In the CAM Console, the root account can configure permissions of common operations, services that can be manipulated, and API resources on API Gateway for sub-accounts and collaborators.
Sub-account or collaborator permission management (non-tagged resource)
- Log in to the CAM Console > Policy with the root account.
- In the policy list, click Create Custom Policy in the top-left corner.
- In the policy creation pop-up window, select Create by Policy Builder:
- Enter the custom policy information. After the settings are completed, click Add Statement and Next to enter the policy editing page.
- Effect: allowed
- Service: API Gateway
- Action: select involved operations
- Resource: you can enter
* to indicate all resources. If only part of resources are involved, you can set this field as instructed in Resource Description Method.
- Enter the policy name and edit the policy content (for detailed directions, please see Policy Syntax).
- Click Create Policy to create the policy.
- Bind the created policy to users or user groups (for detailed directions, please see Associating Policy with User/User Group).
Sub-account or collaborator permission management (tagged resource)
Tag is a unified capability in Tencent Cloud. You can set the same tag for different resources in different Tencent Cloud products so that they can have the same operation permissions.
The same entry is used for configuring tagged management permissions and non-tagged management permissions. You can create an Authorize by Tag policy in CAM > Policy. For detailed directions, please see Authorizing by Tag.
- Log in to the API Gateway Console > Service.
- In the service list, click a service name to enter the service details page and click Manage API.
- On the API management page, click an API ID to enter the API details page.
- On the API details page, click the icon under "Tags" at the bottom of the page to modify the tags.