Help & Documentation>Content Delivery Network>Permission Management>Activate Real-time Logging as Sub-account/Collaborator

Activate Real-time Logging as Sub-account/Collaborator

Last updated: 2024-12-31 17:52:48

On this page:

When a sub-account/collaborator activates real-time logging, the main account or a sub-account/collaborator with management permissions needs to grant the following two authorizations to the sub-account/collaborator executing the activation, and then proceed with the activation of real-time logging.
1. Preset policy QcloudCamSubaccountsAuthorizeRoleFullAccess
2. Custom policy cdn_PassRole

Operation Steps

1. Associate the preset policy QcloudCamSubaccountsAuthorizeRoleFullAccess with sub-account/Collaborator. The root account or sub-account/Collaborator with administrative privileges should select Policy from the left sidebar. After entering the Policy page, search for QcloudCamSubaccountsAuthorizeRoleFullAccess to find the policy, click Associate User/Group in the operation column on the right, select the sub-account/Collaborator to associate in the pop-up window, and complete the association operation.

2. Create a custom policy cdn_PassRole and associate it with sub-account/Collaborator.
2.1 The root account or sub-account/Collaborator with administrative privileges needs to log in to the CAM console, select Policy on the left sidebar, and then click Create Custom Policy. In the pop-up dialog box, select Create by Policy Syntax

2.2 On the Create by Policy Syntax page, select Blank Template, and click Next. On the Edit Policy page, enter the policy name and content as shown below before clicking Done to create the policy.

The policy syntax is as follows:
{
 "version": "2.0",
 "statement": [
  {
   "effect": "allow",
   "action": [
           "cam:PassRole"
   ],
      "resource": [
          "qcs::cam::uin/${OwnerUin}:roleName/CDN_QCSRole"
      ]
  }
 ]
}
Where ${OwnerUin} needs to be replaced with the main account ID, which can be obtained from the console account information page.
3. Associate the cdn_PassRole policy with the sub-account or collaborator. In the left sidebar, select Policies. After entering the Policies page, you can see the newly created cdn_PassRole policy, or find it by searching names. Click Associating a Users/Groups in the right operation column. In the pop-up window, select the sub-account/collaborator to be associated and complete the association operation.

4. After completing the association of the above two permissions, the authorized sub-account/collaborator can activate real-time logging as prompted in the console.
中国站 - English