<p class="shortdesc">After creating a sub-account, you can authorize permission policy, which allows / restricts sub-account access / prohibits access to specified resources.</p> <section class="section context"><div class="tasklabel"><h2 class="doc-tairway">About this task</h2></div> <p class="p">By default, the newly created sub-account does not have any permissions and can only log in to the console. It cannot perform operations on cloud resources. Therefore, a newly created sub-account need corresponding permissions authorization to operate and manage the corresponding cloud resources.</p> <p class="p">Permission policies include system policies and custom policies. If the system policies cannot meet your authorization requirements, you can customize more fine-granted permission policies. For details, please refer to <a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.policymgt.custom.custompolicy" target="_blank">Create Custom Policy</a>.</p> <div class="note note note_note"><span class="note__title">Note:</span> <p class="p">In addition to individually authorizing a sub-account, you can also add the sub-account to a group with relevant permissions. For specific operations, please refer to <a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.groupmgt.creategroup" target="_blank">Create Group</a>, <a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.groupmgt.Authorization2" target="_blank">Authorize Group</a> and <a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.groupmgt.addmb" target="_blank">Add Members to a Group</a>.</p> </div> </section> <section class="section attention" id="Authorization__ohz_f5h_flb"><div class="tasklabel"><h2 class="doc-tairway">Attention</h2></div> <p class="p">After adding an authorization policy, the account has the permission of the policy, and the same authorization policy cannot be added repeatedly.</p> </section> <section class="section limitation" id="Authorization__phz_f5h_flb"><div class="tasklabel"><h2 class="doc-tairway">Limitation</h2></div> <p class="p">Each sub-account can be granted up to 10 permission policies.</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">Procedure</h2></div><ol class="ol steps"><li class="li step stepexpand" id="Authorization__step_ddb_cth_flb"> <span class="ph cmd">Use the master account or a sub-account with relevant permissions to log in to the <a class="xref" href="https://www.pingancloud.com/console/kms" target="_blank">RAM Console</a>.</span> </li><li class="li step stepexpand" id="Authorization__step_vgp_cth_flb"> <span class="ph cmd">Click <span class="ph uicontrol">User</span> in the left navigation bar.</span> </li><li class="li step stepexpand"> <span class="ph cmd">In the user list, find the target username and click <span class="ph uicontrol">Authorization</span> in the operation column.</span> <div class="itemgroup info"> <p class="p" id="Authorization__p_qlr_lxh_flb">You can search for the target user by entering the <span class="ph uicontrol">Login Name</span> or <span class="ph uicontrol">Displayed Name</span> in the search box.</p> <img class="image" id="Authorization__image_yg3_1vh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-12f8c8479ee5.png" width="750"> </div> </li><li class="li step stepexpand" id="Authorization__step_hrz_j2j_flb"> <span class="ph cmd">On the <span class="ph uicontrol">Authorization</span> page, enter the policy name and click<img class="image" id="Authorization__image_qgh_dyh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-1e2666b59294.png" width="20">.</span> <div class="itemgroup info"> <p class="p">For example, you can enter ECS, and the authorization policies related to ECS will be listed below.</p> <img class="image" id="Authorization__image_hn5_zxh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-1a48f48c973b.png" width="750"> </div> </li><li class="li step stepexpand" id="Authorization__step_rgh_k2j_flb"> <span class="ph cmd">In the optional authorization policies found, select the target policy, and then click <img class="image" id="Authorization__image_lx2_fyh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-118fd24a9e24.png" width="20"> to complete the addition of authorization policies.</span> <div class="itemgroup info"> <div class="note important note_important"><span class="note__title">Important:</span> <p class="p">After adding an authorization policy, the account will have the permission of the policy, and the same authorization policy cannot be added repeatedly.</p> </div> </div> </li><li class="li step stepexpand" id="Authorization__step_vdq_42j_flb"> <span class="ph cmd">After all authorization policies are added, click <span class="ph uicontrol">Confirm</span>.</span> </li></ol></section> <section class="section result" id="Authorization__result_wrv_s2l_zkb"><div class="tasklabel"><h2 class="doc-tairway">Results</h2></div> <p class="p">After the authorization policy is added, you can click the username in the user list and select the <span class="ph uicontrol">User Policy</span> tab to view the policies that the user has authorized.</p> </section>