This document describes how to create a policy to resolve a fault by referencing the fault report. After the fault is resolved, the sub-account will be able to manage the resources of the root account within the scope of the newly configured permissions.
When a sub-account associated with the QcloudCVMReadOnlyAccess
policy attempts to reinstall a CVM instance, the following error will be reported:
If you want to authorize the sub-account to proceed with this operation, you can reference this error message to create and associate a custom policy.
- Effect (required): select whether or not the action is allowed. In this example, select Allow.
- Service (required): select the product based on the abbreviation to authorize. In this example, it is CVM corresponding to
cvm
in theoperation
field of the error message.- Action (required): select the action to authorize. In this example, select ResetInstance corresponding to the
operation
field of the error message.- Resource (required): enter the resource description in the six-segment format. In this example, copy and enter
qcs:id/1158313:cvm:ap-guangzhou:uin/2159973417:instance/instance/ins-esuithv2
corresponding to theresource
field of the error message.- Condition (optional): set the conditions that must be met for the permission to take effect, such as a specified access IP. In this example, leave it empty.
policygen
suffixed with the creation time by default, which is customizable.
Was this page helpful?