Overview

Last updated: 2021-04-20 14:40:51

    Assume that you are using multiple Tencent Cloud services, such as Game Server Elastic-scaling (GSE), VPC and TencentDB. These services are managed by different users who all share your Tencent Cloud account key. Then, the following problems may exist:

    • Your key is shared by multiple users, which means your key runs a high risk of being compromised.
    • You cannot restrict the access permissions of other users, which poses a security risk due to potential misoperations.

    These problems can be eliminated by the use of CAM, which allows you to authorize sub-accounts to manage your different services. By default, a sub-account has no access to GSE service or its resources. To grant a sub-account such access, you need to create a CAM policy. For more information on CAM, see CAM Overview.

    A policy is a syntax specification that defines one or more permissions. It allows or denies the access to a specified resource by authorizing a user or a group of users.
    For more information on CAM policy elements, please see Element Reference.
    For more information on how to use CAM policies, please see Policy.

    Note:

    If you do not need to manage access permissions to GSE resources for sub-accounts, you can skip this part. This will not affect your understanding and use of other parts of the documentation.

    Getting Started

    A CAM policy must permit or deny one or more GSE operations. Besides, you must specify some (or all) resources to operate on.

    Some GSE APIs support resource-level permissions, which means that you can choose to specify either specific or all resources when calling these APIs.

    Task Link
    Basic policy structure Policy Syntax
    Defining operations in a policy GSE Operations
    Defining resources in a policy GSE Resource Path
    Resource-level permissions for GSE Authorizable Resource Types
    Console Demo Access Control Examples