- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- CLB Instance
- CLB Listener
- CLB Listener Overview
- Configuring TCP Listener
- Configuring UDP Listener
- Configuring TCP SSL Listener
- Configuring QUIC Listener
- Configuring HTTP Listener
- Configuring HTTPS Listener
- Load Balancing Methods
- Session Persistence
- Layer-7 Redirection Configuration
- Layer-7 Custom Configuration
- Layer-7 Domain Name Forwarding and URL Rules
- Using QUIC Protocol on CLB
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Real Server
- Health Check
- Certificate Management
- Monitoring and Alarm
- Log Management
- Cloud Access Management
- Classic CLB
- Best Practices
- Enabling Gzip Configuration & Testing
- HTTPS Forwarding Configurations
- Obtaining Real Client IPs
- Notes on SNAT and Non-SNAT Types for Private Network CLB
- Implementing HA Across Multiple AZs
- Load Balancing Algorithm Selection and Weight Configuration Examples
- Configuring WAF protection for CLB listening domain names
- Troubleshooting
- OPS Guidelines
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- Listener APIs
- Real Server APIs
- Target Group APIs
- Redirection APIs
- Other APIs
- Cloud Load Balancer APIs
- Classic CLB APIs
- Data Types
- Error Codes
- CLB API 2017
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- CLB Instance
- CLB Listener
- CLB Listener Overview
- Configuring TCP Listener
- Configuring UDP Listener
- Configuring TCP SSL Listener
- Configuring QUIC Listener
- Configuring HTTP Listener
- Configuring HTTPS Listener
- Load Balancing Methods
- Session Persistence
- Layer-7 Redirection Configuration
- Layer-7 Custom Configuration
- Layer-7 Domain Name Forwarding and URL Rules
- Using QUIC Protocol on CLB
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Real Server
- Health Check
- Certificate Management
- Monitoring and Alarm
- Log Management
- Cloud Access Management
- Classic CLB
- Best Practices
- Enabling Gzip Configuration & Testing
- HTTPS Forwarding Configurations
- Obtaining Real Client IPs
- Notes on SNAT and Non-SNAT Types for Private Network CLB
- Implementing HA Across Multiple AZs
- Load Balancing Algorithm Selection and Weight Configuration Examples
- Configuring WAF protection for CLB listening domain names
- Troubleshooting
- OPS Guidelines
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- Listener APIs
- Real Server APIs
- Target Group APIs
- Redirection APIs
- Other APIs
- Cloud Load Balancer APIs
- Classic CLB APIs
- Data Types
- Error Codes
- CLB API 2017
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Operation Scenarios
Since March 23, 2020, all certificate operations of CLB have been connected to Cloud Access Management (CAM) for authentication. Therefore, when a sub-user account performs CLB certificate operations, if "You are not authorized for this operation. Please contact your developer." is displayed, you can grant certificate permissions to the sub-user account as instructed below.
Prerequisites
The logged-in account needs to be the root account or a sub-user account with CAM permissions (i.e., associated with the QcloudCamFullAccess policy).
Note:
- To check whether the sub-user account has CAM permissions, go to User List in the CAM Console, enter the details page of the sub-user, and check whether the
QcloudCamFullAccesspolicy has been associated.- If the
QcloudCamFullAccesspolicy is associated, but "No API permissions (message:GetReceiversOnAllType). Please contact your developer." is displayed when the sub-user performs certificate operations, they can ignore and proceed anyway.
Directions
Please grant certificate permissions in the following methods:
Method 1. Associate a custom policy
- Log in to the CAM Console.
- On the left sidebar, click Policies.
- Click Create Custom Policy and select Create by Policy Syntax in the pop-up box.
- On the "Select Template Policy" page, select Blank Template and click Next.
- On the "Edit Policy" page, enter the policy name and enter the following policy content in the "Edit Policy Content" input box:
{ "version": "2.0", "statement": [ { "action": "name/ssl:*", "resource": "qcs::ssl:::*", "effect": "allow" } ] } - Then, click Done to return to the "Policy" list page.
- At the top of the "Policy" list page, select Custom Policy, find the row of the policy you just created in the list, and click Associate User/Group in the "Operation" column.
- In the pop-up box, select the user to be authorized and click OK.
Method 2. Associate a preset policy
- Log in to the CAM Console.
- On the left sidebar, select User > User List to enter the "User List" page.
- In the row of the sub-user to be authorized, click Authorize in the "Operation" bar.
- In the pop-up box, select
QcloudSSLFullAccessorQcloudSSLReadOnlyAccessand click OK.
Yes
No
Was this page helpful?