(Optional) Assigning Permissions to an IAM User (by a Delegated Party)
When a trust relationship is established between your account and another account, you become a delegated party. By default, only your account and the members of the admin group can manage resources for the delegating party. To authorize IAM users to manage these resources, assign permissions to the users.
You can authorize an IAM user to manage resources for all delegating parties, or authorize the user to manage resources for a specific delegating party.
Prerequisites
- A trust relationship has been established between your account and another account.
- You have obtained the name of the delegating account and the name and ID of the created agency.
Procedure
- Create a user group and grant permissions to it.
- On the User Groups page, click Create User Group.
- Enter a user group name.
- Click OK.
- In the row containing the user group, click .
- Click OK.
- Create an IAM user and add the user to the user group.
- On the Users page, click Create User.
- On the Create User page, enter a username.
- Select Management console access for Access Type and then select Set by user for Credential Type.
- Enable login protection and click Next.
- Select the user group created in 1 and click Create.
After the authorization is complete, the IAM user can switch to the account of the delegating party and manage specific resources under the account.
Related Operations
The delegated account or the authorized IAM users can switch their roles to the delegating account to view and use its resources.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
