How to authorize based on a no permission error? #

When the IAM identity has no permissions, a No Permissions error is returned when using the Cloud Product Console or calling the API, at which point the administrator can authorize based on the No Permissions error message. The following is a specific example to introduce the detailed operation process:

1. Get permissionless information: When your enterprise cloud personnel access the Cloud as a Service console, if they encounter a permissionless problem, the following prompt window will appear:! [alt] ( https://portal.volccdn.com/obj/volcfe/cloud-universal-doc/upload_d14c7f98955f2026764047a968ef2aa8.png = 500x)

Enterprise cloud users will usually provide you with a screenshot or copy of this error without permission information. The following is an example of copied permissionless information:

The following is the user (ios) no permission information, you can go to "Access Control" to authorize, address: (https://console.volcengine.com/iam). Help documentation: https://www.volcengine.com/docs/6257/1143911 
User: ios 
Service: ec
Operation: Query the list of instances (DescribeInstances)

2. Authorize based on no-permission information: Go to the Access Control User Management List , search for user "ios" in the user list, and click "Add Permissions" in the actions column.
   After entering the authorization page, start looking for the permissions you want to add. According to the no permission information, the user is missing the permission to ECS, so the permission of ECS can be filtered first.
   At this point, you can see the system policies preset ECS permissions.
   You can refer to the "Permission Levels" and "Policy Notes" columns for specific purposes of permissions. For example, if you want to grant users full administrative rights to ECS, you can select the "ECSFullAccess" policy, check it, and click Submit, the permissions will take effect immediately, and the user will have full administrative rights to ECS, and can use the Cloud as a Service console normally.

Use project authorization #

If your enterprise uses resource projects for permission division, you can refer to the above steps. After selecting the permissions to be granted, check the items that need to be added. After submission, the user's permissions will be limited to the project.

After authorizing by project, the console still prompts a No Permissions error?

After authorizing by project, if there is still a no permission error in the console, it may be that the project with permission is not selected in the top navigation. At this time, you need to use the cloud staff to switch to the project with permission (instead of selecting all resources).
Note that some Cloud as a Service does not support project-by-project management. At this time, you cannot authorize by project. You need to adjust the authorization to unlimited projects.
Cloud as a Service that does not support projects typically has the following scenarios:

1. Platform global class services such as expense center and access control do not distinguish between resource items, so project authorization cannot be used, and need to be adjusted to global authorization.
2. Some Cloud as a Service does not support dividing resources into projects for the time being, so per-project authorization will not take effect. Please adjust to global authorization.
3. A small number of product features in some Cloud as a Service are not specific to cloud resources (such as in-product inquiries, overall usage inquiries), so per-project authorization will not be effective. In the face of such a situation, if the lack of this part of the permissions does not affect the access to resources within the project, you can ignore this part of the no permissions prompt; if the lack of this part of the permissions affects the normal use of the product, it is recommended that you refer to the product documentation to find out whether the product alone provides a default policy that requires global authorization for such scenarios. If in doubt, you can initiate a work order for cloud products for consultation.