- What's New
- Service Overview
- Getting Started
-
User Guide
- Permissions Management
- Managing Organizations
- Managing OUs
- Managing Accounts
-
Managing SCPs
- Overview of an SCP
- Enabling or Disabling the SCP Type
- Creating an SCP
- Modifying or Deleting an SCP
- Attaching or Detaching an SCP
- Example SCPs
- System-defined SCPs
- Cloud Services for Using SCPs
- Regions for Using SCPs
-
Actions Supported by SCP-based Authorization
- Compute
- Storage
- Networking
- Containers
- Analytics
- Content Delivery & Edge Computing
- Databases
- Security & Compliance
- Internet of Things
- Middleware
- Developer Services
- Business Applications
-
Management & Governance
- Simple Message Notification (SMN)
- Log Tank Service (LTS)
- Identity and Access Management (IAM)
- Security Token Service (STS)
- Resource Formation Service (RFS)
- IAM Identity Center
- Organizations
- Resource Access Manager (RAM)
- Enterprise Project Management Service (EPS)
- Tag Management Service (TMS)
- Config
- IAM Access Analyzer
- Cloud Trace Service (CTS)
- Resource Governance Center (RGC)
- Application Operations Management (AOM)
- Cloud Eye (CES)
- IAM Identity Broker
- User Support
- Migration
- Managing Tag Policies
- Managing Trusted Services
- Managing Tags
- CTS Auditing
- Adjusting Quotas
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Managing Organizations
- Managing OUs
-
Managing Accounts
- Creating an Account
- Listing Accounts in an Organization
- Closing an Account
- Getting Account Information
- Updating an Account
- Removing the Specified Account
- Moving an Account
- Inviting an Account to Join an Organization
- Querying Account Creation Requests in Specified State
- Querying Account Creation Status
- Querying CloseAccount Requests in Specified State
- Managing Invitations
- Managing Trusted Services
- Managing Delegated Administrators
- Managing Policies
-
Managing Tags
- Listing Tags for the Specified Resource
- Adding Tags to the Specified Resource
- Removing Tags from the Specified Resource
- Listing Tags for the Specified Resource Type
- Adding Tags to the Specified Resource Type
- Deleting Tags with the Specified Key from the Specified Resource Type
- Querying Resource Instances by Resource Type and Tag
- Querying Number of Resource Instances by Resource Type and Tag
- Querying Resource Tags
- Others
- Permissions and Supported Actions
- Appendixes
- Change History
- FAQs
- General Reference
Copied.
Basic Concepts
The commonly used concepts in Organizations include organization, root organizational unit (OU), other OUs, service control policies, URN, and principals.
Organization
An organization is an entity that you create to manage multiple accounts. Each organization is composed of one management account, multiple member accounts, a root OU, and other OUs. An organization has exactly one management account along with several member accounts. You can organize the accounts in a hierarchical, tree-like structure with the root OU at the top and nested OUs under it. Each member account can be directly under the root OU or placed under one of the other OUs.
Root OU
Organizations automatically generates the root OU for you when you enable Organizations to create an organization. The root OU is located at the top of the tree, and its branches represent other OUs and accounts reaching down.
OUs
An OU is a container or grouping unit for member accounts. It can be understood as a department, a subsidiary, a project team, or the like, of your enterprise. An OU can also contain other OUs. Each OU can have exactly one parent OU, but a parent OU can have multiple child OUs or nested member accounts.
Service Control Policies
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. The management account can use SCP to limit the permissions that can be assigned to member accounts in an organization. You can attach an SCP to your organization, OUs, or member accounts. Any SCP attached to an organization or OU affects all the accounts within the organization or under the OU. For details, see Overview of an SCP.
Tag Policies
Tag policies are a type of policy that can help you standardize tags across resources in your organization's accounts. A tag policy is only applied to tagged resources and tags that are defined in that policy. For details, see Overview of a Tag Policy.
URN
A uniform resource name (URN) is used to uniquely identify a cloud service resource.
A URN is in the following format: <service-name>:<region>:<account-id>:<type-name>:<resource-path>
- service-name: the abbreviation of a cloud service name in lowercase, for example, ecs. The abbreviation must be valid and cannot be a wildcard.
- region: the region where the resource is located, for example, cn-north-1. If the resource is a global service resource, leave this field blank or use asterisks (*) to replace it.
- account-id: the ID of the account. The value system indicates public system resources, such as system-defined policies.
- type-name: the resource type in lower camel case.
- resource-path: the resource path whose format is defined by the cloud service.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot