Modifying an Account Role

Prerequisites

• The object service has been enabled.
• The access key of an account is in Activated status.

Procedure

1. Choose Resources > Access > Account.
2. Click a desired account name and choose Protocol > Object Service > Role.
3. Locate the row that contains the role to be modified, click More, and select Modify.

   The Modify Account Role page is displayed.

4. Select a trust policy. Possible values are Recommended and Custom.
   • Recommended:
     1. Select an account.
        • Current Account: grants the role permissions to the current account. In this case, users in the current account can use the permissions of this account role to access resources in the account.
        • Another Account: grants the role permissions to another account. In this case, you need to set the ID of the target account. Users in the target account can use the permissions of this account role to access resources in the account.
     2. Determine whether to select Require an external ID. After selecting this option, you need to set an external ID. You can improve the security of the role by requiring external ID authentication. Only users who have passed external ID authentication can use the role.
        

        • An external ID contains 2 to 1224 characters.
        • An external ID can contain only letters, digits, and special characters +=,.@:_/-.
   • Custom: configures related parameters as required.

     For details about how to set trust policy parameters, see the description of parameter TrustPolicy in Role Management > Creating a Role in the Object Service Account Management API Description of the corresponding version.

     

     The policy content must be in JSON format and cannot exceed 2048 characters.

     Example: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"sts:AssumeRole","Principal":{"AWS":"3506696537"}}]}

5. Select a permission policy and assign permissions to the role.

   Click on the right of Permission Policy and select desired policies from the available policies list. They will be automatically added to the selected policies list on the right.

   

   You can click Create Permission Policy to create an account permission policy. For details, see Creating an Account Permission Policy.

6. Click OK.