Sub-accounts have no permissions to pull a bucket list by default. Therefore, if you log in to the COS console with a sub-account, you cannot access overview data, bucket list, or any other administration items that require permissions.
Sub-accounts can access a bucket list using the following two methods:
This feature applies to scenarios where a sub-account accesses a bucket list using the console.
Sub-accounts are not granted the preset policy QcloudCOSGetServiceAccess by default and thus do not have the permission to pull the bucket list. When granted the permissions (e.g., Read or Write) to a bucket by the root account, a sub-account can then access this bucket by adding an access path.
The sub-account has been granted user permissions on a bucket by the root account. For more information, see Set Access Permission.
A sub-account can access the bucket list by adding the preset policy QcloudCOSGetServiceAccess (i.e., the permission to obtain the bucket list) to it.
- The preset policy QcloudCOSFullAccess or QcloudCOSReadOnlyAccess can also grant a sub-account access permission to the bucket list. However, due to the wide coverage of permissions granted by these two policies, they are not recommended for security reasons.
- The collection of statistics in the overview requires the access permission to the bucket list. When the sub-account needs to pull statistics, please make sure that the root account has added the preset policy QcloudCOSGetServiceAccess to it; otherwise, the system will prompt that the sub-account has no access permission to the statistics.
Now, you have successfully added a preset policy for the sub-account through the root account. Log in to the COS console with the sub-account, and you can check the bucket list and statistics overview.