Overview

최신 업데이트:2022-01-07 15:41:09

IAM (Identity and Access Management) is an identity and access management service provided by CDNetworks. Through IAM configuration, the parent account/main account can control the operation permissions and access control of the sub-accounts by assigning different permission policies to different sub-accounts as needed, for example, restrict the sub-account to only have the read permission to a specified bucket.

Note: In order to avoid resource leakage, it is strongly recommended to allocate according to the least privileges. We recommend customers to change AK/SK regularly, and clean up unused accounts and their privileges in a timely manner.

Parent account/main account

  • The resource owner who has full control authority over all resources under its account.
  • The basic subject of resource usage metering and billing, which pays for all resources under its account.

Sub-account

  • Created by the parent account, it is assigned independent keys and permissions when it is created. By default, it does not have any permissions (including any permissions on the resources created by itself). All operations need to have the parent account’s authorization.
  • It is subordinate to the parent account and it cannot own any resources. There is no independent metering and billing for sub-account.

Note:

  • Each resource has one and the only owner (resource Owner). The owner must be the parent account which has all control rights to the resource.
  • The resource owner can not be the resource creator. For example: a sub-account is granted as the permission to create resources, the owner of resources created by the sub-account is the parent account, in this case, the sub-account is the resource creator but not the resource owner.
이 문서의 내용이 도움이 되었습니까?
아니오
정상적으로 제출되었습니다.피드백을 주셔서 감사합니다.앞으로도 개선을 위해 노력하겠습니다.