- To query the sub-accounts created under the main account, log in to the CAM Console and view them under User List.
- To create a new sub-account, please see Creating a Custom Sub-User.
The following lists several authorization cases, which you can configure according to your actual needs.
The configuration information is as follows:
Configuration Item | Configuration Value |
---|---|
Effect | Allow |
User Type | Sub-Account |
Account ID | UIN of the sub-account; the sub-account in question must be a sub-account under the current root account, such as 100000000011 |
Resource | Specified Resource |
Resource Path | Specified directory prefix, such as folder/sub-folder/ , need to end with / |
Operation Name | All Operations |
The configuration information is as follows:
Configuration Item | Configuration Value |
---|---|
Effect | Allow |
User Type | Sub-Account |
Account ID | UIN of the sub-account; the sub-account in question must be a sub-account under the current root account, such as 100000000011 |
Resource | Specified Resource |
Resource Path | Specified directory prefix, such as folder/sub-folder/ , need to end with / |
Operation Name | Read operation (including list of objects) |
The configuration information is as follows:
Configuration Item | Configuration Value |
---|---|
Effect | Allow |
User Type | Sub-Account |
Account ID | UIN of the sub-account; the sub-account in question must be a sub-account under the current root account, such as 100000000011 |
Resource | Specified Resource |
Resource Path | Specified object key, such as folder/sub-folder/exampleobject |
Operation Name | All Operations |
For this case, we need to add two policies: an allow policy and a prohibit policy.
Configuration Item | Configuration Value |
---|---|
Effect | Allow |
User Type | Sub-Account |
Account ID | UIN of the sub-account; the sub-account in question must be a sub-account under the current root account, such as 100000000011 |
Resource | Specified Resource |
Resource Path | Specified directory prefix, such as folder/sub-folder/ , need to end with / |
Operation Name | All Operations |
Configuration Item | Configuration Value |
---|---|
Effect | Prohibit |
User Type | Sub-Account |
Account ID | UIN of the sub-account; the sub-account in question must be a sub-account under the current root account, such as 100000000011 |
Resource | Specified Resource |
Resource path | Object keys for which access needs to be prohibited, such as folder/sub-folder/privateobject |
Operation Name | All Operations |
Configuration Item | Configuration Value |
---|---|
Effect | Allow |
User Type | Sub-Account |
Account ID | UIN of the sub-account; the sub-account in question must be a sub-account under the current root account, such as 100000000011 |
Resource | Specified Resource |
Resource Path | Specified prefix, such as `folder/sub-folder/prefix |
Operation Name | All Operations |
If you need to authorize account dimension, please refer to the following documents:
Was this page helpful?