tencent cloud

Tencent Cloud Observability Platform

Release Notes and Announcements
Release Notes
Product Introduction
Overview
Strengths
Basic Features
Basic Concepts
Use Cases
Use Limits
Purchase Guide
Tencent Cloud Product Monitoring
Application Performance Management
Mobile App Performance Monitoring
Real User Monitoring
Cloud Automated Testing
Prometheus Monitoring
Grafana
EventBridge
PTS
Quick Start
Monitoring Overview
Instance Group
Tencent Cloud Product Monitoring
Application Performance Management
Real User Monitoring
Cloud Automated Testing
Performance Testing Service
Prometheus Getting Started
Grafana
Dashboard Creation
EventBridge
Alarm Service
Cloud Product Monitoring
Tencent Cloud Service Metrics
Operation Guide
CVM Agents
Cloud Product Monitoring Integration with Grafana
Troubleshooting
Practical Tutorial
Application Performance Management
Product Introduction
Access Guide
Operation Guide
Practical Tutorial
Parameter Information
FAQs
Mobile App Performance Monitoring
Overview
Operation Guide
Access Guide
Practical Tutorial
Tencent Cloud Real User Monitoring
Product Introduction
Operation Guide
Connection Guide
FAQs
Cloud Automated Testing
Product Introduction
Operation Guide
FAQs
Performance Testing Service
Overview
Operation Guide
Practice Tutorial
JavaScript API List
FAQs
Prometheus Monitoring
Product Introduction
Access Guide
Operation Guide
Practical Tutorial
Terraform
FAQs
Grafana
Product Introduction
Operation Guide
Guide on Grafana Common Features
FAQs
Dashboard
Overview
Operation Guide
Alarm Management
Console Operation Guide
Troubleshooting
FAQs
EventBridge
Product Introduction
Operation Guide
Practical Tutorial
FAQs
Report Management
FAQs
General
Alarm Service
Concepts
Monitoring Charts
CVM Agents
Dynamic Alarm Threshold
CM Connection to Grafana
Documentation Guide
Related Agreements
Application Performance Management Service Level Agreement
APM Privacy Policy
APM Data Processing And Security Agreement
RUM Service Level Agreement
Mobile Performance Monitoring Service Level Agreement
Cloud Automated Testing Service Level Agreement
Prometheus Service Level Agreement
TCMG Service Level Agreements
PTS Service Level Agreement
PTS Use Limits
Cloud Monitor Service Level Agreement
API Documentation
History
Introduction
API Category
Making API Requests
Monitoring Data Query APIs
Alarm APIs
Legacy Alert APIs
Notification Template APIs
TMP APIs
Grafana Service APIs
Event Center APIs
TencentCloud Managed Service for Prometheus APIs
Monitoring APIs
Data Types
Error Codes
Glossary
文档Tencent Cloud Observability PlatformAlarm ManagementConsole Operation GuideAccess ManagementGranting Tencent Cloud Service Permissions

Granting Tencent Cloud Service Permissions

PDF
聚焦模式
字号
最后更新时间: 2025-10-27 19:04:37
Tencent Cloud Observability Platform (TCOP) allows a root account to grant a sub-account access permissions via Cloud Access Management (CAM). This document describes how to manage access permissions for a sub-account.

Overview

By default, a root account is the resource owner and has full access to all resources in the account, while a sub-account has no access to any resources. The root account must grant a sub-account access permissions for the sub-account to access resources. You can use your root account to log in to the CAM console and grant a sub-account access permissions. For more information, see Authorization Management.
TCOP policies are subject to the policies of other Tencent Cloud services. When granting TCOP permissions to a sub-account, you also need to grant the corresponding cloud service permissions so that the Tencent Cloud Observability Platform permissions can take effect.
Note:
Permissions are used to allow or deny operations to access specific resources under certain conditions.
Policies are syntax rules used to define and describe one or more permissions.

Common Permission Configurations

Note:
Below takes CVM permission configuration as an example. For more information on how to grant permissions for other Tencent Cloud services, see the following scenarios and TCOP-related Tencent Cloud service policies.

Common permissions

Permission list

Permission Type
Permission Name
TCOP permission
QcloudMonitorFullAccess (full read/write permissions) and QcloudMonitorReadOnlyAccess (read-only permissions)
CVM permission
QcloudCVMFullAccess (full read/write permissions) or QcloudCVMReadOnlyAccess (read-only permissions)

Features and permissions

Note:
You must authorize a role or grant the access permissions of all Tencent Cloud services to a sub-account so that the sub-account can normally access the Monitor Overview page, because the access permissions of multiple services are involved here.
Feature
Operation Permissions
Access Permissions
QcloudMonitorFullAccess
QcloudMonitorReadOnlyAccess
QcloudMonitorFullAccess
QcloudMonitorReadOnlyAccess
Dashboard
×
Instance group
Integration center
×
Resource consumption
×
Alarm record
Alarm policy
×
Trigger condition template
×
Notification template
×
Traffic monitoring
Tencent Cloud service monitoring
Note:
A user with full read/write access permissions for particular Tencent Cloud services also has full read/write access to TCOP resources by default. For example, if you have the full read/write access permission (QcloudCVMFullAccess) for CVM, you’ll have full read/write access to TCOP resources by default. You can go to CAM Console > Policies and click a policy name to check the access to what resources is allowed by this policy.


Note:
If you have been properly granted TCOP permissions, you can access Tencent Cloud service resources with the read-only permission for them. The following table lists permissions for some Tencent Cloud services. For more information, see CAM-Enabled Products.
Tencent Cloud Service
Policy
Permission Description
Reference
QcloudCVMFullAccess
Full access permissions for CVM, including monitoring permissions for CVM, CLB and VPC
QcloudCVMReadOnlyAccess
Read-only permissions for CVM resources
QcloudCDBFullAccess
Full access permissions for TencentDB for MySQL, including the access to TencentDB for MySQL, as well as the security group, monitoring, user group, COS, VPC and KMS permissions related to TencentDB for MySQL.
QcloudCDBReadOnlyAccess
Read-only permissions for TencentDB for MySQL resources
QcloudMongoDBFullAccess
Full access permissions for TencentDB for MongoDB
QcloudMongoDBReadOnlyAccess
Read-only permissions for TencentDB for MongoDB
QcloudRedisFullAccess
Full access permissions for TencentDB for Redis
QcloudRedisReadOnlyAccess
Read-only permissions for TencentDB for Redis
QcloudTcaplusDBFullAccess
Full access permissions for TencentDB for TcaplusDB
Overview
QcloudTcaplusDBReadOnlyAccess
Read-only permissions for TencentDB for TcaplusDB
TDSQL for PostgreSQL
QcloudTBaseReadOnlyAccess
Read-only permissions for TDSQL for PostgreSQL
-
QcloudElasticsearchServiceFullAccess
Full access permissions for Elasticsearch Service
QcloudElasticsearchServiceReadOnlyAccess
Read-only permissions for Elasticsearch Service
QcloudVPCFullAccess
Full access permissions for VPC
QcloudVPCReadOnlyAccess
Read-only permissions for VPC
QcloudDCFullAccess
Full access permissions for DC
-
QcloudCmqQueueFullAccess
Full access permissions for CMQ, including permissions for queues and Tencent Cloud Observability Platform
-
QcloudCKafkaFullAccess
Full access permissions for Message Queue CKafka
QcloudCkafkaReadOnlyAccess
Read-only permissions for Message Queue Ckafka
QcloudCOSFullAccess
Full access permissions for COS
QcloudCOSReadOnlyAccess
Read-only permissions for COS
QcloudCLBFullAccess
Full access permissions for CLB
QcloudCLBReadOnlyAccess
Read-only permissions for CLB
QcloudCFSFullAccess
Full access permissions for CFS
QcloudCFSReadOnlyAccess
Read-only permissions for CFS

上一篇: Authorization Policy Syntax下一篇: No Alarms Received

帮助和支持

本页内容是否解决了您的问题?

填写满意度调查问卷,共创更好文档体验。

文档反馈