tencent cloud

Feedback

CAM Overview

Last updated: 2024-01-18 17:23:30

    Issues

    If you use Tencent Cloud services, including CVM, VPC, and TencentDB, which are managed by different people who share your Tencent Cloud account key, the following issues may arise:
    There is a high risk of key leakage because the key is shared among multiple individuals.
    The absence of limitations on other users' access rights may easily lead to incorrect operations, causing security risks.

    Solutions

    You can avoid the issues above by providing different users with sub-accounts, permitting them to manage different services. By default, a sub-account does not possess the authorization to utilize Tencent Cloud services or the related resources. Consequently, we should formulate a policy to allow sub-accounts to use the resources and permissions they need.
    Cloud Access Management (CAM) aids in the secure and convenient management of access to Tencent Cloud services and resources. With CAM, you can create sub-accounts, user groups, and roles, controlling their access scope through a policy. CAM supports SSO capabilities for users and roles, allowing targeted settings for interaction between corporate users and Tencent Cloud based on specific management circumstances. Your initially created Tencent Cloud root account possesses complete access to all Tencent Cloud services and resources. It is recommended to safeguard your root account credentials, utilize sub-accounts or roles for daily access, enable multi-factor authentication, and change keys regularly.
    While CAM is used, a policy can be associated with a user or a group of users to allow or reject the use of specific resources by users to accomplish designated tasks. For more information on CAM policies, please refer to Policy Syntax.
    If you do not need to manage the CAM of the related resources of the Tencent Cloud Database for the sub-accounts, you may bypass this part. It will not impede your comprehension or usage of the remaining parts in this document.

    Quick Start

    A CAM policy must authorize or deny the use of one or more cloud database operations. Simultaneously, it must specify the resources that can be used for these operations, which could be all the resources (some operations can also be partial resources). The policy can also encompass the conditions stipulated for the operated resources.
    Note:
    Users are recommended to use CAM policies to manageTencentDB resources and authorize TencentDB operations. While the experience for existing users with project-based permissions remains unchanged, it is not suggested to continue resource management and operation authorization with project-based permissions.
    The TencentDB does not support the setting of related validity conditions for the time being.
    Task
    Link
    Understanding the fundamental structure of policies
    Defining operations in a policy
    Defining resources in a policy
    Resource-level permissions supported by TencentDB
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support