read-Only Permission
Note:
After being granted the read-only permission, the sub-accounts will have the read-only capability for all resources under the root account.
2. In the left sidebar, select Policy to go to the Policy Management list page. In the search bar on the right, enter QcloudCkafkaReadOnlyAccess to search for the policy.
3. In the search results, click Associated User/Group/Role in the QcloudCkafkaReadOnlyAccess Operation column and select the sub-accounts to be authorized.
4. Click OK to complete the authorization. This policy will appear in the user's policy list.
