tencent cloud

CAM Overview
Download PDF
Last updated:2026-01-13 15:02:14
CAM Overview
Last updated: 2026-01-13 15:02:14
Download PDF

CAM Overview

Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions, resources, and use permissions of your Tencent Cloud account. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
When using EMR, you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, see Element Reference. For more information on how to use CAM policies, see Policy.
When using Tencent Cloud EMR, different departments and roles need different permissions in order to avoid security risks such as leakages and maloperations. To this end, you can assign different permissions to different users through sub-accounts. By default, a sub-account does not have the permission to use EMR or related resources. Therefore, you need to create a policy to grant the required permission to the sub-account first.

CAM Overview

CAM Policy Use Cases

Applicable Scenario
Permission Granularity
Operation
Link
When enabling EMR service for the first time, you need to authorize EMR the permission to access cloud services (including CVM, CBS, and TencentDB) using the service roles.
Permission for EMR to access cloud resources
Authorize an EMR preset service role.
When creating or using an EMR cluster, if access to Cloud Object Storage (COS) is required, you need to authorize EMR the permission to access COS using service-related roles.
Permission for EMR to access all COS resources
Authorize an EMR preset service-related role.
If you need to granularly specify cluster access permissions to the corresponding COS resources, you can set a custom service role as needed.
Access management for EMR to access specified COS buckets
Create a custom service role and authorize and complete authorization.
Depending on authorization requirements, you can grant different granularity operation permissions to sub-users or collaborators through preset policies.
Access permissions for sub-users or collaborators to access EMR
Authorize a collaborator or sub-user based on preset policies.
Depending on authorization requirements, you can grant different granularity operation permissions to sub-users or collaborators through custom permission policies.
Access permissions for sub-users or collaborators to access EMR
Create a custom permission policy and associate the policy to the sub-account.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback