Release Notes and Announcements
- new feature release notes
Product Overview
Purchase Guide
- Cloud Native Gateway
- Polaris
- Refund Instructions
- Overdue Payment Instructions
Cloud Native Gateway
- Cloud Native Gateway Overview
- Quick Start
- Operation Guide
- Migration Guide
- Practice Tutorial
AI Gateway
- AI Gateway Overview
- Version Lifecycle Management
- Quick Start
- Operation Guide
Polaris
- Polaris Overview
- Quick Start
- Instance Management
- Service Management (Registry)
- Service Governance (Governance Center)
- Configuration Management (Configuration Center)
- Observability
- Operation Record
- Permission Control (Permission Center)
- Java Application Development
- Go Application Development
- Migration Guide
Permissions and Tags
- Granting Access Permissions to a Root Account
- Granting Access Permissions to Sub-accounts
- Obtaining Cloud Native Gateway Authorization for the Root Account
- Granting Cloud Native Gateway Access Authorization to Sub-accounts
- Tag Management
FAQ
Contact Us

Granting Tag-Level Permissions to Sub-accounts

フォーカスモード

フォントサイズ

最終更新日: 2026-05-07 18:12:24

Scenarios
This task guides you to authorize a sub-account to access resources under a specific Tag using the Tag-based authorization method. The authorized sub-account gains control over resources associated with that Tag.
Prerequisites
You have a Tencent Cloud root account and have activated the Tencent Cloud CAM service.
The root account has at least one sub-account, and authorization has been completed according to Sub-account Obtaining Access Authorization.
Have at least one Microservices Engine instance.
At least one Tag is available. If no tag exists, you can choose the Tag console > Tag List to create one.
Operation Steps
You can grant a sub-account read/write permissions for TSE resources owned by the root account and bound with Tags by using the policy feature in the CAM console through the Tag-based Authorization method. The detailed steps for Granting Resource Permissions to a Sub-account by Tag are as follows.
Step 1: Binding a Tag to a Resource
1. Log in to the Microservices Engine console using your root account, select an existing engine instance, and click to go to its details page.
1. ﻿
﻿
﻿
2. Click to go to the basic information page of an engine instance, click the edit icon for the Tag, and bind the Tag to the engine instance.
﻿
﻿
﻿
Step 2: Authorizing by Tag
1. Go to the CAM console and click Policy in the left sidebar.
2. Click New Custom Policy.
﻿
﻿
3. Select Tag-based Authorization.
﻿
﻿
﻿
4. In the policy generator, select the user or user group to grant permissions to, and select the required Tag.
﻿
﻿
﻿
5. Click Add Service and Operation, enter tse in Cloud Service to filter, and select Tencent Cloud Microservices Engine (tse) from the results.
﻿
﻿
﻿
6. Select All Operations in Operation. You can also select the corresponding operations as needed.
﻿
﻿
﻿
7. Click Next, enter a policy name as needed, and preview the policy.
﻿
﻿
﻿
8. Click Complete to enable the sub-account to control resources under the specified tag based on policies.
Managing Resource Tags in a Unified Manner
You can also manage resource tags in a unified manner in the Tag console. The detailed operations are as follows:
1. Log in to the Tencent Cloud Tag console.
2. In the left sidebar > Resource Tags, select query conditions as needed, and choose Tencent Cloud Microservices Engine > Microservices Engine Instance in Resource Type.
﻿
﻿
﻿
3. Click Query Resources.
4. Select the required TSE resources from the results, click Edit Tags, and then bind or unbind Tags in batches.
﻿
﻿
﻿
Other Authorization Methods
Operation-level Authorization
Resource-level Authorization