Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ User Guide/ Identity/ Trust Agencies/ Trust Agency Operations Management/ Delegating Another Account for Resource Management/ Deleting or Modifying an Agency (by a Delegated Party)
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Deleting or Modifying an Agency (by a Delegated Party)

You can modify or delete an agency or a trust agency as needed.

Both agencies and trust agencies are displayed on the new IAM console. Agencies can be created, modified, and deleted on the old IAM console, while trust agencies can be created, modified, and deleted on the new IAM console.

Modifying an Agency

If you need to modify the permissions, maximum session duration, and description of an agency, go to the old IAM console.

Figure 1 Modifying an agency

Modifying the permissions of cloud service agencies may affect the usage of certain functions of cloud services. Exercise caution when performing this operation.

Modifying a Trust Agency

  1. To modify the description and trust policy of a trust agency, click Modify in the Operation column.

    Figure 2 Modifying a trust agency

  2. Modify the trust agency details. For details about the parameters, see Creating a Trust Agency (by a Delegating Party).
  3. On the trust agency details page, click the Trust Policy tab.
  4. Click Edit Trust Policy and edit the trust policy content based on service requirements.

    • For details about how to modify the grammar of a trust policy, see Identity Policy Grammar. You can use the Edit Statement editor to edit the trust policy (add actions, a principal, and conditions).
    • You can add cloud services to the principal. For details about how to obtain the cloud service principal, see the "Service Principal" column in Cloud Services for Using Identity Policies and Trust Agencies. For example, the service principal of Organizations is service.Organizations.

  5. Click OK.

Deleting an Agency

If you no longer need an agency, go to the old IAM console to delete it.

Figure 3 Deleting an agency

Deleting a Trust Agency

If you no longer need a trust agency, click Delete in the row containing the trust agency to be deleted and click OK. Before deleting a trust agency, delete the assigned permissions defined by identity policies and ensure that services will not be affected after the trust agency is deleted.

Figure 4 Deleting a trust agency

Batch Deleting Trust Agencies

To delete multiple trust agencies, select them in the list and click Delete above the list. On the new IAM console, you can only batch delete trust agencies. To batch delete agencies, go to the old IAM console.

Before deleting a trust agency, delete the assigned permissions defined by identity policies and ensure that services will not be affected after the trust agency is deleted.

Figure 5 Batch deleting trust agencies

After you delete a trust agency, all permissions granted to the delegated accounts will be revoked. This has no impact on your other business partners.