- Product Introduction
- Purchase Guide
- Operation Guide
- Console Overview
- Organization Settings
- Department Management
- Member Account Management
- Member Finance Management
- Member Access Management
- Service Control Policy
- Overview
- Enabling Service Control Policy
- Creating Custom Service Control Policy
- Viewing Service Control Policy Details
- Modifying Custom Service Control Policy
- Deleting Custom Service Control Policy
- Binding Custom Service Control Policy
- Unbinding Custom Service Control Policy
- Disabling Service Control Policy
- Service Control Policy
- Resource Management
- Member Audit
- Identity Center Management
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Organization Service Management APIs
- Department and Member Management APIs
- Organization Settings APIs
- ListOrganizationIdentity
- Data Types
- Error Codes
- TCO API 2018-12-25
- History
- API Category
- Making API Requests
- Read APIs
- Write APIs
- UpdateOrganizationNode
- UpdateOrganizationMember
- SendOrganizationInvitation
- QuitOrganization
- MoveOrganizationMembersToNode
- DenyOrganizationInvitation
- DeleteOrganizationNodes
- DeleteOrganizationMembers
- DeleteOrganizationMemberFromNode
- DeleteOrganization
- CreateOrganization
- CancelOrganizationInvitation
- AddOrganizationNode
- AcceptOrganizationInvitation
- Data Types
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Operation Guide
- Console Overview
- Organization Settings
- Department Management
- Member Account Management
- Member Finance Management
- Member Access Management
- Service Control Policy
- Overview
- Enabling Service Control Policy
- Creating Custom Service Control Policy
- Viewing Service Control Policy Details
- Modifying Custom Service Control Policy
- Deleting Custom Service Control Policy
- Binding Custom Service Control Policy
- Unbinding Custom Service Control Policy
- Disabling Service Control Policy
- Service Control Policy
- Resource Management
- Member Audit
- Identity Center Management
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Organization Service Management APIs
- Department and Member Management APIs
- Organization Settings APIs
- ListOrganizationIdentity
- Data Types
- Error Codes
- TCO API 2018-12-25
- History
- API Category
- Making API Requests
- Read APIs
- Write APIs
- UpdateOrganizationNode
- UpdateOrganizationMember
- SendOrganizationInvitation
- QuitOrganization
- MoveOrganizationMembersToNode
- DenyOrganizationInvitation
- DeleteOrganizationNodes
- DeleteOrganizationMembers
- DeleteOrganizationMemberFromNode
- DeleteOrganization
- CreateOrganization
- CancelOrganizationInvitation
- AddOrganizationNode
- AcceptOrganizationInvitation
- Data Types
- Error Codes
- FAQs
- Glossary
Permission configuration is a configuration template used by Identity Center users to access accounts. It includes predefined policies of Cloud Access Management (CAM) and does not currently support custom policies. You can use this template to authorize Identity Center users on the account.
First Deployment of Permission Configuration
When you set permissions for users or user groups on the account, you need to specify a permission configuration. If no other users or user groups have been deployed with a permission configuration on that account, the Identity Center will deploy a permission configuration in the account's CAM for you. The deployment in CAM includes the following:
Create a CAM role of type Identity Center synchronization.
On the CAM role, bind the system policy specified in permission configuration. Custom policies are not currently supported.
If no authorizations have been made on the account, create an identity provider, allowing Identity Center users to use role single sign-on (SSO) to log in to the account.
You can view the aforementioned CAM role and identity provider in the CAM console of the account, but you cannot modify or delete them.
Redeploying Permission Configuration
If the permission configuration has already been deployed to an account but changes are made to the permission configuration, these changes will not be automatically updated to the account. You need to manually redeploy (add or delete system policies) for the changes to take effect.
Yes
No
Was this page helpful?