Quick Configuration

Last updated: 2020-12-14 11:53:22

    This document describes how to create and authorize sub-users. If you have never used Tencent Cloud Access Management (CAM), please read this document for more information on the configuration.

    TPNS uses CAM for permission management. You need to authorize applications, create sub-users, and grant application permissions to the sub-users. For detailed directions, please see the following sections.

    Creating a Sub-User

    1. Log in to the CAM console and click Create User.

    2. The following describes the custom creation method. Click Custom Create to enter the Create Sub-user page.

    3. Configure the login information of the sub-user as instructed and grant the sub-user application permissions on the Setting User Permission page.

    Granting Application Permissions

    Granting permissions of all applications in a centralized manner

    1. Continue from the last step in the previous section as shown below:

    2. Enter "TPNS" in the search box. In the search results, there are two default preset permissions as listed below:

    Policy Name Permission Scope
    QcloudTPNSFullAccess Grants all permissions of all applications under the root account
    QcloudTPNSReadOnlyAccess Grants read and push permissions of all applications under the root account

    Granting permissions of selected applications

    1. Click Create Custom Policy.

    2. On the displayed page, select Create by Policy Syntax as shown below.

    3. Select Blank Template.

    4. Click Next to enter the syntax creation page as shown below.

    Copy the following syntax code:

        "version": "2.0",
        "statement": [
                "action": [
                "resource": [
                "effect": "allow"
                "action": [
                "resource": [
                "effect": "allow"

    Replace parameters in the syntax code as follows:

    • Replace the ID of the root account: enter the Account Info page under the current root account, copy the account ID, and replace 1000000000 in the syntax above with it.


      If your current login account is a collaborator or sub-account, you need to get the account ID from the owner of the root account that grants you permissions.

    • Replace the application Access_ID: log in to the TPNS console, copy the Access_ID of the application whose permissions you want to grant, and replace 1500000000 in the syntax above with it. If you want to grant permissions of multiple applications, you can change resource to:
      "qcs::tpns::uin/1000000000:app/{application Access_ID1}","qcs::tpns::uin/1000000000:app/{application Access_ID2}"


    Please delete "{" and "}" in actual use. For detailed directions, please see Advanced Custom Configuration.

    1. Return to the user creation page.

    Search for the created policy by name, select it, click Next, and click Complete.
    6. After the permission configuration, you can select Sub-User Login on the login page to verify the account permissions.