Scenario
You can download the User Credential Report to obtain the status of all Tencent Cloud sub-accounts and their user credentials, including console login passwords, access keys, and account security settings. This report can be used for compliance audits.
Instructions
1. Log in to the Cloud Access Management Console and navigate to the Overview page.
2. In the Security Analysis Report section, click Download User Credential Report. Follow the prompts to authenticate your identity. The system automatically generates the relevant report.
3. After the report is successfully downloaded, you can proceed to view it locally.
Note
A user credential report in CSV format is generated in the console every four hours. If you click Download User Credential Report within four hours after the last report is generated, you will get the same report rather than a new one.
Report Format
The User Credential Report is in CSV file format. You can open the CSV file with common spreadsheet software for analysis, or build an application to programmatically use the CSV file and perform custom analysis.
The CSV file contains the following information:
Parameter | Description | Value Description |
Account ID | Account ID | Sub-account ID |
Username | Username | Sub-account Username |
UserType | User type | Sub-user: A sub-user Collaborator: Co-author WeWork Sub-user: WeCom Sub-user Message receiver: recipient of the message. For more details, see User Types. |
CreationTime | Creation time | Example: 2019-08-16 9:25:56 |
PasswordEnabled | Is the console password enabled? | TRUE: Enabled FALSE: Not enabled. Console access has been disabled, and no login password has been set. not_supported: N/A. WeWork-Sub-user (WeCom sub-user) logs in by scanning the WeCom QR code and does not have a login password; the message receiver (message recipient) is solely used for receiving messages and does not have a login password; the collaborator logs in using the primary account password and is not applicable to this item. |
PasswordLastRotation | Last Password Modification Time | FALSE: Console access has been disabled, and no login password has been set. not_supported: N/A. WeWork-Sub-user (WeCom sub-user) logs in by scanning the WeCom QR code and does not have a login password; the message receiver (message recipient) is solely used for receiving messages and does not have a login password; the collaborator logs in using the primary account password and is not applicable to this item. |
LoginConsoleActive | Support for console login | TRUE: Supported FALSE: Unsupported not_supported: N/A. The message receiver is solely used for receiving messages and does not have a login password; the collaborator logs in using the primary account identity and is not applicable to this item. |
LoginProtectionActive | Is login protection enabled? | TRUE: Enabled FALSE: Not enabled not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
OperationProtectionActive | Is operation protection enabled? | TRUE: Enabled FALSE: Not enabled not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
MFADeviceActive | Is MFA Enabled? | TRUE: Enabled FALSE: Not enabled not_supported: N/A. The message receiver is only used for receiving messages and does not have a login password; the Sub-user has not bound any contact methods (mobile, WeChat). |
Abnormal LoginsNumWithin30Days | Unusual Logins in the Past 30 Days | TRUE: Unusual logins detected. FALSE: No unusual login activity detected. |
AccessKey1SecretId | SecretId of Key 1 | N/A: No key |
AccessKey1MayBeAtRisk | Does Key 1 pose a risk of leakage? | TRUE: Exposed to leakage risks FALSE: No risk N/A: No Key 1 not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey1CreationTime | Creation Time of Key 1 | N/A: No Key 1 not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey1Status | Key 1 Status | Active: Enabled Disable: Disabled N/A: No Key 1 not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey1lastUsedDate | Last usage time of Key 1 | N/A: No Key 1 not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey1CreatedOver90Days | Has Key 1 been created for more than 90 days? | N/A: No Key 1 not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey1CreatedOver30Days | Has Key 1 been created for more than 30 days? | N/A: No Key 1 not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey2SecretId | SecretId of Key 2 | N/A: No second key |
AccessKey2MayBeAtRisk | Does Key 2 pose a risk of leakage? | TRUE: Exposed to leakage risks FALSE: No risk N/A: No second key not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey2CreationTime | Creation Time of Key 2 | N/A: No second key not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey2Status | Key 2 Status | Active: Enabled Disable: Disabled N/A: No second key not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey2lastUsedDate | Last usage time of Key 2 | N/A: No second key not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey2CreatedOver90Days | Has Key 2 been created for more than 90 days? | N/A: No second key not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
AccessKey2CreatedOver30Days | Has Key 2 been created for more than 30 days? | N/A: No second key not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password. |
Last Console Login Time | Last Console Login Time | N/A: No records available not_supported: Console login not supported |