Sub-users and Authorization

Serverless Cloud Function

Release Notes and Announcements

Release Notes

Announcements

Layer Supporting Tag Management and Resource Authorization Upgrade Announcement

SCF Log Service Change Notification

Product Introduction

Purchase Guide

Billable Items and Billing Modes

Billable Items

Subscription Packages

Pay-As-You-Go (Postpaid)

Free Tier

SCF Pricing

Pricing

Provisioned Concurrency Price

Billing Example

Payment Overdue

Getting Started

Creating Event Function in Console

Creating Function with Serverless Cloud Framework

User Guide

Quota Management

Quota Limits

Exceeded Quota Management

Managing Functions

Query a Function Execution Log

Deleting a Function

Deploying Functions

Web Function Management

Function Overview

Creating and Testing Function

Bootstrap File Description

Trigger Management

HTTP-Triggered Function Billing

Deploying Web Function on Command Line

WebSocket Protocol Support

HTTP-Triggered Function Request Concurrency Management

Log Management

Log Search Guide

Log Delivery Configuration

Log Delivery Configuration (Legacy)

Concurrence Management

Concurrency Overview

Concurrency Management System

Provisioned Concurrency

Scheduled Provisioned Concurrency

Dynamic Provisioned Concurrency Metric

Concurrency Overrun

Trigger Management

Creating a Trigger

Deleting Triggers

Enabling/Disabling Triggers

A Custom Domain Name

Configuring a Custom Domain Name

Version Management

Alias Management

Traffic Routing Configuration

Using Alias to Implement SCF Grayscale Release

Permission Management

Permission Management Overview

Role and Authorization

SCF Policy Syntax

Sub-users and Authorization

Users and Permissions

Creating a Sub-user and Granting It All Permissions of SCF

Creating a Sub-user and Granting It Permissions to Operate Certain Functions

Managing Monitors and Alarms

Descriptions of monitoring metrics

Configuring Alarms

Viewing Execution Logs

Network Configuration

Network Configuration Management

Fixed Public Outbound IP

VPC Communication

Granting a Function in VPC Access to Public Network

Layer Management

Overview

Creating Layer

Binding function to layer

Using layer

Execution Configuration

Async Execution

Status Trace

Async Event Management

Extended Storage Management

Mounting CFS File System

DNS Caching Configuration

Resource Managed Mode Management

Triggers

Trigger Overview

Trigger Event Message Structure Summary

API Gateway Trigger

Overview

Websocket

How It Works

Usage

COS Trigger

COS Trigger Description

Usage

CLS Trigger

CLS Trigger Description

Usage

Timer Trigger

Timer Trigger Description

Usage

CKafka Trigger

CKafka Trigger Description

Usage

Apache Kafka Trigger

Apache Kafka Trigger Description

Usage

Trigger Configuration Description

MPS Trigger

CLB Trigger Description

TencentCloud API Trigger

Development Guide

Basic Concepts

Testing a Function

Environment Variables

Dependency Installation

Using Container Image

Error Types and Retry Policies

Dead Letter Queue

Connecting SCF to Database

Automated Deployment

Cloud Function Status Code

Common Errors and Solutions

Developer Tools

Serverless Web IDE

Serverless Cloud Framework

Overview

Installation

Permission Management

Function Operations

Development Debugging

Project Application

List of Supported Commands

Account and Permission Configuration

Creating and Deploying Function

Calling SDK Across Functions

Node.js SDK

SDK for Python

Third-Party Tools

Malagu Framework

Accessing Database

Getting Started

Overview

Code Development

Web Framework Development

Deploying Framework on Command Line

Quickly Deploying Egg Framework

Quickly Deploying Express Framework

Quickly Deploying Flask Framework

Quickly Deploying Koa Framework

Quickly Deploying Laravel Framework

Quickly Deploying Nest.js Framework

Quickly Deploying Next.js Framework

Quickly Deploying Nuxt.js Framework

Quickly Deploying Django Framework

Practical Tutorial

Overview

Solutions with Tencent Cloud Services

Business Development

Function Concurrency Management Practice

Concurrent High-Performance Architecture

Using Custom Font in SCF

Implementing Todo Application with Spring Boot and SCF

ServerlessFramework Practices

Framework Migration

API Gateway

Using API Gateway to Provide API Service

Example

Step 1. Create blogArticle Function

Step 2. Create and Test API Service

Step 3. Publish API Service and Verify Online

Serverless Multi-File Upload Processing

Implementing Custom Invitation with SCF + API Gateway

TRTC Practices

Using SCF to Input Online Media Streams for SCF +TRTC

SCF + TRTC for Stream Single Recording

SCF + TRTC for Stream Mix Recording

COS Practices

Audio/Video Transcoding

Acquire Image on COS and Create a Thumbnail

Example illustration

Step 1. Prepare COS Bucket

Step 2. Create and Test Thumbnail Function

Forming Data Lake with SCF + COS

Implementing Custom Calculation of File Hash Value with SCF + COS

Implementing Custom Transcoding with SCF + COS

MapReduce Method that Uses WordCount as an Example

Example

Step 1: Prepare a COS Bucket

Step 2. Create Mapper and Reducer Functions

Step 3. Test Function

CKafka Practice

Dumping CKafka Data to ES

SCF + CKafka for Message Dump to TencentDB for MySQL

SCF + CKafka for Message Dump to CKafka

CLS

CLS Function Processing Overview

Log ETL

SCF +CLS Dump to CKafka

SCF +CLS Dump to COS

Dumping Logs to ES with SCF + CLS

CLB Practice

Using SCF and CLB to Quickly Deploy Web Service

MPS

MPS Function Processing Overview

Video Task Callback Backup to COS

Video Task Callback Notification Tool

CDN

SCF + CDN for Scheduled Prefetch/Purge

CDWPG

SCF + CDWPG for CKafka Data Import

VOD

SCF + VOD for Event Notification Receipt

SMS

SCF + SMS for SMS Verification Code

SCF + ES for Quick Search Service

Scheduled Task

Scheduled Task Overview

Performing Scheduled Task

Video Processing

Implementing Batch Automated Video Editing with SCF and FFmpeg

Success Stories

Tencent Online Education

Online Video Industry

Audio/Video Transcoding Best Practices

Tencent Online Education

Best Practice of Tencent IEG Going Global

API Documentation

Making API Requests

Trigger APIs

Function APIs

Namespace APIs

Layer Management APIs

Async Event Management APIs

Other APIs

Function and Layer Status Description

FAQs

API Gateway Trigger FAQs

Related Agreement

Service Level Agreement

Glossary

DocumentationServerless Cloud FunctionUser GuidePermission ManagementSub-users and Authorization

Sub-users and Authorization

Download PDF

Last updated: 2024-12-02 20:11:42

Sub-users and Authorization

Last updated: 2024-12-02 20:11:42

Download PDF

Note:
The root account needs to check on the Role page whether the SCF_QcsRole policy is associated, and if not, grant the permissions as instructed in Service Authorization in Role and Authorization; otherwise, sub-users will not be able to use the SCF console and call other Tencent Cloud resources through SCF.
Creating a Sub-user and Granting it All SCF Permissions
Step 1. Create a sub-user by using the root account
1. Log in to the CAM console and select Users > User List on the left sidebar.
2. On the User List page, select Create User > Custom to enter the Create Sub-User page.
3. In the User Type step, after selecting Access Resources and Receive Messages, click Next to enter the user information.
4. Enter and confirm the information as prompted and click Complete.
Note:
For more information, see Creating Sub-User.
Step 2. Create a custom policy
1. Log in to the CAM console. Click Create Custom Policy in the top-left corner.
2. In the pop-up window, click Create by Policy Generator to go to the Edit Policy page.
3. Select the service in the Visual Policy Generator, enter the following information, and edit an authorization statement.
Effect: Allow
Service: SCF
Action: All
Resource Description: *
**Condition (optional)**: Empty
4. After editing the policy authorization statement, click Next to enter the Associate User/User Group/Role page.
5. On the Associate User/User Group/Role page, add the policy name and description, and you can associate users, user groups, or roles for quick authorization at the same time.
6. Click Complete to complete the custom policy creation.
Step 3. Add CAM read-only permissions for the sub-user
1. Log in to the CAM console and enter the User List page.
2. Locate the sub-user you want to grant permission to.
3. Click Authorize in the Operation column on the right.
4. In the Associate Policy pop-up window, select QcloudCamReadOnlyAccess.
5. Click OK.
Completion
After the settings above are configured, you can log in to the sub-account to view the permissions.
Log in to the CAM console and select Overview on the left sidebar to access the overview page and view the sub-user login address.
Creating a Sub-user and Granting it Certain SCF Permissions
Step 1. Create a sub-user by using the root account
1. Log in to the CAM console and select Users > User List on the left sidebar.
2. On the User List page, select Create User > Custom to enter the Create Sub-User page.
3. In the User Type step, after selecting Access Resources and Receive Messages, click Next to enter the user information.
4. Enter and confirm the information as prompted and click Complete.
Note:
For more information, see Creating Sub-User.
Step 2. Create a custom policy
1. Log in to the CAM console. Click Create Custom Policy in the top-left corner.
2. In the pop-up window, click Create by Policy Generator to go to the Edit Policy page.
3. Copy the code of the sample policy in SCF Policy Syntax and edit the policy content in Edit Policy > JSON.
Note:
The resource description in resource needs to be replaced with the ID of the root account and the names of the functions under it. The region needs to be the same as that of the functions.
4. Click Next to enter the Associate User/User Group/Role page.
5. On the Associate User/User Group/Role page, add the policy name and description, and you can associate users, user groups, or roles for quick authorization at the same time.
6. Click Complete to complete the custom policy creation.
Step 3. Add CAM read-only permissions for the sub-user
1. Log in to the CAM console and enter the User List page.
2. Locate the sub-user you want to grant permission to.
3. Click Authorize in the Operation column on the right.
4. In the Associate Policy pop-up window, select QcloudCamReadOnlyAccess.
5. Click OK.
Completion
After the settings above are configured, you can log in to the sub-account to view the permissions. Click Overview on the left sidebar to access the overview page and view the sub-user login address.
Note:
After the policy takes effect, the current sub-account will be able to see all the function names but will only be able to operate on and view the functions listed in resource.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha