A role is a virtual user in CAM, which can be granted a permission policy and has the corresponding permissions of the root account. For more information, see Role Overview.
When creating a role, you can choose to use a Tencent Cloud root account as the role entity, create the role, and bind the authorization policy to it. The root account acting as an entity can grant its CAM sub-accounts the permission to assume this role by creating a permisson policy. Then the CAM sub-accounts can log in to the corresponding root account console by switching roles in the Tencent Cloud console and perform operations within the authorization scope, or they can initiate cross-account requests through API.
Overview
Suppose there are two root accounts in the enterprise, account A and account B, and the security management employee m has CAM sub-user a under account A. If employee m wants to use this sub-account to simultaneously manage the security information under account B, the following steps can be followed:
Directions
1. Create the security operation role role under Account B and specify the role entity as root account A.
For more information, see Creating a Role.
2. Under Account A, create a permission policy that supports role assumption of the security operation role role through AssumeRole.
5. Employee m selects the switch role option on the Tencent Cloud Console and logs in using the security role role.
For more information, see Using a Role.
6. Execute security operations-related tasks.
7. If employee m needs to carry out security operation-related tasks for multiple root accounts simultaneously, the aforementioned steps can be followed to grant m the corresponding security operation permissions for each root account.
