tencent cloud

Feedback

Overview

Last updated: 2022-06-22 15:22:45

    
    Cloud Access Management (CAM) is used to manage the access permissions for the resources under Tencent Cloud accounts. With CAM, you can use the identity management and policy management features to control which Tencent Cloud resources can be accessed by which sub-accounts.

    For example, if your account has HTTPDNS domains deployed in different projects, to strengthen access control, you can authorize resources and assign the admin of project A an authorization policy, specifying that only the admin can manipulate the HTTPDNS domain resources under project A.

    You can skip this section if you don't need to manage the permissions of HTTPDNS resources for sub-users.

    Note:

    Currently, CAM-based access authorization is only supported in the console.

    Basic CAM Concepts

    A root account authorizes sub-accounts by binding policies. The policy settings can be specific to the level of API, Resource, User/User Group, Allow/Deny, and Condition.

    1. Account
    • Root account: The owner of Tencent Cloud resources and the fundamental entity for resource usage, usage calculation, and billing. It can be used to log in to Tencent Cloud services.
    • Sub-account: An account created by the root account. It has a specific ID and identity credential that can be used to log in to the Tencent Cloud console. A root account can create multiple sub-accounts (users). By default, a sub-account does not own any resources and must be authorized by its root account.
    • Identity credential: Includes login credentials and access certificates. Login credential refers to a user's login name and password. Access certificate refers to Tencent Cloud API keys (SecretId and SecretKey).
    1. Resources and permissions
    • Resource: An object that is operated in Tencent Cloud services, such as a CVM instance, a COS bucket, or a VPC instance.

    • Permission: An authorization that allows or forbids users to perform certain operations. By default, the root account has full access to all resources under the account, while a sub-account does not have access to any resources under its root account.

    • Policy: Syntax rule that defines and describes one or more permissions. The root account performs authorization by associating policies with users/user groups.

      For more information, see CAM Overview.

    Relevant Documentation

    Document Description Link
    Relationship between policy and user Policy
    Basic policy structure Policy Syntax
    CAM-enabled products CAM-Enabled Products
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support