Assume that you are using multiple Tencent Cloud services, such as Game Server Elastic-scaling (GSE), VPC and TencentDB. These services are managed by different users who all share your Tencent Cloud account key. Then, the following problems may exist:
These problems can be eliminated by the use of CAM, which allows you to authorize sub-accounts to manage your different services. By default, a sub-account has no access to GSE service or its resources. To grant a sub-account such access, you need to create a CAM policy. For more information on CAM, see CAM Overview.
A policy is a syntax specification that defines one or more permissions. It allows or denies the access to a specified resource by authorizing a user or a group of users.
For more information on CAM policy elements, please see Element Reference.
For more information on how to use CAM policies, please see Policy.
If you do not need to manage access permissions to GSE resources for sub-accounts, you can skip this part. This will not affect your understanding and use of other parts of the documentation.
A CAM policy must permit or deny one or more GSE operations. Besides, you must specify some (or all) resources to operate on.
Some GSE APIs support resource-level permissions, which means that you can choose to specify either specific or all resources when calling these APIs.