tencent cloud

All product documents
Cloud Infinite
DocumentationCloud InfiniteDeveloper ManualAccess ManagementAuthorizing Sub-Accounts to Access CI Services
Authorizing Sub-Accounts to Access CI Services
Download PDF
Last updated: 2024-01-31 16:54:06
Authorizing Sub-Accounts to Access CI Services
Last updated: 2024-01-31 16:54:06
Download PDF
Cloud Infinite (CI) provides a suite of data processing services, among which CI storage is based on COS. Therefore, for a sub-account to use all CI services, it must be granted necessary read/write permissions both for CI and COS. Granting CI operation permissions to a sub-account involves three steps: Create a Sub-Account and Grant CI Permissions, Grant COS permissions to the Sub-Account, and Use the Sub-Account to Process Data.
Note:
A sub-account may need the following permissions to view data or change settings in the CI console:
Operation
Permission
Create a bucket
cos:PutBucket permission for COS bucket
Unbind a bucket
cos:DeleteBucket permission for COS bucket
View feature configuration
cos:GetBucket permission for COS bucket
Modify feature configuration
cos:PutObject permission for COS bucket


Step 1. Create a Sub-Account and Grant CI Permissions

You can create a sub-account in CAM Console and grant CI access permissions for it. The specific procedure is as follows:
1. Log in to CAM Console. In the left sidebar, choose Users > User List.
2. In the user list page, click Create User.
3. Click Custom Create to open the Select Type page.
4. Click Access to resources and receive messages > Next to enter the Enter user info page.
5. Enter user information. Here, you can create multiple sub-users, set the access type and console password, or perform other operations.
6. Click Next to set user permissions. Choose Select policies from the policy list, and then QcloudCIFullAccess for full CI access from the policy list. Click Next.
7. After confirming that the information is correct, click OK to create the sub-account.

Step 2. Grant COS Permissions to the Sub-Account

To grant COS resource access permissions to the sub-account, associate a preset policy with it as follows:
1. Log in to CAM Console. In the left sidebar, choose Users > User List.
2. In the user list page, find the sub-user that you just created, and click Grant Permission under Operation.
3. In the policy list, select the appropriate permission policy, and click OK to associate it with the sub-user
You can also grant COS permissions to a sub-account using a custom policy. For more information, see the Authorization Management document and policy examples.

Step 3. Use the Sub-Account to Process Data

To use a sub-account to process data, you need the APPID of the root account and the SecretId and SecretKey of the sub-account.
1. Log in to CAM Console with your root account. In the left sidebar, choose Users > User List.
2. Click on the name of the sub-account whose SecretId and SecretKey you want.
3. Select the API Key tab where you can get the SecretId and SecretKey.
You can also get the API Key from the CAM console using a sub-account by granting it CAM read permission.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon