Creating an Agency
An agency is created to grant specific permissions to another account for secure and efficient service management. After an entrusting relationship is established, the administrator of the entrusted enterprise can manage cloud resources on behalf of the entrusting enterprise by switching roles.
Create an agency based on Creating an Agency and set parameters as follows:
- For Agency Type, select Cloud service.
- For Cloud Service, select FunctionGraph.
- For Validity Period, select Unlimited.
- For Permissions: Select permissions based on requirements. The following example describes how to add the VPC Administrator and DNS ReadOnlyAccess permissions.
Table 1 Example of agency permissions Policy Name
Scenario
VPC Administrator
Users with the VPC Administrator permissions can perform any operations on all cloud resources of the VPC.
For example, to configure cross-VPC access, you must specify an agency with VPC management permissions.
DNS ReadOnlyAccess
Users with the DNS ReadOnlyAccess permissions can read DNS resources.
For example, to invoke a DNS API to resolve private domain names, you must specify an agency with the permissions to read DNS resources.
Related Operations
Modifying an agency: You can modify the permissions, validity period, and description of an agency on the IAM console.
After an agency is modified, it takes about 10 minutes for the modification (for example, context.getToken) to take effect.
Last Article: Appendixes
Next Article: Creating an NFS Shared Directory on ECS
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.