Release Notes and Announcements

Release Notes

Announcements

Product Introduction

Overview

Features

Use Cases

Strengths

Concepts

Regions and Access Endpoints

Specifications and Limits

Service Regions and Service Providers

Billing

Billing Overview

Billing Method

Billable Items

Free Tier

Billing Examples

Viewing and Downloading Bill

Payment Overdue

FAQs

Getting Started

Console

Getting Started with COSBrowser

User Guide

Creating Request

Bucket

Object

Data Management

Batch Operation

Global Acceleration

Monitoring and Alarms

Operations Center

Data Processing

Content Moderation

Smart Toolbox

Data Processing Workflow

Application Integration

User Tools

Tool Overview

Installation and Configuration of Environment

COSBrowser

COSCLI (Beta)

COSCMD

COS Migration

FTP Server

Hadoop

COSDistCp

HDFS TO COS

GooseFS-Lite

Online Tools

Diagnostic Tool

Use Cases

Overview

Access Control and Permission Management

Performance Optimization

Accessing COS with AWS S3 SDK

Data Disaster Recovery and Backup

Domain Name Management Practice

Image Processing

Audio/Video Practices

Workflow

Direct Data Upload

Content Moderation

Data Security

Data Verification

Big Data Practice

COS Cost Optimization Solutions

Using COS in the Third-party Applications

Migration Guide

Migrating Local Data to COS

Migrating Data from Third-Party Cloud Storage Service to COS

Migrating Data from URL to COS

Migrating Data Within COS

Migrating Data Between HDFS and COS

Data Lake Storage

Cloud Native Datalake Storage

Metadata Accelerator

GooseFS

Data Processing

Data Processing Overview

Image Processing

Media Processing

Content Moderation

File Processing Service

File Preview

Troubleshooting

Obtaining RequestId

Slow Upload over Public Network

403 Error for COS Access

Resource Access Error

POST Object Common Exceptions

API Documentation

Introduction

Common Request Headers

Common Response Headers

Error Codes

Request Signature

Action List

Service APIs

Bucket APIs

Object APIs

Batch Operation APIs

Data Processing APIs

Job and Workflow

Content Moderation APIs

Cloud Antivirus API

SDK Documentation

SDK Overview

Preparations

Android SDK

C SDK

C++ SDK

.NET(C#) SDK

Flutter SDK

Go SDK

iOS SDK

Java SDK

JavaScript SDK

Node.js SDK

PHP SDK

Python SDK

React Native SDK

Mini Program SDK

Error Codes

Harmony SDK

Endpoint SDK Quality Optimization

Security and Compliance

Data Disaster Recovery

Data Security

Cloud Access Management

FAQs

Granting Bucket Permissions to a Sub-Account that is Under Another Root Account

PDF

Mode fokus

Ukuran font

Terakhir diperbarui: 2024-06-03 11:10:51

Overview
There are two buckets under root account A (APPID: 1250000000): examplebucket1-1250000000 and examplebucket2-1250000000, which sub-account B0 under root account B wants to manipulate to meet its business needs. This document describes how to authorize it to do so.
Directions
Authorizing root account B to manipulate buckets under root account A
1. Log in to the COS console with root account A.
2. Click Bucket List, find the bucket to be authorized, and click its name to enter the bucket details page.
3. On the left sidebar, click Permission Management to enter the bucket's permission management page.
4. Find the Permission Policy Settings configuration item, click Add Policy, select a custom policy, and click Next.
5. Fill in the form as shown below:
Policy ID: Optional.
Effect: Allowed.
User: Click "Add User", select root account for user type, and enter root account B's UIN for account ID, such as 100000000002.
Resource: Select an option as needed (the entire bucket by default).
Resource Path: It needs to be entered only for specified resources.
Operation: Click "Add Operation" and select all operations. If you want to grant root account B permissions to only certain operations, you can also select one or more operations as needed.
Filter: Add a filter or leave it blank as needed.
6. Click Finish to grant root account B specified permissions to the bucket.
7. If you need to authorize root account B to manipulate other buckets, repeat the above steps.
Authorizing sub-account B0 to manipulate buckets under root account A
1. Log in to the CAM Console with root account B and go to the Policy page.
2. Select Create by Policy Syntax > Create by Policy Syntax > Blank Template and click Next.
Note: 
Root account B can grant its sub-account B0 permissions only using a custom policy, but not a preset policy.
3. Fill in the form as shown below:
Policy Name: Designate a unique and meaningful name for the policy, such as cos-child-account.
Remarks: Optional; add remarks as needed.
Policy Content:
{
 "version": "2.0",
 "statement": [
  {
      "action": "cos:*",
      "effect": "allow",
            "resource": [ 
                "qcs::cos::uid/1250000000:examplebucket1-1250000000/*",
                "qcs::cos::uid/1250000000:examplebucket2-1250000000/*"
            ]
  }
 ]
}
The policy above grants sub-account B0 the permissions to operate on all the buckets under account A that root account B is authorized to access. Here, 1250000000 in uid/1250000000 refers to the APPID of root account A, and examplebucket1-1250000000 and examplebucket2-1250000000 are the buckets under account A that root account B is authorized to operate.
4. Click Complete.
5. Locate the created policy in the policy list and click Associate User/User Group/Role on the right.
6. In the pop-up window, select sub-account B0 and click OK.
7. Then, the authorization is completed, and you can use the key of sub-account B0 to manipulate the bucket under root account A.

Bantuan dan Dukungan

Apakah halaman ini membantu?

Anda juga dapat Menghubungi Penjualan atau Mengirimkan Tiket untuk meminta bantuan.

masukan

tencent cloud

Cloud Object Storage

Granting Bucket Permissions to a Sub-Account that is Under Another Root Account

Overview

Directions

Authorizing root account B to manipulate buckets under root account A

Authorizing sub-account B0 to manipulate buckets under root account A

Bantuan dan Dukungan