If you have multiple users managing different Tencent Cloud services such as Direct Connect, VPC, CVM and other Tencent Cloud products, and they all share your Tencent Cloud account access key, you may face the following problems:
You can avoid the above problems by CAM, which allows different users to manage different services through sub-accounts. The dedicated tunnel of Direct Connect supports the resource-level permissions. By default, a sub-account does not have permissions to use dedicated tunnel or its resources. Therefore, you need to create a policy to grant different permissions to the sub-accounts.
You can skip this section if you do not need to manage permissions to dedicated tunnel resources for sub-accounts. This will not affect your understanding and use of the other sections of the document.
The Direct Connect service consists of connection, dedicated tunnel and direct connect gateway resources. The following table specifies the supported access permissions to resources:
|Direct connect gateway||Supported||Resource-level|
Cloud Access Management (CAM) is a Tencent Cloud web service that helps you securely manage and control access to your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users and user groups. You can manage identities and policies to allow specific users to access your Tencent Cloud resources.
When using CAM, you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, see Syntax Logic. For more information on the use of CAM policies, see Policy.
The root account can associate policies with sub-accounts to implement permissions. The policies support multiple dimensions, such as API, resource, user, user group, allowing, forbidding, and condition.
For more information, please see CAM Overview.