Grant user API key management permissions--IAM-Volcengine

Docs

IAM

Quickstarts

Grant user API key management permissions

How to grant key management privileges to child users

The key management function supports rights management through access control. When you create an IAM user, the user will not have key management permissions by default. You can add the following policies for child users, and the corresponding permissions will work as follows:

policy name	permission effect
AccessKeyFullAccess	Manage keys for all IAM users
AccessKeyReadOnlyAccess	View the keys of all IAM users
AccessKeySelfManageAccess	Only manage the user's own keys

You can also customize policies to define permissions to manage the keys of a specified user. For example, the following policies allow you to create, delete, view, and update the keys of Bob, a child of the main account 2000012345:

{ 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "iam:CreateAccessKey", 
                "iam:DeleteAccessKey", 
                "iam:UpdateAccessKey", 
                "iam:ListAccessKeys", 
                "iam:ListSecretKeys" 
            ], 
            "Resource": [ 
                "trn:iam::2000012345:user/Bob" 
            ] 
        } 
    ] 
}

Last updated: 2025.06.23 19:21:32

IAM

How to grant key management privileges to child users #

How to grant key management privileges to child users