Authorization Method

<p class="shortdesc"></p> <p class="p">The method of authorizing a RAM user is to bind one or multiple access policies to a sub-account (user) or user group by using a master account or sub-account with RAM operation permission. The bound access policy can be system access policy and custom access policy. If the bound access policy is updated, it will automatically take effect and there is no need to bind again. </p> <ul class="ul" id="Authorization_method__ul_lxq_1bd_flb"> <li class="li"><strong class="ph b">Master account (resource owner) controls all permission</strong>: each resource belongs to only one owner which must be a master account paying for the resource and having full control over the resources. Resource owner is not necessarily the creator of the resource. For example, if a RAM user is authorized with the permission of creating resource, resource created by the RAM user belongs to its master account. This RAM user is the resource creator but not the owner. </li> <li class="li"><strong class="ph b">RMA user (operator) has no permission by default</strong>: a RAM user is a RAM sub-account whose operation should have explicit authorization. A new RAM user has no operation permission by default. Only the RAM user is authorized can it access or operate resource via the Console or API request. </li> <li class="li"><strong class="ph b">Resource creator (RAM user) does not automatically have any permission of the resource it has created</strong>: if a RAM user is authorized with the permission of creating resource, it is able to create resource but does not automatically have any permission of the resource it has created unless it has explicit authorization from the resource owner. </li> </ul>
Did the above content solve your problem? Yes No
Please complete information!

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Technical Support

cloud products