Help & DocumentationCloud Access ManagementBusiness Use CaseVPC CasesAuthorizing Sub-account Full Access to VPCs Except Payment

Authorizing Sub-account Full Access to VPCs Except Payment

Last updated: 2020-02-25 16:06:11

PDF

The enterprise account, CompanyExample, whose ownerUin is 12345678, has a sub-account, Developer, that requires full management permissions (including all operations such as creation and management) for the VPC service of the CompanyExample enterprise account. These permissions do not include payment permissions, but allow orders to be made.

Solution A:

The CompanyExample enterprise account directly authorizes the preset policy QcloudVPCFullAccess to the Developer sub-account. For more information about authorization, see Authorization Management.

Solution B:

Step 1: create the following policy according to policy syntax.

 {
    "version": "2.0",
    "statement":[
         {
             "effect": "allow",
             "action": "vpc:*",
             "resource": "*"
         }
    ]
}

Step 2: associate the sub-account with the policy. To learn how to associate a policy with a user account, see Authorization Management.