Kafka resource owned by the root account to a sub-account. The sub-account with permission will get the privilege to use the resource. This document base grants a cluster resource permission to a sub-account as an example. The procedure for other types of resources is similar.
Prerequisites
The Tencent Cloud root account has been used to create a sub-account for the employee. For detailed instructions, see create sub-account
You must have at least one CKafka instance.
Directions
Step 1. Obtain the CKafka cluster ID
1. Log in to the CKafka console with root account, then click the existing cluster instance ID to enter the details page.
2. In Basic Info, the field ID indicates the ID of the current CKafka cluster.
2. Select Policy in the left sidebar, Click Create Custom Policy, and choose Create by Policy Builder as the create policy method.
3. In the visual policy generator, select Allow for Effect, enter CKafka in Service to filter, and select CKafka (ckafka).
4. Select All actions in Action, and you can also select the action type as needed.
Note:
Some APIs do not support resource-level authorization temporarily. Refer to the console page for APIs that support resource authorization.
5. In the Resource field, select Specific resources, find the ckafkaId resource type, and you can select Any resource of this type on the right to authorize all cluster resources, or click Add a six-segment resource description to authorize specific cluster resources.
6. In the Condition section, select whether to specify the source IP based on actual business needs. If specified, requests are only allowed to access the specified action when they come from the specified IP range.
7. Click Next, set policy name. The Policy Name is automatically generated by the console, defaulting to "policygen" with a numerical suffix generated based on the creation date. You can customize it.
8. Click Select Users or Select User Groups to select the users or user groups that need to be granted resource permissions.
9. Click Complete. The sub-account with granted resource permissions will have the capability to access related resources.
