The content of this page has been automatically translated by AI. If you encounter any problems while reading, you can view the corresponding content in Chinese.
Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage the access permissions of resources under your Tencent Cloud account. With CAM, you can create, manage, and terminate users (groups) and use identity and policy management to control user access to Tencent Cloud resources.
Granting Access
Granting access permission means that the user can determine the combination of control capabilities for specific actions on specific resources under specific conditions. Therefore, to describe an access permission behavior, four elements are usually included: identity, resources, actions, and conditions (optional).
Access Authorization Elements
Tencent Cloud identity
When a user registers for a Tencent Cloud account, the system creates a root account identity for logging in to Tencent Cloud services. The Tencent Cloud root account can use the user management feature to manage classified users with different roles. User types include Collaborator, Message Recipient, Sub-user, and role. For specific definitions, see Identity Management and Glossary.
Tencent Cloud TCHouse-P cluster resources
The resources of Tencent Cloud TCHouse-P refer to the TCHouse-P cluster. Access control is also targeted at the TCHouse-P cluster. Typically, in the console, we can see the identifier of Tencent Cloud TCHouse-P, as shown below:
where snova-28fg7yl3 is the unique identifier of the cluster, which can also be understood as the identifier of Tencent Cloud TCHouse-P resources.
Operations of Tencent Cloud TCHouse-P cluster
The operations on the cluster refer to the actions performed by the user in the console of Tencent Cloud TCHouse-P. Basically, each operation can be mapped to a TencentCloud API, such as deleting a cluster or viewing detailed information of a cluster, each having an action identifier. Access control can be performed for actions (read, write) during access control.
Principle of least privilege
When granting authorization, please specify the scope of the permission clearly, specifying what designated user can perform under what conditions, perform what actions, and access what resources.
