tencent cloud

Boost Engagement with Tencent RTC Free TrialFree video and chat features await!

Feedback

Tencent Cloud Observability Platform

Granting Tencent Cloud Service Permissions

Last updated: 2024-01-27 17:35:59
Tencent Cloud Observability Platform (TCOP) allows a root account to grant a sub-account access permissions via Cloud Access Management (CAM). This document describes how to manage access permissions for a sub-account.

Overview

By default, a root account is the resource owner and has full access to all resources in the account, while a sub-account has no access to any resources. The root account must grant a sub-account access permissions for the sub-account to access resources. You can use your root account to log in to the CAM console and grant a sub-account access permissions. For more information, see Authorization Management.
TCOP policies are subject to the policies of other Tencent Cloud services. When granting TCOP permissions to a sub-account, you also need to grant the corresponding cloud service permissions so that the Tencent Cloud Observability Platform permissions can take effect.
Note:
Permissions are used to allow or deny operations to access specific resources under certain conditions.
Policies are syntax rules used to define and describe one or more permissions.

Common Permission Configurations

Note:
Below takes CVM permission configuration as an example. For more information on how to grant permissions for other Tencent Cloud services, see the following scenarios and TCOP-related Tencent Cloud service policies.

Common permissions

Permission list

Permission Type
Permission Name
TCOP permission
QcloudMonitorFullAccess (full read/write permissions) and QcloudMonitorReadOnlyAccess (read-only permissions)
CVM permission
QcloudCVMFullAccess (full read/write permissions) or QcloudCVMReadOnlyAccess (read-only permissions)

Features and permissions

Note:
You must authorize a role or grant the access permissions of all Tencent Cloud services to a sub-account so that the sub-account can normally access the Monitor Overview page, because the access permissions of multiple services are involved here.
Feature
Operation Permissions
Access Permissions
QcloudMonitorFullAccess
QcloudMonitorReadOnlyAccess
QcloudMonitorFullAccess
QcloudMonitorReadOnlyAccess
Dashboard
×
Instance group
Integration center
×
Resource consumption
×
Alarm record
Alarm policy
×
Trigger condition template
×
Notification template
×
Traffic monitoring
Tencent Cloud service monitoring
Note:
A user with full read/write access permissions for particular Tencent Cloud services also has full read/write access to TCOP resources by default. For example, if you have the full read/write access permission (QcloudCVMFullAccess) for CVM, you’ll have full read/write access to TCOP resources by default. You can go to CAM Console > Policies and click a policy name to check the access to what resources is allowed by this policy.


Note:
If you have been properly granted TCOP permissions, you can access Tencent Cloud service resources with the read-only permission for them. The following table lists permissions for some Tencent Cloud services. For more information, see CAM-Enabled Products.
Tencent Cloud Service
Policy
Permission Description
Reference
QcloudCVMFullAccess
Full access permissions for CVM, including monitoring permissions for CVM, CLB and VPC
QcloudCVMReadOnlyAccess
Read-only permissions for CVM resources
QcloudCDBFullAccess
Full access permissions for TencentDB for MySQL, including the access to TencentDB for MySQL, as well as the security group, monitoring, user group, COS, VPC and KMS permissions related to TencentDB for MySQL.
QcloudCDBReadOnlyAccess
Read-only permissions for TencentDB for MySQL resources
QcloudMongoDBFullAccess
Full access permissions for TencentDB for MongoDB
QcloudMongoDBReadOnlyAccess
Read-only permissions for TencentDB for MongoDB
QcloudRedisFullAccess
Full access permissions for TencentDB for Redis
QcloudRedisReadOnlyAccess
Read-only permissions for TencentDB for Redis
QcloudTcaplusDBFullAccess
Full access permissions for TencentDB for TcaplusDB
Overview
QcloudTcaplusDBReadOnlyAccess
Read-only permissions for TencentDB for TcaplusDB
TDSQL for PostgreSQL
QcloudTBaseReadOnlyAccess
Read-only permissions for TDSQL for PostgreSQL
-
QcloudElasticsearchServiceFullAccess
Full access permissions for Elasticsearch Service
QcloudElasticsearchServiceReadOnlyAccess
Read-only permissions for Elasticsearch Service
QcloudVPCFullAccess
Full access permissions for VPC
QcloudVPCReadOnlyAccess
Read-only permissions for VPC
QcloudDCFullAccess
Full access permissions for DC
-
QcloudCmqQueueFullAccess
Full access permissions for CMQ, including permissions for queues and Tencent Cloud Observability Platform
-
QcloudCKafkaFullAccess
Full access permissions for Message Queue CKafka
QcloudCkafkaReadOnlyAccess
Read-only permissions for Message Queue Ckafka
QcloudCOSFullAccess
Full access permissions for COS
QcloudCOSReadOnlyAccess
Read-only permissions for COS
QcloudCLBFullAccess
Full access permissions for CLB
QcloudCLBReadOnlyAccess
Read-only permissions for CLB
QcloudCFSFullAccess
Full access permissions for CFS
QcloudCFSReadOnlyAccess
Read-only permissions for CFS

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon