Creating a policy based on fault reports
Last updated: 2020-02-25 16:36:43PDF
This document describes how to resolve faults by referencing the fault reports to create a policy. After the fault is resolved, the sub-account will be able to manage the resources of the root account within the scope of the newly configured permissions.
When a sub-account associated with the QcloudCVMReadOnlyAccess Policy attempts to reinstall a CVM, the following error is reported:
If you want to authorize the sub-account to proceed with this operation, you can reference this error information to create and associate a custom policy.
- Login to the CAM Console and go to Policies . Click Create Custom Policy .
- Click Create by Policy Generator .
- In the Service and Action selection page, enter the following information:
- Effect (required): Select whether or not the action is allowed. In this example, select Allow .
- Service (required): Select the product to authorize the permission for. In this example, it will be cvm Referenced in the operation field of the error.
- Action (required): Select the action. In this example, select ResetInstance As referenced in the operation field of the error.
- Resource (required): Enter the resource description in the six-part format. In this example, copy and enter Qcs:id/1158313:cvm:ap-guangzhou:uin/2159973417:instance/instance/ins-esuithv2 As seen in the error.
- Condition (optional): Set the conditions that are required for the permissions to be effective, such as a specified access IP. This is left blank for this example.
- Click Add Statement > Next To go to the policy editor page.
- In the policy editor page, you can edit the policy name and add notes. Verify the policy content. The policy name and content are automatically generated by the console.
- The policy name is
policygenBy default. The suffix number is generated based on the creation date. This is customizable.
- The content of the policy corresponds to the service and action selected in Step 3. You can modify this according to your business needs.
- Click Create Policy To complete the creation of the custom policy by using the policy generator.
- Refer to Custom Policy Associate user Authorize the sub-account. After the authorization is successful, the sub-account will get the corresponding Permission to remove the failure.