tencent cloud

Feedback

Authorization by Tag

Last updated: 2024-01-23 17:59:15

    Overview

    This document describes how to grant permissions by tag to allow the sub-user cvmtest01 only to manage the resource-level API permissions of ins-duglsqg0. For details, see Overview.

    Policy Content

    To grant permissions by tag as needed, you can use the following policy content:
    {
    "version": "2.0",
    "statement": [
    {
    "effect": "allow",
    "action": [
    "cvm:*",
    "vpc:DescribeVpcEx",
    "vpc:DescribeNetworkInterfaces"
    ],
    "resource": "*",
    "condition": {
    "for_any_value:string_equal": {
    "qcs:resource_tag": [
    "game&webpage"
    ]
    }
    }
    }
    ]
    }

    Directions

    Step 1. Create a policy and configure permissions

    1. Log in to the CAM console with the admin account. On the Policies page, create a custom policy by tag as instructed in Creating Custom Policy > Authorizing by tag.
    
    
    Authorized user: cvmtest01
    Bound tag: game:webpage
    Operation permissions: All CVM operation permissions and the DescribeVpcEx and DescribeNetworkInterfaces permissions of VPC. If you are not sure what other APIs are involved, see Authorization by Resource ID > Step 3.
    2. Click Next and enter a policy name.
    3. Click Save.
    
    

    Step 2: Verify the result

    1. Log in to the CVM console as the sub-user cvmtest01 and access the instance list page. Then the sub-user cvmtest01 can start, shut down, restart, rename, and reset the password of the CVM instance.
    
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support