Operation Scenarios
Since March 23, 2020, all certificate operations of CLB have been connected to Cloud Access Management (CAM) for authentication. Therefore, when a sub-user account performs CLB certificate operations, if "You are not authorized for this operation. Please contact your developer." is displayed, you can grant certificate permissions to the sub-user account as instructed below.
Prerequisites
The logged-in account needs to be the root account or a sub-user account with CAM permissions (i.e., associated with the QcloudCamFullAccess
policy).
Note:
To check whether the sub-user account has CAM permissions, go to User List in the CAM Console, enter the details page of the sub-user, and check whether the QcloudCamFullAccess
policy has been associated. If the QcloudCamFullAccess
policy is associated, but "No API permissions (message:GetReceiversOnAllType). Please contact your developer." is displayed when the sub-user performs certificate operations, they can ignore and proceed anyway.
Directions
Please grant certificate permissions in the following methods:
Method 1. Associate a custom policy
2. On the left sidebar, click Policies.
3. Click Create Custom Policy and select Create by Policy Syntax in the pop-up box.
4. On the "Select Template Policy" page, select Blank Template and click Next.
5. On the "Edit Policy" page, enter the policy name and enter the following policy content in the "Edit Policy Content" input box:
{
"version": "2.0",
"statement": [
{
"action": "name/ssl:*",
"resource": "qcs::ssl:::*",
"effect": "allow"
}
]
}
6. Then, click Done to return to the "Policy" list page.
7. At the top of the "Policy" list page, select Custom Policy, find the row of the policy you just created in the list, and click Associate User/Group in the "Operation" column.
8. In the pop-up box, select the user to be authorized and click OK.
Method 2. Associate a preset policy
2. On the left sidebar, select User > User List to enter the "User List" page.
3. In the row of the sub-user to be authorized, click Authorize in the "Operation" bar.
4. In the pop-up box, select QcloudSSLFullAccess
or QcloudSSLReadOnlyAccess
and click OK.
Was this page helpful?