By creating a delegation, you can share resources with other accounts or delegate the management of resources to more specialized individuals or teams. After logging in with their own account, the delegated party can switch to the delegating party's account to manage the delegated resources. This avoids the need for the delegating party to share their security credentials (passwords/keys) with others, ensuring account security.
Procedure
Step 1: The delegating party logs in to the eSurfing Cloud official website using a registered eSurfing Cloud account.
Step 2: Click Console at the top of the homepage. On the Management Center page, under the Management and Deployment category, click IAM.
Step 3: On the IAM management page, select Delegate from the left-hand menu.
Step 4: On the Delegate page, click +Create Delegation.
Step 5: On the Create Delegation page, enter a Delegation Name, select Standard Account as the Delegation Type, and input the Account Name of the other account with which you want to establish a delegation relationship in the Delegated Account field.
Description:
l Regular Account: Share resources with other accounts or delegate the management of resources in the account to more specialized individuals or teams. The delegated account is an account and cannot be an IAM username.
l Cloud Service: Authorize designated cloud services to use other cloud services. For details, see Delegating Other Cloud Services to Manage Resources.
Step 6: Set the Duration and Description information.
Step 7: Click Next to proceed to the Delegated authorization page.
Step 8: Check the permissions to be granted to the delegation, then click Next to select the scope of the permissions.
Description:
l Granting delegation authorization means authorizing another account, while granting user group authorization means authorizing IAM users within an account. The two methods operate the same way, differing only in the number of selectable permissions. For the authorization procedure, see Granting Authorization to User Groups.
l To ensure the security of your account, the Security Administrator permission cannot be assigned to a delegation. It is recommended to follow the principle of least privilege and grant only the minimum necessary permissions based on your business scenario.
Step 9: Click Confirm to complete the delegation setup.
Description:
The delegating party has completed the setup. After providing the delegated party with the delegating party's account name, delegation name, delegation ID, and delegated resource permissions, the delegated party can switch roles to the delegating party's account to manage the delegated resources.