Authorization by Tag

Last updated: 2024-01-23 17:59:15

Last updated: 2024-01-23 17:59:15

Overview
This document describes how to grant permissions by tag to allow the sub-user cvmtest01 only to manage the resource-level API permissions of ins-duglsqg0.
For details, see Overview. 
Policy Content
To grant permissions by tag as needed, you can use the following policy content:
{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "cvm:*",
                "vpc:DescribeVpcEx",
                "vpc:DescribeNetworkInterfaces"
            ],
            "resource": "*",
            "condition": {
                "for_any_value:string_equal": {
                    "qcs:resource_tag": [
                        "game&webpage"
                    ]
                }
            }
        }
    ]
}
Directions
Step 1. Create a policy and configure permissions
1. Log in to the CAM console with the admin account. On the Policies page, create a custom policy by tag as instructed in Creating Custom Policy > Authorizing by tag.
 
﻿
﻿
Authorized user: cvmtest01
Bound tag: game:webpage
Operation permissions: All CVM operation permissions and the DescribeVpcEx and DescribeNetworkInterfaces permissions of VPC. If you are not sure what other APIs are involved, see Authorization by Resource ID > Step 3.
2. Click Next and enter a policy name.
3. Click Save.
﻿
﻿
Step 2: Verify the result
1. Log in to the CVM console as the sub-user cvmtest01 and access the instance list page.
Then the sub-user cvmtest01 can start, shut down, restart, rename, and reset the password of the CVM instance.
﻿
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

tencent cloud

Overview

Policy Content

Directions

Step 1. Create a policy and configure permissions

Step 2: Verify the result