Help & Documentation>Cloud Load Balance>Operations Manual>CLB Certificate Operation Permissions

CLB Certificate Operation Permissions

Last updated: 2023-09-05 18:55:39

Scenario

As of March 23, 2020, all certificate-related operations for CLB have been integrated with Cloud Access Management (CAM) authentication. Therefore, when using a sub-user account for CLB certificate-related operations, if you receive a message stating "This operation requires authorization, please contact your developer to grant you permission," you can follow the steps below to grant certificate-related permissions to the sub-user account.

Preparations

The account used for login must be either a root account or a sub-user account with CAM-related permissions, specifically, a sub-user account associated with the QcloudCamFullAccess policy (full read and write access to Users and Permissions (CAM)).
Note:
To check the CAM-related permissions of a sub-user account, you can go to the User List in the Cloud Access Management console, enter the details page of the corresponding sub-user, and check under "Permissions" whether the QcloudCamFullAccess policy is already associated.
If you have already associated the QcloudCamFullAccess policy but still encounter the message "No API permissions available (message:GetReceiversOnAllType), please contact the developer for authorization" during the process of granting certificate-related permissions, please ignore the message and continue with the operation.

Instructions

Choose any of the following methods to grant certificate-related permissions.

Method 1: Associate a custom policy

2. In the left sidebar, click Policies to navigate to the "Policies" list page.
3. Click Create Custom Policy. In the pop-up window, select Create by Policy Syntax.
4. In the "Select Template Policy" page, choose Blank Template and click Next.
5. On the "Edit Policy" page, enter the policy name, and in the input box for "Edit Policy Content," enter the following policy content.
{
"version": "2.0",
"statement": [
{
"action": "name/ssl:*",
"resource": "qcs::ssl:::*",
"effect": "allow"
}
]
}
6. Click Complete to return to the Policy list page.
7. In the "Policy" list page, locate the row containing the newly created policy and click Associate User/Group/Role under the operation column.

2a0cf97e6de81cbbc3fcc6af9164bb5a.png


8. In the pop-up box, select the user to be authorized and click Confirm to proceed.

2105e8b1ebf79f0d6b1d063aa0bcd158.png



Method 2: Associate Preset Policy

2. In the left sidebar, select Users > User List to navigate to the "User List" page.
3. In the row of the sub-user requiring authorization, click Authorize under the Operation column.
4. In the pop-up box, select either QcloudSSLFullAccess (full read and write access to SSL certificates) or QcloudSSLReadOnlyAccess (read-only access to SSL certificates), and click OK to confirm.
a18245f729467395f801002f6defcb8d.png