操作场景
操作步骤
步骤1:创建策略并授权
1. 使用管理员账号登录访问管理控制台,在 策略 页面,单击新建自定义策略,在弹出的窗口中,选择按标签授权。
2. 进入编辑策略页面,您可按需创建自定义策略(具体操作,请参见 通过标签授权创建自定义策略)。
操作权限:云服务器的全部操作权限和 VPC 的 DescribeVpcEx 和 DescribeNetworkInterfaces(说明:无法确定涉及的其他接口时,请参见 按照资源 ID 授权-步骤3进行验证和添加)。
选择标签:game:webpage (如需创建标签,具体操作请参见 创建标签)
3. 单击下一步,进入关联用户/用户组/角色页面。
说明:
若提示当前策略内容过多,超出策略字符限制,需要拆分多条策略。在弹窗中单击自动拆分即可。
4. 填写策略名称并选择授权用户(查询搜索用户:CvmDev_zhangsan)。
5. 最后单击完成,完成授权。
步骤2:验证结果
至此,子用户 CvmDev_zhangsan 可以对实例进行开关机、重启、更名、重置密码等操作。
策略内容
按照标签授权,最终实现上述预期结果时,对应的策略内容如下:
{"version": "2.0","statement": [{"effect": "allow","condition": {"for_any_value:string_equal": {"qcs:resource_tag": ["game&webpage"]}},"action": ["cvm:*","vpc:DescribeNetworkInterfaces"],"resource": "*"},{"effect": "allow","resource": "*","action": ["cvm:AllocateAddresses","cvm:AssistRecommend","cvm:AssistRecommendConfig","cvm:AssociateNetworkInterfaceSecurityGroups","cvm:AssociateSecurityGroups","cvm:CancelCandidateOrder","cvm:CheckOpenClawRole","cvm:CloneSecurityGroup","cvm:CloneSecurityGroups","cvm:ColdMigrateInstance","cvm:ConfigureChcAssistVpc","cvm:ConfigureChcDeployVpc","cvm:CopySnapshotCrossRegions","cvm:CreateAutoSnapshotPolicy","cvm:CreateCandidateOrder","cvm:CreateCbsStorages","cvm:CreateDisks","cvm:CreateOpenClawAdmin","cvm:CreatePresetRules","cvm:CreateSecurityGroup","cvm:CreateSecurityGroupPolicy","cvm:CreateSecurityGroupWithPolicies","cvm:CreateSendOpenClawEmail","cvm:DeleteDiskSecurityConfigurations","cvm:DeleteInstancesActionTimer","cvm:DeleteKeyPairs","cvm:DeleteMigrateTask","cvm:DeletePresetRules","cvm:DeleteSecurityGroup","cvm:DeleteSecurityGroupPolicies","cvm:DeleteSecurityGroupPolicy","cvm:DescribeAccountAttributes","cvm:DescribeAccountQuota","cvm:DescribeAddresses","cvm:DescribeAllBlockStorages","cvm:DescribeAutoSnapshotPolicies","cvm:DescribeAvailableFeatures","cvm:DescribeBlockStorages","cvm:DescribeCandidateOrder","cvm:DescribeCandidateOrderInstances","cvm:DescribeCbsStorages","cvm:DescribeCbsStoragesForRecycle","cvm:DescribeChcDeniedActions","cvm:DescribeChcGateways","cvm:DescribeChcHostConsumption","cvm:DescribeChcHostTypes","cvm:DescribeChcInstanceTypes","cvm:DescribeChcInstanceTypesForManager","cvm:DescribeChcZones","cvm:DescribeCopyAutoSnapshotPolicy","cvm:DescribeDiagnosticReports","cvm:DescribeDisasterRecoverGroupQuota","cvm:DescribeDiskAssociatedAutoSnapshotPolicy","cvm:DescribeDiskAssociatedSnapshots","cvm:DescribeDiskBackups","cvm:DescribeDiskSecurityConfigurations","cvm:DescribeDiskStoragePool","cvm:DescribeDisks","cvm:DescribeEdgeZones","cvm:DescribeEipStatistics","cvm:DescribeHosts","cvm:DescribeHpcClusterDiagnosticReports","cvm:DescribeImageDetectionDescriptions","cvm:DescribeImageFamilies","cvm:DescribeImageFromFamily","cvm:DescribeImageQuota","cvm:DescribeImageStatistics","cvm:DescribeImages","cvm:DescribeImportImageOs","cvm:DescribeInstanceChargeTypeConfigs","cvm:DescribeInstanceConfigInfos","cvm:DescribeInstanceFamilyConfigs","cvm:DescribeInstanceQuota","cvm:DescribeInstanceReservedInventory","cvm:DescribeInstanceTypeConfigs","cvm:DescribeInstanceTypeZoneStatus","cvm:DescribeInstancesOfferings","cvm:DescribeInternetChargeTypeConfigs","cvm:DescribeKeyPairs","cvm:DescribeMarketImages","cvm:DescribeMigrateTaskStatus","cvm:DescribeOpenClawAdmins","cvm:DescribeOpenClawPackages","cvm:DescribePreferentialRegion","cvm:DescribePresetRuleDetail","cvm:DescribePresetRules","cvm:DescribePurchaseActivityInstanceFamily","cvm:DescribeQuotaIncreaseHistory","cvm:DescribeQuotaIncreaseHistoryOverview","cvm:DescribeQuotaKeys","cvm:DescribeQuotaUpperLimit","cvm:DescribeQuotas","cvm:DescribeRecommendSimilarCoreInstances","cvm:DescribeRecommendZoneInstanceTypes","cvm:DescribeRecommendations","cvm:DescribeRecommendedZones","cvm:DescribeRegions","cvm:DescribeReservedInstanceStatistics","cvm:DescribeReservedInstances","cvm:DescribeReservedInstancesConfigInfo","cvm:DescribeReservedInstancesConfigInfos","cvm:DescribeReservedInstancesDurations","cvm:DescribeReservedInstancesOfferings","cvm:DescribeReservedInstancesProductDescriptions","cvm:DescribeReservedInstancesZones","cvm:DescribeReservedInventories","cvm:DescribeResourcePoolPackInstances","cvm:DescribeResourcePoolPackTypeConfigs","cvm:DescribeResourcePoolPacks","cvm:DescribeResourcesOverview","cvm:DescribeSecurityGroupAssociateInstances","cvm:DescribeSecurityGroupAssociationStatistics","cvm:DescribeSecurityGroupExpandedPolicies","cvm:DescribeSecurityGroupLimits","cvm:DescribeSecurityGroupPolicies","cvm:DescribeSecurityGroupPolicys","cvm:DescribeSecurityGroups","cvm:DescribeSnapshotOverview","cvm:DescribeSnapshots","cvm:DescribeSubMethod","cvm:DescribeTask","cvm:DescribeTaskOperationLog","cvm:DescribeTaskType","cvm:DescribeUserAvailableInstanceTypes","cvm:DescribeUserAvailableRegionAndZones","cvm:DescribeUserAvailableZones","cvm:DescribeUserDiskResources","cvm:DescribeUserGlobalConfigs","cvm:DescribeUserHpcClusterDiagnosticInfos","cvm:DescribeUserInstanceQuota","cvm:DescribeUserInstancesDiscountInfo","cvm:DescribeUserLoginAttribute","cvm:DescribeUserReservedInstanceQuota","cvm:DescribeUserResources","cvm:DescribeUserZoneStatus","cvm:DescribeZoneCpuQuota","cvm:DescribeZoneHostConfigInfos","cvm:DescribeZoneHostForSellStatus","cvm:DescribeZoneInstanceConfigInfos","cvm:DescribeZoneInstanceSoldDiscount","cvm:DescribeZones","cvm:DisassociateAddress","cvm:DisassociateNetworkInterfaceSecurityGroups","cvm:DisassociateSecurityGroups","cvm:ExecuteChcMiniOsCommand","cvm:ExitLiveMigrateInstance","cvm:ExportImage","cvm:ImportCbs","cvm:ImportExternalImageToEdgeZone","cvm:ImportFullCvmImage","cvm:ImportKeyPair","cvm:IncreaseQuota","cvm:IncreaseQuotas","cvm:InquirePricePurchasePrepInstancePack","cvm:InquirePricePurchaseReservedInstancesOffering","cvm:InquirePricePurchaseResourcePoolPacks","cvm:InquiryPriceAllocateHosts","cvm:InquiryPriceModifyInstanceDiskType","cvm:InquiryPriceModifyInstanceInternetChargeType","cvm:InquiryPriceRenewHosts","cvm:InquiryPriceRenewInstances","cvm:InquiryPriceTerminateInstances","cvm:InquirySnapshotPrice","cvm:InquiryStoragePrice","cvm:ListIdleInstanceStock","cvm:ListRegionZones","cvm:ListStatusMappings","cvm:ListTimeWindow","cvm:LiveMigrateInstance","cvm:ModifyAccountQuota","cvm:ModifyAddressAttribute","cvm:ModifyAddressesBandwidth","cvm:ModifyChcAttribute","cvm:ModifyChcDhcpOptions","cvm:ModifyChcInstanceTypeSaleRelation","cvm:ModifyDiskAttributes","cvm:ModifyDiskSecurityConfigurations","cvm:ModifyHostsAttribute","cvm:ModifyInstancesActionTimer","cvm:ModifyInstancesProject","cvm:ModifyInstancesRenewFlag","cvm:ModifyPresetRules","cvm:ModifyReservedInstances","cvm:ModifySecurityGroupAttributes","cvm:ModifySecurityGroupPolicies","cvm:ModifySecurityGroupPolicys","cvm:ModifySingleSecurityGroupPolicy","cvm:ModifyUserLoginAttribute","cvm:PreferentialUpgradeInstancesType","cvm:PurchaseReservedInstancesOffering","cvm:PurchaseResourcePoolPacks","cvm:PurgeInstances","cvm:QuerySubscribeStockNotify","cvm:ReleaseAddresses","cvm:RemoveChcAssistVpc","cvm:RemoveChcDeployVpc","cvm:RemoveChcHosts","cvm:RenewAddresses","cvm:RenewCbsStorage","cvm:RenewHosts","cvm:RenewInstances","cvm:ReplaceSecurityGroupPolicies","cvm:ReplaceSecurityGroupPolicy","cvm:ResetChcBmcPassword","cvm:ResetCreateOpenClawAdmin","cvm:ResetInstancesInternetMaxBandwidth","cvm:ResetInstancesPassword","cvm:ResetOpenClawAdminCredential","cvm:ResizeCbsStorage","cvm:ResizeInstanceDisks","cvm:RunChcInstances","cvm:RunRecommender","cvm:SearchUserInstance","cvm:StartInstances","cvm:SubscribeStockNotify","cvm:TerminateHpcClusterDiagnosticReport","cvm:TerminateRecommender","cvm:TerminateResourcePoolPacks","cvm:TransformAddress","cvm:UnsubscribeStockNotify","cvm:UpdateInstancesActionTimer","cvm:ViewModifyInstancesAttribute","vpc:DescribeVpcEx"]}]}
