tencent cloud

Feedback

Enabling Tag Policy Restrictions

Last updated: 2024-09-19 17:58:04

    Overview

    After creating a tag policy, you can also enable tag policy key-value restrictions to achieve the following effects:
    1. The tag key Department needs to be applied to both sub-user 1 and sub-user 2.
    2. Sub-user 1 can only use Department: DepartmentOne, while sub-user 2 can only use Department: DepartmentTwo and Department: DepartmentThree.
    According to Creating Tag Policy, the specified tag values can be fixed values and dynamic values. However, since the same tag key of sub-user 2 has two tag values, they can be only fixed values.
    When creating tag policies for sub-user 1 and sub-user 2, it is necessary to create a dedicated tag policy for each sub-user. Specifically, the tag value in sub-user 1's policy should only include DepartmentOne, and the tag value in sub-user 2's policy should only include DepartmentTwo and DepartmentThree.

    Step 1: Administrator Enables Restrictions

    1. Log in to the tag console and click Tag Policy > Policy List on the left sidebar.
    2. Click Create tag policy. For detailed steps, refer to Creating Tag Policy. There are 2 policies for 2 sub-users, as shown below:
    2.1 Same for both policies:
    2.1.1 "auto_assign": {"@@assign": "on"} indicates that the tag key for Department has auto-assignment enabled for both sub-user 1 and sub-user 2.
    2.1.2 "tag_deletion_disable": { "@@assign": "on" } indicates that the Department tag key is not allowed to be deleted (that is, the delete button is disabled).
    2.2 Different for two policies:
    "auto_assign_value": {"@@assign": "on"} in sub-user 1's policy indicates that the tag value has auto-assignment for sub-user 1 because its tag value is unique and does not require manual selection. However, the Department tag value for sub-user 2 is not unique, so sub-user 2 needs to select it manually and it is not set in the policy.
    Tag policy of sub-user 1
    Tag policy of sub-user 2
    {
    "tags": {
    "Department": {
    "tag_key": {
    "@@assign": "Department"
    },
    "tag_value": {
    "@@assign": [
    "DepartmentOne"
    ]
    },
    "resource_type_scope": {
    "@@assign": [
    "*"
    ]
    },
    "auto_assign": {
    "@@assign": "on"
    },
    "auto_assign_value": {
    "@@assign": "on"
    },
    "tag_deletion_disable": {
    "@@assign": "on"
    }
    }
    }
    }
    {
    "tags": {
    "Department": {
    "tag_key": {
    "@@assign": "Department"
    },
    "tag_value": {
    "@@assign": [
    "DepartmentTwo",
    "DepartmentThree"
    ]
    },
    "resource_type_scope": {
    "@@assign": [
    "*"
    ]
    },
    "auto_assign": {
    "@@assign": "on"
    },
    "tag_deletion_disable": {
    "@@assign": "on"
    }
    }
    }
    }
    3. Then bind policy 1 to sub-user 1 and policy 2 to sub-user 2. For details, see Binding Tag Policy.
    4. In the tag policy list, enable Tag Policy Restrictions and confirm it in the pop-up window.
    

    Step 2: Sub-User Performs Verification

    1. Switch to sub-user 1 and log in. The effect is as follows:
    Condition
    Use Tag Policy with Key-Value Restrictions Enabled
    Use Tag Policy Without Key-Value Restrictions Enabled
    Use No Tag Policy
    Effect
    
    
    
    2. Switch to sub-user 2 to log in. The effect is as follows:
    Condition
    Use Tag Policy with Key-Value Restrictions Enabled
    Use Tag Policy Without Key-Value Restrictions Enabled
    Use No Tag Policy
    Effect
    
    
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support