Granting Console Operation Permissions to Sub-accounts

Last updated: 2021-02-22 14:34:46

    Overview

    This document describes two authorization methods to resolves the following issues. Details steps are as below. To configure more complex permission policies, see Custom Policy.

    • When you are using the IM service with a sub-account, the root account needs to authorize the sub-account to access the IM console and to configure settings. Otherwise, the console will not display the application list, as shown below:
    • When a sub-account has access to tags, but it does not match the access to the console application tags, the sub-account cannot view or create applications in the console.

    Solution 1. Global Authorization

    Step 1. Go to CAM to authorize

    Log in to the CAM console using the root account, click User List, click Authorize on the left of the sub-user, and the Associate Policy dialog box will pop up.

    Step 2. Select policies

    Search by “instant messaging”, select the desired policies, and click Confirm to complete the authorization.

    Note:

    • Read/write access: allows users to access the console and modify configurations.
    • Read-only access: allows users to access the console only, not to perform other operations.

    Step 3. Complete authorization

    If Policy associated is prompted in the upper right corner, the authorization is completed.

    Solution 2. Authorization by Tag

    This solution is designed for customers who need to authorize and manage sub-accounts by tag. Sub-accounts can only access and operate applications under the authorized tags.

    Note:

    After a tag policy is assigned to a sub-account, the sub-account cannot access and operate applications with no tags. For a sub-account, there are no tags in a newly created application in the IM console. Therefore, the root account needs to change the application tags to authorized tags before the sub-account can use the application.

    Step 1. Go to CAM to authorize

    Log in to the CAM console using the root account, click Policies, click Create Custom Policy, and the Select Policy Creation Method dialog box will pop up.

    Step 2. Select a tag

    Select Authorize by Tag to go to Tag Policy Generator.

    Step 3. Generate a policy

    Enter the sub-account to be authorized, tag, and other information in Tag Policy Generator and click Next to go to the next step.

    Note:

    If there are no tags to select from, you need to log in to the Tag console to create a tag.

    Step 4. Complete authorization

    After confirming the information is correct, click Done to complete the authorization.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help