For Tencent Cloud development resources, different teams or users in different companies or departments need different access permissions. You can set different operation permissions on cloud development through Cloud Access Management (CAM) to enable collaboration among different teams or users.
User Type
Cloud development involves root account and sub-account types of users in CAM, with the account definitions as follows:
Account Type | Root Account | Sub-Accounts and Sub-Users |
Definition | Owns all Tencent Cloud resources, and can access any of the resources. It is not recommended to use the root account for resource operations. Instead, create sub-accounts and assign policies based on the principle of least privilege, using sub-accounts with limited permissions to manage your cloud resources. | Created by the root account and fully owned by the root account that created it. |
Permissions
Permissions describe the ability to allow or deny the execution of certain actions to access specific resources under certain conditions.
Note:
By default, a root account is the resource owner and has full access to all resources under the account, while a sub-account does not have access to any resources and needs to be authorized by the root account.
Policies
A policy is a syntax rule used to define and describe one or more permissions. Tencent Cloud supports two types of policies: preset policies and custom policies. If you need to add permissions to a CAM user or group, you can directly associate a preset policy or create a custom policy for association. Each policy can contain multiple permissions, and you can also choose to bind multiple policies to one CAM user or group.
Preset Policy
Preset policies are created and managed by cloud development. You can directly select preset policies to simplify permission management operations. Preset policies are system-defined and cannot be edited by users. For details, see Using TCB Preset Policy Authorization.
Custom Policies
Custom policies are user-defined permission sets that describe resource management in a more refined way, allowing fine-grained permission division to flexibly meet your differentiated permission management needs. You can set fine-grained permissions for different environments. For details, see Authorizing by using custom policies.