Service-linked Agency
Both service-linked agencies and cloud service trust agencies are used by services to perform operations on your behalf. However, they have different characteristics. An administrator can create, modify, and delete cloud service trust agencies in IAM. However, an administrator can only view but cannot edit the permissions of service-linked agencies. Service-linked agencies are displayed in your account and are owned by the services. Note that service-linked agencies also consume agency or trust agency quotas of your account.
Permissions of a Service-linked Agency
The permissions of a service-linked agency are predefined by the service and are the minimum set of permissions required to use the service on your behalf. Administrators can view but not modify service-linked agency permissions. This avoids misoperations and prevents service interruption or failures due to insufficient permissions.
Creating a Service-linked Agency
You need to configure permissions for IAM principals to allow them to create service-linked agencies. Then, when an IAM principal operates cloud service resources, the service-linked agency is automatically created by the cloud service.
- Allowing IAM principals to create any service-linked agencies
- Allowing IAM principals to create specific service-linked agencies
Deleting a Service-linked Agency
Service-linked agencies can only be deleted by services. IAM administrators only have permission to view them in IAM. This prevents accidental deletion and service failure.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
