Virtual Private Cloud
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- VPC Connections
- Operation Guide
- Virtual Private Cloud (VPC)
- Classiclink
- Subnets
- Route Tables
- IPs and ENIs
- Network Connection
- Security Management
- Security Groups
- Managing Security Groups
- Managing Security Group Rules
- Network ACL
- Parameter Template
- Diagnostic Tools
- Traffic Mirroring
- Practical Tutorial
- Migrating from the Classic Network to VPC
- Best Practices of Security Group Change
- Troubleshooting
- API Documentation
- Making API Requests
- VPC APIs
- Route Table APIs
- Elastic Public IP APIs
- Elastic IPv6 APIs
- Highly Available Virtual IP APIs
- ENI APIs
- Bandwidth Package APIs
- NAT Gateway APIs
- Direct Connect Gateway APIs
- Cloud Connect Network APIs
- Network ACL APIs
- Network Detection-Related APIs
- Flow Log APIs
- Gateway Traffic Monitor APIs
- Private Link APIs
- Other APIs
- Subnet APIs
- VPN Gateway APIs
- Security Group APIs
- Network Parameter Template-Related APIs
- Snapshot Policy APIs
- FAQs
DocumentationVirtual Private CloudOperation GuideSecurity ManagementAccess ManagementCloud Access Management Overview
Cloud Access Management Overview
Last updated: 2024-10-22 16:16:08
If you are using multiple Tencent Cloud services such as VPC, CVM, and TencentDB that are managed by different users sharing your Tencent Cloud account key, you may encounter the following problems:
Your key is shared by multiple users, which poses a high risk of leakage.
You cannot limit the access permissions of other users, which poses a security risk due to potential misoperation.
To prevent these problems, you can use sub-accounts to allow different users to manage different services. By default, a sub-account has no permission to use a CVM or CVM-related resources. Therefore, you need to create a policy to grant the required resources or permissions to sub-accounts.
Overview
Cloud Access Management (CAM) is a web service provided by Tencent Cloud to help customers manage the permissions to access resources under their Tencent Cloud accounts in a secure way. You can use CAM to create, manage, and terminate users (or user groups), and use identity management and policy management to control Tencent Cloud resources that can be used by each user.
When using CAM, you can associate a policy to a user or a group of users. The policy can authorize or deny users’ requests of using specified resources to complete specified tasks.
For more basic information on CAM policies, see Syntax Logic.
For more usage information on CAM policies, see Policies.
If you do not need to manage the access permissions of sub-accounts for VPC resources, you can skip this section. This will not affect your understanding and usage of other parts in the document.
Getting Started
A CAM policy must authorize or deny the use of one or more VPC operations. At the same time, it must specify the resources (which can be all resources or partial resources for certain operations) that can be used for the operations. The policy can also include the conditions set for the operation resources.
Some VPC API operations support resource-level permissions. That is, when calling these APIs, you cannot specify some resources for the operations. Instead, you must specify all resources for the operations.
Task | Link |
Basic structure of a policy | Policy Syntax |
Define operations in the policy | VPC Operations |
Define resources in the policy | VPC Resource Paths |
Resource-level permissions supported by VPC | |
Console example |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No