TencentDB for DBbrain
- Release Notes and Announcements
- Product Introduction
- Operation Guide
- Cloud Access Management
- Monitoring and Alarms
- MySQL/TDSQL-C for MySQL Performance Optimization
- Redis Performance Optimization
- MongoDB Performance Optimization
- Full-Link Analysis
- Practical Tutorial
- API Documentation
- Making API Requests
- Redis related APIs
- Health Report Email Sending APIs
- Exception Detection APIs
- Session Killing APIs
- Space Analysis APIs
- Slow Log Analysis APIs
- Security Audit APIs
- Database Audit APIs
- Other APIs
- DBbrain APIs 2019-10-16
- Making API Requests
- Slow Log Analysis APIs
- Exception Detection APIs
- Other APIs
- Health Report Email Sending APIs
Overview
Last updated: 2022-09-01 18:34:46
Issues
If you have multiple users managing different Tencent Cloud services such as CVM, VPC, and TencentDB, and they all share your Tencent Cloud account access key, you may face the following problems:
The risk of your key being compromised is high since multiple users are sharing it.
Your users might introduce security risks from maloperations due to the lack of user access control.
Solution
You can avoid the above problems by allowing different users to manage different services through sub-accounts. By default, sub-accounts don't have permissions to use Tencent Cloud services or resources. Therefore, you need to create policies to grant them different permissions.
Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions of your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
When using CAM, you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, see Element Reference.
If you do not need to manage the access permissions to DBbrain resources for sub-accounts, you can skip this chapter. Skipping this chapter will not affect your understanding and usage of other parts in the documentation.
Getting started
A CAM policy must authorize or deny the use of one or more DBbrain operations. At the same time, it must specify the resources that can be used for the operations (which can be all resources or partial resources for certain operations). A policy can also include the conditions set for the manipulated resources.
Note:
We recommend you manage DBbrain resources and authorize DBbrain operations through CAM policies. Although the user experience does not change for existing users who are granted permissions by project, we do not recommend you continue to manage resources and authorize operations in a project-based manner.
Currently, DBbrain does not support setting conditions for policies.
Task | Document |
Quickly authorize a sub-user | |
Learn more about the basic policy structure | |
Define operations in a policy | |
Define resources in a policy | |
View supported resource-level permissions |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No