최신 업데이트:2026-07-08 14:13:13
The permission feature is a resource authorization management capability in Cloud Log Service (CLS).
After you create logs, data processing tasks, or upload targets, you can grant these resources to other sub-accounts under the same main account for team collaboration and sharing.
The authorization entry is only visible to the resource creator in each resource list; other accounts cannot see this entry. Once you enter the authorization configuration page, you can select the authorization scope (only the creator / specified accounts). After authorization, the designated accounts can see and use the resource in their own lists upon login.
This feature is designed for resource creators who require team collaboration and cross-account resource sharing. It helps you securely assign permissions for using logs, tasks, and upload targets across different accounts.
User Task Scenario:
| Task Scenario | Description | User Guide |
|---|---|---|
| Data Ingestion Authorization | Grant other accounts access to logs, enabling them to create ingestion tasks based on the specified consumption type | Data Ingestion Authorization |
| Data Consumption Authorization | Grant other accounts permission for the consumption task, associated data tables, and dashboards under the task | Data Consumption Authorization |
| Upload Target Authorization | Grant other accounts permission to use the upload target, allowing them to select it when creating new upload tasks | Upload Target Authorization |
This document covers the following proprietary terms. It is recommended to review them before proceeding:
| Term | Description |
|---|---|
| Resource Creator | The account that creates a specific log, consumption task, or upload target. Only the creator can access the ‘Function Authorization’ entry for that resource |
| Main Account / Sub-account | The main account can view all resources but can only edit those it has created; the sub-account can only view and edit resources it has created or which it has been authorized to access |
| Authorization Scope | The range of visibility for a resource, categorized as ‘Creator Only’ (default) and ‘Specified Account’ |
| Consumption Type | Indicates what consumption tasks logs can be used for. Currently supported: data upload, data download, and dashboard; available types are determined by the service plan purchased by the main account |
| Plan | The service package purchased by the main account, which determines which feature modules are enabled on the platform and the types of optional consumption available |
Function Entry Point:
Prerequisite:
Default Permissions:
Permission Revocation Handling:
Authorizations are not unidirectional; please note the following impacts when revoking permissions:
| Revocation Target | Revocation Handling |
|---|---|
| Data Ingestion | If the authorized party has already created a consumption task using this log, you cannot directly revoke it; please delete the corresponding downstream task first |
| Data Consumption - Task Permissions | The authorized party will not be able to see, edit, pause, or start the task |
| Data Consumption - Data Permissions | The authorized party will no longer see the data table under [Dashboard - Data Sources - Log Analysis Data Sources]; any charts in the dashboard that utilize this table will not be able to query data |
| Data Consumption - Dashboard Permissions | If view permission is revoked, the dashboard becomes invisible; if edit permission is revoked, both the dashboard and its datasets become inaccessible |
| Upload Destination | The upload tasks that have already used this destination will not be affected; only newly created tasks will be impacted |