If you have multiple users managing different Tencent Cloud services such as CVM, VPC, and TencentDB, and they all share your Tencent Cloud account access key, you may face the following problems:
You can avoid the problems above by allowing different users to manage different services through sub-accounts. By default, a sub-account does not have permissions to use Tencent Cloud services or resources. Therefore, you need to create a policy to grant different permissions to the sub-accounts.
Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions to your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users (groups), and control the specified Tencent Cloud resources that can be used by the specified user through identity and policy management.
When using CAM, you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, please see Policy Syntax. For detailed directions, please see Policy.
You can skip this section if you do not need to manage permissions to TDSQL-C resources for sub-accounts. This will not affect your understanding and use of the other sections of the document.
A CAM policy must authorize or deny the use of one or more TDSQL-C operations. At the same time, it must specify the resources that can be used for the operations (which can be all resources or partial resources for certain operations). A policy can also include the conditions set for the manipulated resources.
- We recommend you manage TDSQL-C resources and authorize TDSQL-C operations through CAM policies. Although the user experience does not change for existing users who are granted permissions by project, we do not recommend you continue to manage resources and authorize operations in a project-based manner.
- Effectiveness conditions cannot be set for TDSQL-C for the time being.
|Basic policy structure||Policy Syntax|
|Operation definition in a policy||TDSQL-C Operations|
|Resource definition in a policy||TDSQL-C Resource Path|
|Resource-Level permission||Resource-Level Permissions Supported by TDSQL-C|