There are two buckets under root account A (APPID: 1250000000
): examplebucket1-1250000000
and examplebucket2-1250000000
, which sub-account B0 under root account B wants to manipulate to meet its business needs. This document describes how to authorize it to do so.
Log in to the CAM Console with root account B and go to the Policy page.
Click Create Custom Policy > Create by Policy Syntax, select a blank template, and click Next.
Root account B can grant its sub-account B0 permissions only using a custom policy, but not a preset policy.
Fill in the form as shown below:
cos-child-account
.{
"version": "2.0",
"statement": [
{
"action": "cos:*",
"effect": "allow",
"resource": "qcs::cos::uid/1250000000:examplebucket1-1250000000/*"
}
]
}
Specifically, "1250000000" in uid/1250000000
is the APPID of root account A, and examplebucket1-1250000000
is the bucket name to be authorized. The examplebucket1-1250000000/*
, meaning that all buckets under root account A that root account B are authorized to manipulate will be authorized to sub-account B0.Click Done.
Locate the created policy in the policy list and click Bind User/User Group on the right.
In the Bind User/User Group pop-up window, select sub-account B0 and click OK.
Then, the authorization is completed, and you can use the key of sub-account B0 to manipulate the bucket under root account A.
Was this page helpful?