- Product Introduction
- Purchase Guide
- Quick Start
- CLB Instances
- CLB Listeners
- Introduction
- Polling Methods
- Session Persistence
- Health Check
- Configuring an HTTP Listener
- Configuring an HTTPS Listener
- Configuring a UDP Listener
- Configuring a TCP Listener
- Configuring a TCP SSL Listener
- Certificate Configurations
- Layer-7 Domain Name Forwarding and URL Rules
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Configuring Layer-7 Redirection
- Custom Configurations of CLB Instances
- Classic CLB
- Backend CVMs
- Monitoring and Alarm
- Log Management
- Cloud Access Management
- OPS Guidelines
- Best Practise
- API Documentation
- Introduction
- API Category
- Making API Requests
- Classic CLB APIs
- Cloud Load Balancer APIs
- AssociateTargetGroups
- AutoRewrite
- BatchDeregisterTargets
- CreateLoadBalancerSnatIps
- BatchModifyTargetWeight
- BatchRegisterTargets
- CreateListener
- CreateLoadBalancer
- CreateRule
- DeleteLoadBalancerListeners
- CreateTargetGroup
- DeleteLoadBalancerSnatIps
- DeleteListener
- DeleteLoadBalancer
- DeleteRewrite
- DeleteRule
- DeleteTargetGroups
- DeregisterTargetGroupInstances
- DescribeBlockIPList
- DeregisterTargets
- DescribeListeners
- DescribeLoadBalancers
- DescribeRewrite
- DescribeTargetGroupInstances
- DescribeTargetGroupList
- DescribeTargetGroups
- DescribeTargetHealth
- DescribeTargets
- DescribeTaskStatus
- DisassociateTargetGroups
- ManualRewrite
- ModifyBlockIPList
- ModifyDomain
- ModifyDomainAttributes
- ModifyListener
- ModifyLoadBalancerAttributes
- ModifyRule
- ModifyTargetGroupAttribute
- ModifyTargetGroupInstancesPort
- ModifyTargetGroupInstancesWeight
- ModifyTargetPort
- ModifyTargetWeight
- RegisterTargetGroupInstances
- RegisterTargets
- Other APIs
- Data Types
- Error Codes
- CLB API 2017
- SDK Documents
- FAQ
- More
- Announcements
- Service Level Agreement
- Product Updates
- Glossary
- Product Introduction
- Purchase Guide
- Quick Start
- CLB Instances
- CLB Listeners
- Introduction
- Polling Methods
- Session Persistence
- Health Check
- Configuring an HTTP Listener
- Configuring an HTTPS Listener
- Configuring a UDP Listener
- Configuring a TCP Listener
- Configuring a TCP SSL Listener
- Certificate Configurations
- Layer-7 Domain Name Forwarding and URL Rules
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Configuring Layer-7 Redirection
- Custom Configurations of CLB Instances
- Classic CLB
- Backend CVMs
- Monitoring and Alarm
- Log Management
- Cloud Access Management
- OPS Guidelines
- Best Practise
- API Documentation
- Introduction
- API Category
- Making API Requests
- Classic CLB APIs
- Cloud Load Balancer APIs
- AssociateTargetGroups
- AutoRewrite
- BatchDeregisterTargets
- CreateLoadBalancerSnatIps
- BatchModifyTargetWeight
- BatchRegisterTargets
- CreateListener
- CreateLoadBalancer
- CreateRule
- DeleteLoadBalancerListeners
- CreateTargetGroup
- DeleteLoadBalancerSnatIps
- DeleteListener
- DeleteLoadBalancer
- DeleteRewrite
- DeleteRule
- DeleteTargetGroups
- DeregisterTargetGroupInstances
- DescribeBlockIPList
- DeregisterTargets
- DescribeListeners
- DescribeLoadBalancers
- DescribeRewrite
- DescribeTargetGroupInstances
- DescribeTargetGroupList
- DescribeTargetGroups
- DescribeTargetHealth
- DescribeTargets
- DescribeTaskStatus
- DisassociateTargetGroups
- ManualRewrite
- ModifyBlockIPList
- ModifyDomain
- ModifyDomainAttributes
- ModifyListener
- ModifyLoadBalancerAttributes
- ModifyRule
- ModifyTargetGroupAttribute
- ModifyTargetGroupInstancesPort
- ModifyTargetGroupInstancesWeight
- ModifyTargetPort
- ModifyTargetWeight
- RegisterTargetGroupInstances
- RegisterTargets
- Other APIs
- Data Types
- Error Codes
- CLB API 2017
- SDK Documents
- FAQ
- More
- Announcements
- Service Level Agreement
- Product Updates
- Glossary
CLB Certificate Operation Permissions
Last updated: 2020-05-14 17:34:44
Operation Scenarios
Since March 23, 2020, all certificate operations of CLB have been connected to Cloud Access Management (CAM) for authentication. Therefore, when a sub-user account performs CLB certificate operations, if "You are not authorized for this operation. Please contact your developer." is displayed, you can grant certificate permissions to the sub-user account as instructed below.
Prerequisites
The logged-in account needs to be the root account or a sub-user account with CAM permissions (i.e., associated with the QcloudCamFullAccess policy).
- To check whether the sub-user account has CAM permissions, go to User List in the CAM Console, enter the details page of the sub-user, and check whether the
QcloudCamFullAccesspolicy has been associated.- If the
QcloudCamFullAccesspolicy is associated, but "No API permissions (message:GetReceiversOnAllType). Please contact your developer." is displayed when the sub-user performs certificate operations, they can ignore and proceed anyway.
Directions
Please grant certificate permissions in the following methods:
Method 1. Associate a custom policy
- Log in to the CAM Console.
- On the left sidebar, click Policy to enter the "Policy" list page.
- Click Create Custom Policy and select Create by Policy Syntax in the pop-up box.
- On the "Select Template Policy" page, select Blank Template and click Next.
- On the "Edit Policy" page, enter the policy name and enter the following policy content in the "Edit Policy Content" input box:
{ "version": "2.0", "statement": [ { "action": "name/ssl:*", "resource": "qcs::ssl:::*", "effect": "allow" } ] } - Then, click Create Policy to return to the "Policy" list page.
- At the top of the "Policy" list page, select Custom Policy, find the row of the policy you just created in the list, and click Associate User/Group in the "Operation" column.
- In the pop-up box, select the user to be authorized and click OK.
Method 2. Associate a preset policy
- Log in to the CAM Console.
- On the left sidebar, select User > User List to enter the "User List" page.
- In the row of the sub-user to be authorized, click Authorize in the "Operation" bar.
- In the pop-up box, select
QcloudSSLFullAccessorQcloudSSLReadOnlyAccessand click OK.
Was this page helpful?