Identity and access management is mostly used in enterprises where different roles have different requirements for operation scopes. It allows assigning different product usage permissions to different staff members. When your enterprise has requirements for refined management of multi-user permissions, you can use identity and access management to isolate the permissions of each role.
You can assign permissions to specific IAM users according to your management needs. After permissions are assigned, IAM users can view or operate the modules specified in the permissions.
Various financial permissions and their corresponding operable scopes
Permission policies
Permission name
Permission description
FCFullControlPolicy
Permission to manage the financial system
✅Allowed operations defined by the permission
Allowed to operate financial resource-related modules in the Financial Center, such as funds, invoices, and contracts
Allowed to operate bill query and bill download in the financial center, including bills such as consumption overview, bill details, and cost allocation
Allowed to operate the order module in the financial center, including viewing, paying for, and canceling orders
Allowed to operate the coupon list, including viewing and using coupons
Note: The operations allowed here are for orders that have been successfully created. Permissions for order creation operations such as new purchases and renewals are not within the scope of this permission management
❌Operations not allowed by the permission
Not allowed to operate the renewal module in the financial center, including enabling/disabling automatic renewal, initiating resource renewal, and setting a unified resource expiration date
Not allowed to operate the unsubscription module in the financial center, including initiating resource unsubscription
Note: Currently, only system administrators are allowed to perform unsubscription operations in the financial center
FCOrderCreatePolicy
Permission to create orders
✅Allowed operations defined by the permission
Allowed to create orders
‼️If this permission is not checked, IAM users will not be allowed to place orders by default. To enable IAM users to place orders, please check this permission
Note: This permission only means that order creation requests will not be blocked by the order module. If order creation has been blocked by other preceding permissions, it is not within the scope of this permission management. This permission is only a verification of the order module; after an order is created, the actual creation and execution of the corresponding resource may be restricted by the corresponding product permissions. Therefore, there is no guarantee that the order will be created or executed successfully
This permission only allows order creation. To complete the entire activation process for prepaid resources, please use this permission together with the “Permission to View, Pay, and Cancel Orders” below
FCOrderAccessPolicy
Permission to view, pay, and cancel orders
✅Allowed operations defined by the permission
Allowed to operate the order module in the financial center, including viewing, paying for, and canceling orders
Allowed to operate the coupon list, including viewing and using coupons
Note: The operations allowed here are for orders that have been successfully created. Permissions for order creation operations such as new purchases and renewals are not within the scope of this permission management. For complete order management (creation, viewing, payment, cancellation), please use this permission together with the “Permission to Create Orders” below
FC_RenewOrderAccessPolicy
Renewal administrator permission
✅Allowed operations defined by the permission
Allowed to operate the renewal module in the financial center, including enabling/disabling automatic renewal, initiating resource renewal, and setting a unified resource expiration date
Allowed to operate certain orders, including creating, viewing, canceling, and paying for renewal-type orders
Allowed to select available coupons when creating renewal orders
Note: This permission only allows initiating the creation of renewal orders through renewal operations in the financial center. The subsequent actual creation and execution of the order may be restricted by the corresponding product permissions. Therefore, this permission does not guarantee that the renewal order will be created or executed successfully
FCReadAccessPolicy
Permission to read-only access the financial center
✅Allowed operations defined by the permission
Allowed to view financial resource-related modules in the financial center (such as funds, invoices, and contracts), but not allowed to operate them
Allowed to view and download the bill module in the financial center, including consumption overview, bill details, cost allocation, etc.
Allowed to view the order module in the financial center (including viewing orders), but not allowed to operate orders (such as paying for or canceling orders)
Allowed to view the coupon list, but not allowed to use coupons (available coupons cannot be selected on the order confirmation page)
