Entrustment Description

Workspace works closely with multiple cloud service resources, such as compute, networking, and images. When you create a scheduled task for recomposing a system disk, create a desktop pool, or send a notification about idle desktops, Workspace automatically requests permissions to access the cloud resources in the region. See the permissions displayed on the page.

After the permission granting is approved, an agency named workspace_admin_trust will be created on IAM. To ensure normal service usage, do not delete or modify the workspace_admin_trust agency when performing scheduled tasks or using the desktop pool.

workspace_admin_trust agency description:

The workspace_admin_trust agency has the permissions as Tenant Administrator. Tenant Administrator has the permissions on all cloud services except IAM and can call the cloud services on which Workspace depends. The delegation takes effect only in the current region.

To use Workspace in multiple regions, you need to request cloud resource permissions in each region. To view the delegation records of each region, go to the IAM console, choose Agencies, and click workspace_admin_trust.

Workspace may malfunction if the Tenant Administrator role is not assigned. Therefore, do not delete or modify the workspace_admin_trust agency when using Workspace.

• If you manually change the permissions of the workspace_admin_trust agency, and the new permissions of this agency are different from those expected by Workspace, a message is displayed asking you to grant the permissions. If you grant the new permissions, the previous permissions may become invalid.