You can use CAM policies to grant users permission to view and use specific resources in the Tencent Cloud CDC. This document provides examples of permissions for viewing and using specific resources, guiding users on how to use policies for specific parts of the console.
Operation Example
Full Read-Write Policy of Tencent Cloud CDC
If you want to grant users the permission to create and manage Tencent Cloud CDC-related instances, you can assign them the policy named
QcloudCDCFullAccess. This policy allows users to perform operations on all resources within the Tencent Cloud CDC. The specific directions are as follows:Read-Only Policy of Tencent Cloud CDC
If you want to grant a user permission to query Tencent Cloud CDC-related data without the ability to create or delete it, you can assign them the QcloudCDCReadOnlyAccess policy. This policy allows the user to perform all operations that begin with the words Describe and Inquiry in the Tencent Cloud CDC. The specific directions are as follows:
Authorize users to have specific Tencent Cloud CDC operation permissions.
If you want to grant a user specific Tencent Cloud CDC operation permissions, you can associate specific policies with that user. The detailed directions are as follows:
1. According to the Policies, create a custom policy that allows viewing CBS information in the Tencent Cloud CDC console, as well as permissions to create and use the CBS.
You can refer to the following policy syntax to set the policy content:
{"version": "2.0","statement":[{"effect": "allow","action": ["name/cdc:CreateSite","name/cdc:CreateDedicatedCluster"],"resource": ["qcs::cdc::uin/1410643447:*"]}]}
2. Find the policy you created and click Associate User/User Group in the Operation column of the policy line.
3. In the Associate User/User Group pop-up window, select the user/user group you want to authorize and click OK.
Authorize users to have Tencent Cloud CDC operation permissions for specific regions.
If you want to grant a user Tencent Cloud CDC operation permissions for a specific region, you can associate the following policies with that user. The detailed directions are as follows:
1. According to Policy , create a custom policy that allows users to have Tencent Cloud CDC operation permissions for the Guangzhou region.
You can refer to the following policy syntax to set the policy content:
{"version": "2.0","statement":[{"action": "cdc:*","resource": "qcs::cdc:ap-guangzhou::*","effect": "allow"}]}
2. Find the created policy, and click Bind User/Group in the Operation column for that policy.
3. In the Associate User/User Group pop-up window, select the user/user group you want to authorize and click OK.
Authorize the sub-account to have all the permissions of Tencent Cloud CDC, but not including payment permissions.
Suppose there is a sub-account (Developer) under the enterprise account (CompanyExample; ownerUin: 12345678). This sub-account needs all management permissions (for example, create, manage, and other operations.) for the enterprise's Tencent Cloud CDC services without payment permissions (can place orders but cannot make payments). This can be achieved in the following two solutions:
Solution A
The enterprise account, CompanyExample, directly grants the preset policy QcloudCDCFullAccess to the sub-account, Developer.
Solution B
1.1 Create a custom policy using the following policy syntax.
{"version": "2.0","statement":[{"effect": "allow","action": "cdc:*","resource": "*"}]}
1.2 Grant this policy to the sub-account. For authorization methods, see Authorization Management.
Custom Policies
If you feel that the preset policies do not meet your requirements, you can also create custom policies.
Yes
No
Was this page helpful?