If you have purchased multiple types of Tencent Cloud resources which are grouped and managed by tag, you can grant employees of different teams permissions to use corresponding APIs by tag on an as-needed basis. This document uses a typical case to describe how to grant sub-accounts certain operation permissions of resources through tags.
Suppose that:
CompanyExample
has a sub-account DevA
.CompanyExample
has a tag key-value pair test1&test1
.CompanyExample
wants to grant the sub-account DevA
the permission to restart CVM instances (cvm:RebootInstances) under the tag test1&test1
.CompanyExample
.policygen-current date
. We recommend you define a unique and meaningful policy name, such as cvm-RebootInstances
.cvm:RebootInstances
is the name of the API that needs to be authorized, and test1&test1
is the tag key-value pair that needs to be authorized.{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cvm:RebootInstances"
],
"resource": "*",
"condition": {
"for_any_value:string_equal": {
"qcs:tag": [
"test1&test1"
]
}
}
}
]
}
DevA
and click OK to complete the authorization.DevA
will have the permission to restart CVM instances under the test1&test1
tag.If you want to know how to associate resources with tags, please see Managing Tags.
If you want to know how to grant all operation permissions of the resources under a tag, please see Authorizing Different Sub-accounts Separate Permissions to Manage Tencent Cloud Resources.
Was this page helpful?