The Overview page of the Cloud Access Management Console comprises seven major modules: Access Management Resources, Login URL, Sensitive Operations, High-Level Permission Policies, Last Login Information, Security Analysis Report, and Security Guide.
Overview Page Permission
Users with QcloudCamSummaryAccess policy permissions can log in to the console and view information from all modules.
Users without QcloudCamSummaryAccess policy permissions can only view Login URL and Last Login Information when logging into the console.
The root account and administrator users (AdministratorAccess) already include this policy permission.
Sub-accounts can contact the root account to check whether they have QcloudCamSummaryAccess policy permissions on the User List > User Details page.
The root account can grant QcloudCamSummaryAccess policy to the necessary sub-accounts, allowing them to view all information on the console overview page. For the authorization method, please refer to Authorization Management.
Overview Page Modules
CAM Resources
The Access Management Resources module displays the number of users, user groups, custom policies, roles, and identity providers created under the current root account. You can enter the corresponding creation page by clicking the button below the number.
Login URL
The Login URL module displays the login links for sub-users and WeCom sub-users. Both the root account and sub-accounts can copy the link using the copy button on the right side of the link.
Sub-user Login Link: Applicable to sub-users.
WeCom Sub-user Login Link: Applicable to sub-users created and associated via WeCom.
Sensitive Operations
The Sensitive Operations module displays an overview of all sensitive operations (up to 50) under the current root account in the last 3 days. The displayed information includes: Account ID, Operator ID, Detailed Sensitive Operations, and Operation Time. Users can also view more detailed sensitive operation records in the CloudAudit console by clicking on View All Records.
High-Level Permission Policies
The High-Level Permission Policies module lists preset policies with elevated permissions. It is crucial to monitor users or roles associated with these high privilege policies and allocate permissions appropriately.
Last login information
The Last Login Information module displays the last login time, last login IP, and identity security status of the current account.
Download report
The Download Report module offers the functionality to download User Credential Reports and Security Analysis Reports. You can click the download button to obtain the corresponding report content. The cache validity period for a single report generation is 4 hours.
User Credential Report: This report records the status of all sub-accounts and their user credentials under the current account, such as basic account information, console login status, access keys, and account security settings. You can use this report for compliance auditing.
Security Analysis Reports: Document the current security status of the root and sub-accounts, as well as the risk points we have identified based on the Security Settings Policy and our recommended solutions.
Security Guide
Note
For the security of your accounts and assets in Tencent Cloud, we strongly recommend you complete all the configurations in the security guide.
The security guide module provides basic CAM feature descriptions and necessary security operation guidance, such as binding MFA devices to root accounts, enabling account protection for root accounts, creating sub-accounts, and creating groups and adding sub-accounts.
Operational Permissions: Only the root account has the operational permissions for Root Account MFA Device Binding and Root Account Protection Activation. For the remaining five settings, all authorized users can perform operations.
Guideline Status: Each guideline item is categorized into two states, Unfinished and Completed. The root account can view the status of each guideline item when logged into the console, while sub-accounts with permissions cannot view the status.
Setting Entry: Sub-accounts with permissions can view the corresponding feature introductions and respective setting entries by clicking on the triangle symbol on the left of each guide item. The following image is an example of the Security Guidelines module after the root account logs into the console.