Due to business interactions between services on the cloud platform, certain service roles depend on roles from other services to function properly. Therefore, when assigning role-based permissions, administrators must also grant the dependent roles for the authorization to take effect. Policies, however, have no dependency relationships and do not require additional dependent authorization.
Procedure
Step 1: The administrator logs in to the IAM console.
Step 2: In the user group list, click Authorize next to the newly created user group.
Step 3: On the authorization page, the administrator searches for the required role in the permission list's search box.
Step 4: When selecting a role, the system will automatically check its dependent roles.
Step 5: Click 
below the selected permissions to check the role dependencies.
For example, the DAS Administrator role includes a Depends field in its definition, indicating dependency relationships.
When assigning the "DAS Administrator" role to a user group, the administrator must also grant the "Tenant Guest" role in the same project for the "DAS Administrator" permissions to take effect.
Step 6: Click Confirm to complete the authorization of dependent roles.