tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud Observability Platform
    Documentation
    Download PDF

    Granting Tencent Cloud Service Permissions

    Last updated: 2024-01-27 17:35:59
    Download PDF
      Tencent Cloud Observability Platform (TCOP) allows a root account to grant a sub-account access permissions via Cloud Access Management (CAM). This document describes how to manage access permissions for a sub-account.

      Overview

      By default, a root account is the resource owner and has full access to all resources in the account, while a sub-account has no access to any resources. The root account must grant a sub-account access permissions for the sub-account to access resources. You can use your root account to log in to the CAM console and grant a sub-account access permissions. For more information, see Authorization Management.
      TCOP policies are subject to the policies of other Tencent Cloud services. When granting TCOP permissions to a sub-account, you also need to grant the corresponding cloud service permissions so that the Tencent Cloud Observability Platform permissions can take effect.
      Note:
      Permissions are used to allow or deny operations to access specific resources under certain conditions.
      Policies are syntax rules used to define and describe one or more permissions.

      Common Permission Configurations

      Note:
      Below takes CVM permission configuration as an example. For more information on how to grant permissions for other Tencent Cloud services, see the following scenarios and TCOP-related Tencent Cloud service policies.

      Common permissions

      Permission list

      Permission Type
      Permission Name
      TCOP permission
      QcloudMonitorFullAccess (full read/write permissions) and QcloudMonitorReadOnlyAccess (read-only permissions)
      CVM permission
      QcloudCVMFullAccess (full read/write permissions) or QcloudCVMReadOnlyAccess (read-only permissions)

      Features and permissions

      Note:
      You must authorize a role or grant the access permissions of all Tencent Cloud services to a sub-account so that the sub-account can normally access the Monitor Overview page, because the access permissions of multiple services are involved here.
      Feature
      Operation Permissions
      Access Permissions
      QcloudMonitorFullAccess
      QcloudMonitorReadOnlyAccess
      QcloudMonitorFullAccess
      QcloudMonitorReadOnlyAccess
      Dashboard
      ×
      Instance group
      Integration center
      ×
      Resource consumption
      ×
      Alarm record
      Alarm policy
      ×
      Trigger condition template
      ×
      Notification template
      ×
      Traffic monitoring
      Tencent Cloud service monitoring
      Note:
      A user with full read/write access permissions for particular Tencent Cloud services also has full read/write access to TCOP resources by default. For example, if you have the full read/write access permission (QcloudCVMFullAccess) for CVM, you’ll have full read/write access to TCOP resources by default. You can go to CAM Console > Policies and click a policy name to check the access to what resources is allowed by this policy.
      
      
      Note:
      If you have been properly granted TCOP permissions, you can access Tencent Cloud service resources with the read-only permission for them. The following table lists permissions for some Tencent Cloud services. For more information, see CAM-Enabled Products.
      Tencent Cloud Service
      Policy
      Permission Description
      Reference
      QcloudCVMFullAccess
      Full access permissions for CVM, including monitoring permissions for CVM, CLB and VPC
      QcloudCVMReadOnlyAccess
      Read-only permissions for CVM resources
      QcloudCDBFullAccess
      Full access permissions for TencentDB for MySQL, including the access to TencentDB for MySQL, as well as the security group, monitoring, user group, COS, VPC and KMS permissions related to TencentDB for MySQL.
      QcloudCDBReadOnlyAccess
      Read-only permissions for TencentDB for MySQL resources
      QcloudMongoDBFullAccess
      Full access permissions for TencentDB for MongoDB
      QcloudMongoDBReadOnlyAccess
      Read-only permissions for TencentDB for MongoDB
      QcloudRedisFullAccess
      Full access permissions for TencentDB for Redis
      QcloudRedisReadOnlyAccess
      Read-only permissions for TencentDB for Redis
      QcloudTcaplusDBFullAccess
      Full access permissions for TencentDB for TcaplusDB
      Overview
      QcloudTcaplusDBReadOnlyAccess
      Read-only permissions for TencentDB for TcaplusDB
      TDSQL for PostgreSQL
      QcloudTBaseReadOnlyAccess
      Read-only permissions for TDSQL for PostgreSQL
      -
      QcloudElasticsearchServiceFullAccess
      Full access permissions for Elasticsearch Service
      QcloudElasticsearchServiceReadOnlyAccess
      Read-only permissions for Elasticsearch Service
      QcloudVPCFullAccess
      Full access permissions for VPC
      QcloudVPCReadOnlyAccess
      Read-only permissions for VPC
      QcloudDCFullAccess
      Full access permissions for DC
      -
      QcloudCmqQueueFullAccess
      Full access permissions for CMQ, including permissions for queues and Tencent Cloud Observability Platform
      -
      QcloudCKafkaFullAccess
      Full access permissions for Message Queue CKafka
      QcloudCkafkaReadOnlyAccess
      Read-only permissions for Message Queue Ckafka
      QcloudCOSFullAccess
      Full access permissions for COS
      QcloudCOSReadOnlyAccess
      Read-only permissions for COS
      QcloudCLBFullAccess
      Full access permissions for CLB
      QcloudCLBReadOnlyAccess
      Read-only permissions for CLB
      QcloudCFSFullAccess
      Full access permissions for CFS
      QcloudCFSReadOnlyAccess
      Read-only permissions for CFS
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy