If you build a multi-account system for your enterprise in a resource directory, we recommend that you use the management account of the resource directory to perform organization management tasks, and use a delegated administrator account to perform business management tasks for specific cloud services. This meets duty-related and security-related requirements. For example, you can add a delegated administrator account for Service Catalog and then use the delegated administrator account to manage product portfolio sharing among multiple accounts.

Prerequisites

You are granted the administrative rights of Service Catalog. For more information, see Grant permissions to the administrator

Background information

  • You must use the management account of a resource directory to add or remove a delegated administrator account.
  • You can add only one delegated administrator account for Service Catalog in a resource directory.

Add a delegated administrator account

  1. Log on to the Resource Management console by using the management account of your resource directory.
  2. In the left-side navigation pane, choose Resource Directory > Trusted Services.
  3. On the Trusted Services page, find Service Catalog and click Manage in the Actions column.
  4. In the Delegated Administrator Accounts section of the page that appears, click Add.
  5. In the Add Delegated Administrator Account panel, select a member.
  6. Click OK.
    After the account is added, you can use the account to manage multiple accounts of Service Catalog in a centralized manner. For example, you can share the configurations of a product portfolio that belongs to one account with other accounts.

Remove the delegated administrator account

  1. Log on to the Resource Management console by using the management account of your resource directory.
  2. In the left-side navigation pane, choose Resource Directory > Trusted Services.
  3. On the Trusted Services page, find Service Catalog and click Manage in the Actions column.
  4. In the Delegated Administrator Accounts section of the page that appears, find the delegated administrator account that you want to remove, and click Remove in the Actions column.
  5. In the Warning message, click Continue.
    After you remove the delegated administrator account, you cannot use the account to access the information about the resource directory. In addition, you cannot view the structure and the members of the resource directory.