Help Center/ SecMaster/ FAQs/ Purchase Consulting/ How Do I Obtain Permissions to Purchase SecMaster?
Updated on 2024-11-06 GMT+08:00

How Do I Obtain Permissions to Purchase SecMaster?

If a message indicating insufficient permission is displayed when you purchase SecMaster, obtain the permission by following the procedure below.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
  3. (Optional) Create a user group.

    If the SecMaster_ops user group has been created, skip this step.
    1. In the navigation pane on the left, choose User Groups. On the displayed page, click Create User Group in the upper right corner.
    2. On the Create User Group page, specify user group name and description.
      • Name: Set this parameter to SecMaster_ops.
      • Description: Enter a description.
    3. Click OK.

  4. Assign permissions to the user group.

    1. Add global permissions.
      1. In the navigation pane on the left, choose Permissions > Policies. In the upper right corner of the displayed page, click Create Custom Policy.
      2. Configure a policy.
        • Policy Name: Enter a policy name.
        • Policy View: Select JSON.
        • Policy Content: Copy the following content and paste it in the text box.
          {
              "Version": "1.1",
              "Statement": [
                  {
                      "Effect": "Allow",
                      "Action": [
                          "iam:permissions:checkRoleForAgency",
                          "iam:agencies:listAgencies",
                          "iam:permissions:grantRoleToAgencyOnDomain",
                          "iam:agencies:createAgency",
                          "iam:permissions:grantRoleToAgency",
                          "iam:permissions:grantRoleToAgencyOnProject"
                      ]
                  }
              ]
          }
      3. Click OK.
    2. Add project-level permissions.
      1. In the navigation pane on the left, choose Permissions > Policies. In the upper right corner of the displayed page, click Create Custom Policy.
      2. Configure a policy.
        • Policy Name: Enter a policy name.
        • Policy View: Select JSON.
        • Policy Content: Copy the following content and paste it in the text box.
          {
              "Version": "1.1",
              "Statement": [
                  {
                      "Action": [
                          "bss:order:pay",
                          "bss:unsubscribe:update",
                          "bss:order:view",
                          "bss:balance:view",
                          "bss:order:update",
                          "ecs:cloudServers:list",
                          "bss:renewal:view",
                          "bss:renewal:update",
                          "secmaster:*:*"
                      ],
                      "Effect": "Allow"
                  }
              ]
          }
      3. Click OK.

  5. Assign permissions to the created user group.

    1. In the navigation pane on the left, choose User Groups. On the displayed page, click SecMaster_ops.
    2. On the Permissions tab page, click Authorize.
    3. On the Select Policy/Role page, search for and select the policy added in 4 and click Next.
    4. Set the minimum authorization scope. Select All resources for Scope. After the setting is complete, click OK.
    5. Verify the authorization. The policy will be listed on the page.

  6. Add the operation account to the user group.

    1. In the navigation pane on the left, choose User Groups.
    2. Locate the row that contains the SecMaster_ops user group, and click Manage User the Operation column.
    3. In the displayed Manage User dialog box, select users you want to add.
    4. Click OK.