If you use services like Tencent Cloud CDC in Tencent Cloud that are managed by different people but share your cloud account keys to these people, the following issues may arise:
The risk of your key being compromised is high since multiple users are sharing it.
You cannot restrict others' access permissions, which can lead to security risks due to potential misoperations.
In this case, you can use sub-accounts to have different people manage different services, thereby avoiding the issues mentioned above. By default, sub-accounts do not have permission to use Tencent Cloud CDC or access Tencent Cloud CDC-related resources. Therefore, you need to create policies to grant sub-accounts the resources or permissions they require.
Cloud Access Management (CAM) helps you securely and conveniently manage access to Tencent Cloud services and resources. With CAM, you can create sub-users, user groups, and roles, and control their access scope through policies. CAM supports SSO capabilities for users and roles, allowing you to set up interoperability between enterprise users and Tencent Cloud based on specific management scenes.
The Tencent Cloud root account you initially created has full access to all services and resources under the account. It is recommended to protect the credentials of the root account, use sub-users or roles for daily access, enable multi-factor authentication, and periodically rotate keys.
When using CAM, you can associate a policy with a user or a group of users. The policy can authorize or deny users the ability to use specified resources to complete specific tasks. For more basic information on CAM policies, see Policy Syntax. For more information on using CAM policies, please see Policies.
Note:
If you do not need to perform CAM for Tencent Cloud CDC-related resource access for sub-accounts, you can skip this section. Skipping these parts will not affect your understanding and use of the rest of the document.
Getting Started
A CAM policy must authorize the use of one or more Tencent Cloud CDC operations or deny the use of one or more Tencent Cloud CDC operations. It must also specify the resources that can be used for the operations (which can be all resources or specific resources for some operations). Additionally, the policy can include conditions set for operating the resources.
Some Tencent Cloud CDC API operations support resource-level permissions. This means that for these types of API operations, you cannot specify a particular resource to use. Instead, you must specify all resources when using these operations.
Task | Reference Documentation |
Basic Policy Structure | |
Defining Operations in the Policy | |
Defining Resources in the Policy | |
Using conditions to restrict policies | |
Resource-level permissions supported by Tencent Cloud CDC | |
Example of CAM |
Yes
No
Was this page helpful?