Agency is a trust relationship between a delegating account and a delegated account. By creating an agency, you can grant permissions to another account or cloud service for resource management.
This section uses account A and account B as an example to describe how to delegate an account to manage resources under another account.
- Account A creates an agency to delegate resource access to account B.Figure 1 Creating an agency
- Account B grants user Randolph permissions for managing account A's resources.
- Create a user group (for example, Agency), and grant resource management permissions to the user group.
- Add user Randolph to user group Agency.
Figure 2 Delegating resource access
- User Randolph of account B manages the resources in account A.
- Randolph logs in to the cloud system and switches the role to account A.
- Job switches to project A.
- Job manages the resources in account A based on assigned permissions.
Figure 3 Managing resources based on agency permissions