Authorize Sub-account
<p class="shortdesc">After creating a sub-account, you can authorize permission policy, which allows / restricts sub-account access / prohibits access to specified resources.</p>
<section class="section context"><div class="tasklabel"><h2 class="doc-tairway">About this task</h2></div>
<p class="p">By default, the newly created sub-account does not have any permissions and can only log in to the console. It cannot perform operations on cloud resources. Therefore, a newly created sub-account need corresponding permissions authorization to operate and manage the corresponding cloud resources.</p>
<p class="p">Permission policies include system policies and custom policies. If the system
policies cannot meet your authorization requirements, you can customize more
fine-granted permission policies. For details, please refer to <a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.policymgt.custom.custompolicy" target="_blank">Create Custom
Policy</a>.</p>
<div class="note note note_note"><span class="note__title">Note:</span>
<p class="p">In addition to individually authorizing a sub-account, you can also add the
sub-account to a group with relevant permissions. For specific operations,
please refer to <a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.groupmgt.creategroup" target="_blank">Create Group</a>,
<a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.groupmgt.Authorization2" target="_blank">Authorize
Group</a> and <a class="xref" href="https://www.pingancloud.com/ssr/help/manage/ram/manual.groupmgt.addmb" target="_blank">Add Members to a
Group</a>.</p>
</div>
</section>
<section class="section attention" id="Authorization__ohz_f5h_flb"><div class="tasklabel"><h2 class="doc-tairway">Attention</h2></div>
<p class="p">After adding an authorization policy, the account has the permission of the policy, and the same authorization policy cannot be added repeatedly.</p>
</section>
<section class="section limitation" id="Authorization__phz_f5h_flb"><div class="tasklabel"><h2 class="doc-tairway">Limitation</h2></div>
<p class="p">Each sub-account can be granted up to 10 permission policies.</p>
</section>
<section><div class="tasklabel"><h2 class="doc-tairway">Procedure</h2></div><ol class="ol steps"><li class="li step stepexpand" id="Authorization__step_ddb_cth_flb">
<span class="ph cmd">Use the master account or a sub-account with relevant permissions to log in to
the <a class="xref" href="https://www.pingancloud.com/console/kms" target="_blank">RAM Console</a>.</span>
</li><li class="li step stepexpand" id="Authorization__step_vgp_cth_flb">
<span class="ph cmd">Click <span class="ph uicontrol">User</span> in the left navigation bar.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the user list, find the target username and click
<span class="ph uicontrol">Authorization</span> in the operation column.</span>
<div class="itemgroup info">
<p class="p" id="Authorization__p_qlr_lxh_flb">You can search for the target user by entering the
<span class="ph uicontrol">Login Name</span> or <span class="ph uicontrol">Displayed
Name</span> in the search box.</p>
<img class="image" id="Authorization__image_yg3_1vh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-12f8c8479ee5.png" width="750">
</div>
</li><li class="li step stepexpand" id="Authorization__step_hrz_j2j_flb">
<span class="ph cmd">On the <span class="ph uicontrol">Authorization</span> page, enter the policy name and
click<img class="image" id="Authorization__image_qgh_dyh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-1e2666b59294.png" width="20">.</span>
<div class="itemgroup info">
<p class="p">For example, you can enter ECS, and the authorization policies related to ECS
will be listed below.</p>
<img class="image" id="Authorization__image_hn5_zxh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-1a48f48c973b.png" width="750">
</div>
</li><li class="li step stepexpand" id="Authorization__step_rgh_k2j_flb">
<span class="ph cmd">In the optional authorization policies found, select the target policy, and
then click <img class="image" id="Authorization__image_lx2_fyh_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174728-118fd24a9e24.png" width="20"> to complete the addition of authorization policies.</span>
<div class="itemgroup info">
<div class="note important note_important"><span class="note__title">Important:</span>
<p class="p">After adding an authorization policy, the account will have the
permission of the policy, and the same authorization policy cannot be
added repeatedly.</p>
</div>
</div>
</li><li class="li step stepexpand" id="Authorization__step_vdq_42j_flb">
<span class="ph cmd">After all authorization policies are added, click
<span class="ph uicontrol">Confirm</span>.</span>
</li></ol></section>
<section class="section result" id="Authorization__result_wrv_s2l_zkb"><div class="tasklabel"><h2 class="doc-tairway">Results</h2></div>
<p class="p">After the authorization policy is added, you can click the username in the user list
and select the <span class="ph uicontrol">User Policy</span> tab to view the policies that the
user has authorized.</p>
</section>
Did the above content solve your problem?
Yes
No
Submitted successfully! Thank you for your feedback, we will try our best to do better and better!