Authorizing a Sub-account Full Access to VPCs Except Payment

Last updated: 2020-05-15 10:55:57

The organizational account CompanyExample (ownerUin: 12345678) has a sub-account Developer that requires full management permissions (for all operations such as creation and management) for the VPC service under CompanyExample except payment permissions. The sub-account should be able to place orders but cannot make payments.

Solution A:

The CompanyExample account directly authorizes the preset policy QcloudVPCFullAccess to the Developer sub-account. For more information on authorization, please see Authorization Management.

Solution B:

Step 1. Create the following policy according to the policy syntax:

 {
    "version": "2.0",
    "statement":[
         {
             "effect": "allow",
             "action": "vpc:*",
             "resource": "*"
         }
    ]
}

Step 2. Associate the policy with the sub-account. For more information on authorization, please see Authorization Management.

Was this page helpful?

Was this page helpful?

  • Not at all
  • Not very helpful
  • Somewhat helpful
  • Very helpful
  • Extremely helpful
Send Feedback
Help