TencentDB for MySQL implements access control through database account management, access management, security group, and other means to ensure MySQL data security.
You can create database accounts in the TencentDB for MySQL Console or through APIs. You can also grant management permissions at different levels to such accounts. You are recommended to authorize accounts based on the principle of least privilege so as to ensure the data security.
Cloud Access Management (CAM) helps you securely manage and control access permissions to your Tencent Cloud resources. With CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management, which implements permission separation.
Security group mainly helps you implement network access control for your TencentDB for MySQL instances. A security group is a stateful virtual firewall capable of filtering. As an important means for network security isolation provided by Tencent Cloud, it can be used to set network access controls for one or more TencentDB instances.
Instances with the same network security isolation requirements in the same region can be put into the same logical security group. Instances in a security group are matched based on rules. Modifying security group rules does not require restarting the TencentDB for MySQL instances, and the changes will take effect immediately.