The enterprise account “CompanyExample” (ownerUin: 12345678) has a sub-account “Developer” that requires permissions to view its two TencentDB for MySQL instances (instance IDs: “cdb-1” and “cdb-2”, with the tags being “game&webpage” and “game&app”, respectively).
Step 1: Create the following policy by using policy syntax.
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cdb:Describe*"
],
"resource": "*",
"condition": {
"for_any_value:string_equal": {
"qcs:resource_tag": [
"game&webpage",
"game&app"
]
}
}
}
]
}
Note:
The sub-account “Developer” can only view the resources of instances with the IDs being “cdb-1” and “cdb-2” in the TencentDB for MySQL query list.
Was this page helpful?