forked from docs/doc-exports
Wei, Hongmin
04bff7c7a8
Reviewed-by: Kabai, Zoltán Gábor <zoltan-gabor.kabai@t-systems.com> Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com> Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
28 lines
3.6 KiB
HTML
28 lines
3.6 KiB
HTML
<a name="iam_06_0001"></a><a name="iam_06_0001"></a>
|
|
|
|
<h1 class="topictitle1">Delegating Resource Access to Another Account</h1>
|
|
<div id="body1536567226740"><p id="iam_06_0001__en-us_topic_0175851542_p419452619206">The agency function enables you to delegate another account to implement O&M on your resources based on assigned permissions.</p>
|
|
<div class="note" id="iam_06_0001__en-us_topic_0175851542_note16465165619914"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="iam_06_0001__en-us_topic_0175851542_p5441123874315">You can delegate resource access only to accounts. The accounts can then delegate access to IAM users under them.</p>
|
|
</div></div>
|
|
<p id="iam_06_0001__en-us_topic_0175851542_p14503234175719">The following is the procedure for delegating access to resources in one account to another account. Account A is the delegating party and account B is the delegated party.</p>
|
|
<ol id="iam_06_0001__en-us_topic_0175851542_ol93719291583"><li id="iam_06_0001__en-us_topic_0175851542_li7973436460"><span>Account A creates an agency in IAM to delegate resource access to account B.</span><p><div class="fignone" id="iam_06_0001__en-us_topic_0175851542_fig19451183916"><span class="figcap"><b>Figure 1 </b>(Account A) Creating an agency</span><br><span><img id="iam_06_0001__en-us_topic_0175851542_image1897310310466" src="en-us_image_0000001146708849.png" width="465.5" height="253.53856500000003" title="Click to enlarge" class="imgResize"></span></div>
|
|
<p id="iam_06_0001__en-us_topic_0175851542_p79731315465"></p>
|
|
</p></li><li id="iam_06_0001__en-us_topic_0175851542_li39403418580"><span>(Optional) Account B assigns permissions to an IAM user to manage specific resources for account A.</span><p><ol type="a" id="iam_06_0001__en-us_topic_0175851542_ol163021621138"><li id="iam_06_0001__en-us_topic_0175851542_li43022213316">Create a user group, and grant it permissions required to manage account A's resources.</li><li id="iam_06_0001__en-us_topic_0175851542_li185871121039">Create a user and add the user to the user group.</li></ol>
|
|
<div class="fignone" id="iam_06_0001__en-us_topic_0175851542_fig13920195251916"><span class="figcap"><b>Figure 2 </b>(Account B) Authorizing an IAM user to manage delegated resources</span><br><span><img id="iam_06_0001__en-us_topic_0175851542_image132761059148" src="en-us_image_0000001100309480.png" width="464.33625" height="107.38686000000001" title="Click to enlarge" class="imgResize"></span></div>
|
|
</p></li><li id="iam_06_0001__en-us_topic_0175851542_li1955916295913"><span>Account B or the authorized user manages account A's resources.</span><p><ol type="a" id="iam_06_0001__en-us_topic_0175851542_ol141821624908"><li id="iam_06_0001__en-us_topic_0175851542_li1018211241004">Log in to account B's account and switch the role to account A.</li><li id="iam_06_0001__en-us_topic_0175851542_li456168133010">Switch to region A and manage account A's resources in this region.</li></ol>
|
|
<div class="fignone" id="iam_06_0001__en-us_topic_0175851542_fig192209187205"><span class="figcap"><b>Figure 3 </b>(Account B) Switching the role</span><br><span><img id="iam_06_0001__en-us_topic_0175851542_image3259945181410" src="en-us_image_0000001146589991.png" width="239.4" height="307.41088" title="Click to enlarge" class="imgResize"></span></div>
|
|
</p></li></ol>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="iam_01_0054.html">Account Delegation</a></div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<script language="JavaScript">
|
|
<!--
|
|
image_size('.imgResize');
|
|
var msg_imageMax = "view original image";
|
|
var msg_imageClose = "close";
|
|
//--></script> |