tencent cloud

PrevNext

フィードバック

キーワードで検索してください

Recent Pages

ドキュメント
Cloud Access Management
    ドキュメント
    Download PDF

    Creating Policy Based on Fault Report

    最終更新日:2024-01-23 17:57:37
    PDFファイルをダウンロード

      Overview

      This document describes how to create a policy to resolve a fault according to the fault report. After the fault is resolved, the sub-account will be able to manage the resources of the root account within the scope of the newly configured permissions.

      Example

      When a sub-account associated with the QcloudCVMReadOnlyAccess policy attempts to reinstall a CVM instance, the following error is reported:
      
      If you want to authorize the sub-account to proceed with this operation, you can create and associate a custom policy according to this error message.

      Directions

      1. Log in to the CAM console, enter the Policies page, and click Create Custom Policy.
      2. In the selection window that pops up, click Create by Policy Generator to enter the Edit Policy page.
      3. On the
      Edit Po
      licy page, set the following information:
      Effect (required): select whether the operation is allowed. In this example, select "Allow".
      Service (required): select the product based on the abbreviation to authorize. In this example, it is CVM corresponding to cvm in the operation field of the error message.
      Action (required): select the operation to authorize. In this example, select ResetInstance corresponding to the operation field of the error message.
      Resource (required): for products that don't support resource-level authorization, you can only select all resources as the authorization granularity. For products that support resource-level authorization, you can select a specific resource. To do so, click Add a six-segment resource description and enter the resource prefix and resource. In this example, the error message is for a specific resource, so you need to authorize it: select the specific resource, click Add a six-segment resource description, and then you can directly copy the prefix and resource in qcs:id/1158313:cvm:ap-guangzhou:uin/2159973417:instance/instance/ins-esuithv2 and paste them.
      Condition (optional): set the conditions that must be met for the permission to take effect, such as a specified access IP. In this example, leave it empty.
      4. Click Next to enter the Associate Users/User Groups page.
      5. On the Associate Users/User Groups page, add the policy name (automatically generated by the console) and description.
      Note:
      The policy name is policygen suffixed with the creation time by default, which is customizable.
      The policy description corresponds to the service and operations selected in step 3. You can modify them as needed.
      6. Click Done to complete the custom policy creation.
      7. Authorize the sub-account as instructed in Authorization Management. After authorization, the sub-account will be granted the needed permission, and the fault will be resolved.
      お問い合わせ

      カスタマーサービスをご提供できるため、ぜひお気軽にお問い合わせくださいませ。

      お問い合わせ
      テクニカルサポート

      さらにサポートが必要な場合は、サポートチケットを送信して弊社サポートチームにお問い合わせください。24時間365日のサポートをご提供します。

      チケットを送信
      電話サポート(24 時間365日対応)
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      個人情報保護方針利用規約クッキーポリシー