Help Center/ Cloud Operations Center/ User Guide/
Updated on 2024-11-20 GMT+08:00
View PDF
Share
Cross-Account Management

Cross-Account Management

Overview

COC provides secure and reliable cross-account data aggregation and resource O&M capabilities. If your account is an organization account, you can centrally manage the resources of all member accounts in your enterprise and enjoy the automated O&M and O&M situation awareness functions on COC without logging in to the member accounts one by one.

Assume that account A needs to manage account B. To use COC to perform cross-account O&M and management on account B, perform the following operations:
  1. If account A is an organization administrator, skip this step. If account A is not an organization administrator, the organization administrator should add account A as a delegated administrator. For details, see Specifying a Delegated Administrator.

    The administrator can delegate the administrator rights to a member and revoke them. The right change takes effect after you refresh the page 1 to 2 minutes later.

  2. The organization administrator or delegated administrator invites account B to join the organization. For details, see Inviting an Account to Join the Organization.
  3. After account B is added to the organization, log in to the COC console as account A and perform cross-account O&M and management on the O&M situation awareness, resource management, and job management pages.

For details about organizations, see the Organization User Guide.

To access the data asset information of account B, COC automatically creates a service agency in account B.

  • The agency is a cloud service agency. Its permission is COCAssumeServiceLinkedAgencyPolicy, and name is ServiceLinkedAgencyForCOC.
  • If account B is deleted, COC automatically deletes the COC agency in account B.

Enabling Cross-Account Management

After the cross-account management function is enabled, the organization or delegated administrator can perform unified resource management and enjoy automated O&M and O&M situation awareness for all member accounts in the organization on COC without logging in to the member accounts one by one. This section describes how to enable the cross-account management function.

Prerequisites

  • You have enabled an organization service. If no, enable it by referring to Enabling the Organizations Service.
    Figure 1 Enabling the organization service
    • Only the enterprise master account in the enterprise center can create organizations.
    • After an organization is created in the enterprise center, you need to be re-authorized to access all functions of the organization.
    • After the organization service is enabled, access the organization management page, and perform the following steps to create an organization:

      1. Create an organization as the organization administrator. One account can belong to only one organization.

      2. A member account can only have the permission to view the control panel.

      3. The member account must also be an enterprise-level account.

  • Enable COC as a trusted service. For details, see Enabling a Trusted Service.
    Figure 2 Enabling a trusted service
  • The account is an administrator or delegated administrator. For details, see Adding a Delegated Administrator.
    Figure 3 Adding a delegated administrator

Constraints

After a member account is invited to join an organization, the administrator or delegated administrator can view and manage the data and resources of the member account in the organization on COC. The cross-account management functions include O&M situation awareness, resource management, and job management.