Overview

Introduction

SCM allows you to share an SSL certificate of account A with all member accounts, such as accounts B and C, in the same organization unit. These accounts can deploy the shared certificate on services such as ELB, WAF, and CDN to enable HTTPS.

Account A is the SSL certificate owner (owner for short).
Accounts B and C are SSL certificate recipients (recipient for short).

SSL Certificate Owner and Recipient Permissions

Owners can perform all operations on SSL certificates, while recipients can only perform certain operations. For details, see Table 1.

**Table 1** Operations supported for SSL certificate recipients
Role	Operation Supported	Description
Recipient	scm:cert:get	Access through the console or API
	scm:cert:getApplicationInfo	Access through the console or API
	scm:cert:getDomainValidation	Access through the console or API
	scm:cert:listDeployedResources	Access through the console or API
	scm:cert:listCertificatesByTag	Access through the console or API
	scm:cert:listTagsByCertificate	Access through the console or API
	scm:cert:listAllTags	Access through the console or API
	scm:cert:push	Access through the console or API
	scm:cert:listPushHistory	Access through the console or API
	scm:cert:enableAutoDeploy	Access through the console or API
	scm:cert:listAutoDeployedResources	Access through the console or API
	scm:cert:deployResources	Access through the console or API
	scm:cert:listDeployResourcesHistory	Access through the console or API
	scm:cert:getDeployQuota	Access through the console or API