tencent cloud

Feedback

Overview

Last updated: 2023-11-09 15:05:36

    Issues

    If you have multiple users managing different Tencent Cloud services such as CVM, VPC, and TencentDB, and they all share your Tencent Cloud account access key, you may face the following problems:
    Your key will be easily compromised because it is shared by several users.
    You cannot restrict the access from other users and your service will be vulnerable to the security risks caused by their maloperations.

    Solutions

    In this case, you can use sub-accounts to enable different users to manage different services to avoid such problems. By default, sub-accounts don't have the permissions to use cloud services or related resources. Therefore, you need to create policies to allow sub-accounts to have the permissions they need.
    Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access to your Tencent Cloud resources. With CAM, you can create, manage terminate users (groups) and use identity and policy management to control what users can use what Tencent Cloud resources.
    You can use CAM to bind a user or user group to a policy which allows or denies them access to specified resources to complete specified tasks. For more information on CAM, see Element Reference and Policies.
    You can skip this section if you don't need to manage permissions to TencentDB resources for sub-accounts. Doing so doesn't affect your understanding and use of the rest of the documentation.

    Getting started

    A CAM policy must authorize or deny the use of one or more TDSQL-C for MySQL operations. At the same time, it must specify the resources that can be used for the operations (which can be all resources or partial resources for certain operations). A policy can also include the conditions set for the manipulated resources.
    Note:
    CAM policies are preferred over projects for managing resources and authorizing operations of TDSQL-C for MySQL, even though the user experience for current users with project-based permissions remains unaffected.
    Effectiveness conditions cannot be set for TDSQL-C for MySQL for the time being.
    Relevant Information
    Link
    Basic policy structure
    Operation definition in a policy
    Resource definition in a policy
    Resource-level permissions
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support