If you have purchased multiple types of Tencent Cloud resources which are grouped and managed by tag, you can grant employees of different teams permissions to use corresponding APIs by tag on an as-needed basis. This document uses a typical case to describe how to grant sub-accounts certain operation permissions of resources through tags.
CompanyExamplehas a sub-account
CompanyExamplehas a tag key-value pair
CompanyExamplewants to grant the sub-account
DevAthe permission to restart CVM instances (cvm:RebootInstances) under the tag
policygen-current date. We recommend you define a unique and meaningful policy name, such as
cvm:RebootInstancesis the name of the API that needs to be authorized, and
tes1t&test1is the tag key-value pair that needs to be authorized.
DevAand click OK to complete the authorization.
DevAwill have the permission to restart CVM instances under the
If you want to know how to associate resources with tags, please see Managing Tags.
If you want to know how to grant all operation permissions of the resources under a tag, please see Authorizing Different Sub-accounts Separate Permissions to Manage Tencent Cloud Resources.