Delegating Resource Access to Another Account

Agency is a trust relationship between a delegating account and a delegated account. By creating an agency, you can grant permissions to another account or cloud service for resource management.

This section uses account A and account B as an example to describe how to delegate an account to manage resources under another account.

  1. Account A creates an agency to delegate resource access to account B.

    **Figure 1** Creating an agency

    Figure 1 Creating an agency

  2. Account B grants user Randolph permissions for managing account A's resources.

    1. Create a user group (for example, Agency), and grant resource management permissions to the user group.

    2. Add user Randolph to user group Agency.

    **Figure 2** Delegating resource access

    Figure 2 Delegating resource access

  3. User Randolph of account B manages the resources in account A.

    1. Randolph logs in to the cloud system and switches the role to account A.

    2. Job switches to project A.

    3. Job manages the resources in account A based on assigned permissions.

    **Figure 3** Managing resources based on agency permissions

    Figure 3 Managing resources based on agency permissions

last updated: 2024-09-13 12:13 UTC - commit: ad3e2f7d7a800ad176309d5c8ae2d996b3871f52