Under the corporate account CompanyExample (with ownerUin 12345678), there is a sub-account named Developer. This sub-account requires read-only access to the COS service of the corporate account CompanyExample (access to COS buckets, objects, object lists, and so on).
Scenario A:
The corporate account CompanyExample directly grants the preset policy QcloudCOSReadOnlyAccess to the sub-account Developer. For the method of authorization, please see Authorization Management.
Scenario B:
1. Create a policy through policy syntax.
{"version": "2.0","statement":[{"effect": "allow","action": ["cos:List*","cos:Get*","cos:Head*","cos:OptionsObject"],"resource": "*"}]}
2. Grant this policy to the sub-account. For the authorization method, please see Authorization Management.