Known Issues
If you have multiple users managing different Tencent Cloud services such as CVM, VPC, and TencentDB, and they all share your Tencent Cloud account access key, you may face the following problems:
Your key will be easily compromised because it is shared by several users.
Your users might introduce security risks from misoperations due to the lack of user access control.
Solution
You can mitigate these issues by using sub-accounts to allow different users to manage different services. By default, sub-accounts are not permitted use cloud services or access related resources. Therefore, you need to create policies that grant sub-accounts the necessary permissions to use the resources they require.
Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions to your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
When using CAM, you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, see Syntax Logic.
If you do not need to manage the access permission to TencentDB resources for sub-accounts, you can skip this section. This will not affect your understanding and usage of other parts in the documentation.
Getting Started
A CAM policy must either grant or deny permissions for one or more Redis operations and specify the resources that can be used for these operations (all or partial). Additionally, the policy can include conditions set for these operations.
Note:
It is recommended that users utilize CAM policies to manage Redis resources and authorize Redis operations. This approach maintains the existing user experience for users currently using project-based permissions, but it is not advised to continue using project-based permissions for resource management and authorization.
Effectiveness conditions cannot be set for Redis for the time being.
Related Content | Document |
Basic policy structure | |
Operation definition in a policy | |
Resource definition in a policy | |
Resource-level Permissions |