The content of this page has been automatically translated by AI. If you encounter any problems while reading, you can view the corresponding content in Chinese.

CAM Overview

Last updated: 2024-10-15 17:33:48

Known issues

If you use multiple Tencent Cloud services such as TcaplusDB, VPC, CVM, and TencentDB that are managed by different users sharing your Tencent Cloud account key, you may face the following problems:
The risk of your key being compromised is high since multiple users are sharing it.
The access permission of other users is not under control. They can introduce security risks caused by misoperations.

Solution

You can allow different users to manage different services through sub-accounts so as to avoid the above problems. By default, a sub-account doesn't have permission to use the TcaplusDB service or resources. Therefore, you need to create a policy to grant the required permission to the sub-account.
CAM (Cloud Access Management, CAM) can help you securely and conveniently manage access to Tencent Cloud services and resources. You can use CAM to create sub-users, user groups, and roles, and control their access scope via policies. CAM supports SSO capabilities for users and roles. You can set up interoperability between enterprise users and Tencent Cloud according to specific management scenarios. Your initially created Tencent Cloud root account has full access to all Tencent Cloud services and resources within the account. It is recommended to safeguard the credentials of the root account, use sub-users or roles for daily access, and enable multi-factor authentication and scheduled key rotation.
When using CAM, you can associate a policy with a user or user group to allow or deny them to use specified resources to complete specified tasks. For more basic information about CAM policies, please see Policy Syntax.
If you do not need to manage CAM for TcaplusDB resources of sub-accounts, you can skip this chapter. Skipping these sections will not affect your understanding and use of the other parts of the document.

Quick Start

A CAM policy must either allow or deny one or more TcaplusDB operations. You must also specify which resources can be used for the operations (it can be all resources or part of the resources for some operations), and the policy can include conditions where the resources can be used.
Some TencentCloud API operations for TcaplsuDB do not support resource-level permissions, which means that you cannot specify resources when using those API operations but must specify all resources.
Task
Link
Basic Policy Structure
Defining Operations in the Policy
Defining Resources in A Policy
Resource-level Permissions supported by TcaplusDB
Console Example