• Identity and Access Management

iam
  1. Help Center
  2. Identity and Access Management
  3. User Guide
  4. User Guide
  5. Agency Management
  6. Creating an Agency (by a Delegating Party)

Creating an Agency (by a Delegating Party)

By creating an agency, you can share your resources with other accounts, or delegate more professional personnel or teams to manage your resources. The delegated account can log in to the cloud system and switch to your account to manage your resources. You do not need to share security credentials (such as passwords and access keys) with other accounts, ensuring the security of your account.

Procedure

  1. In the navigation pane, choose Agencies.
  2. On the Agencies page, click Create Agency.
  3. Specify Agency Name and Agency Type.

    Table 1 Agency types

    Agency Type

    Description

    Common account

    Common accounts in the cloud system. This agency type is used to share resources with other accounts or delegate other accounts to manage the resources in your account.

    Cloud service

    Services in the cloud system. This agency type is used to authorize cloud services to access or maintain user data. For example, after an agency with ECS is created, ECS can obtain users' access keys to call APIs, facilitating O&M and monitoring.

    NOTE:

    After you create an agency with Agency Type set to Cloud service, the agency cannot be modified.

    • If you set Agency Type to Common account, enter the domain name of a common account for which the trust relationship is to be established in Delegated Account.
    • If you set Agency Type to Cloud service, click Select and set the cloud service.

  4. Set Validity Period and enter Description.
  5. In the Permissions area, locate the row that contains the target region and project and click Modify in the Operation column, and select policies for the delegating enterprise.

    NOTE:

    For details about the permissions, see Permission Description.

  6. Click OK.

    The newly created agency is displayed in the agency list. The delegated account can manage resources in the delegating account by switching the role.

Follow-up Operation

In the agency list, you can click Modify in the row that contains the newly created agency to modify the basic information about the agency, such as the permissions and validity period of the agency.

NOTE:

You can only modify an agency whose Agency Type is set to Common account.