Under the corporate account CompanyExample (ownerUin 12345678), there is a sub-account named Developer. This sub-account requires the permission to view the security group in the CVM console of the corporate account CompanyExample, and to utilize the security group's permissions.
The following policy gives the sub-account permission to create and delete security groups in the CVM Console.
1. Create the following policy using policy syntax.
{"version": "2.0","statement": [{"action": ["cvm:DeleteSecurityGroup","cvm:CreateSecurityGroup"],"resource": "*","effect": "allow"}]}
2. Grant this policy to the sub-account. For the authorization method, please see Authorization Management.
The following policy grants the sub-account permission to create, delete, and modify security group policies in the CVM Console.
1. Create the following policy using policy syntax.
{"version": "2.0","statement": [{"action": ["cvm:ModifySecurityGroupPolicy","cvm:CreateSecurityGroupPolicy","cvm:DeleteSecurityGroupPolicy"],"resource": "*","effect": "allow"}]}
2. Grant this policy to the sub-account. For the authorization method, please see Authorization Management.