What is a project authorization? #

Project authorization supports additional project scope selection based on the original Add Policy authorization to limit permissions to the specified project.

For example, when a user is granted ECSFullAccess (full administrative rights for Cloud as a Service), if the project is not restricted, the user will have administrative rights to all instances of Cloud as a Service; if the policy is restricted to the specified project, the user only has the authority to manage Cloud as a Service instances in the project, and cannot manage other Cloud as a Service instances in the unspecified project.

Scenarios where project authorization cannot be used #

1. Platform global class services such as expense center and API key do not distinguish between resource items, so project authorization cannot be used.
2. Some Cloud as a Service resources do not currently support partitioning resources into projects, so per-project licensing will not take effect.
3. Some product features of Cloud as a Service are not specific to cloud resources (such as in-product inquiries, overall usage inquiries), so per-project authorization will not be effective.

For scenarios where project authorization cannot be used, please add permission policies directly at the time of authorization without limiting the scope of the project.