Introduction
A role is a virtual user in CAM, which can be granted a permission policy and has the corresponding permissions of the root account. For more information, see Role Overview. When creating a role, you can choose to use a Tencent Cloud root account as the role entity, create the role, and bind the authorization policy to it. The root account acting as an entity can grant its CAM sub-accounts the permission to assume this role by creating a permisson policy. Then the CAM sub-accounts can log in to the corresponding root account console by switching roles in the Tencent Cloud console and perform operations within the authorization scope, or they can initiate cross-account requests through API.
Overview
Suppose there are two root accounts in the enterprise, account A and account B, and the security management employee m
has CAM sub-user a
under account A. If employee m
wants to use this sub-account to simultaneously manage the security information under account B, the following steps can be followed:
Directions
1. Create the security operation role role
under Account B and specify the role entity as root account A.
For more information, see Creating a Role. 2. Under Account A, create a permission policy that supports role assumption of the security operation role role
through AssumeRole.
4. The employee m
logs in as CAM sub-user a
.
5. Employee m
selects the switch role option on the Tencent Cloud Console and logs in using the security role role
.
For more information, see Using a Role. 6. Execute security operations-related tasks.
7. If employee m
needs to carry out security operation-related tasks for multiple root accounts simultaneously, the aforementioned steps can be followed to grant m
the corresponding security operation permissions for each root account.
Was this page helpful?