An Overview of Access's Management
Last updated: 2020-02-17 14:29:04PDF
If you use Cloud Virtual Machine, HDD cloud disk, VPC, database and other services in Tencent Cloud, these services are managed by different people, but all share your cloud account key, there will be the following problems:
- Your key is shared by multiple people, so there is a high risk of disclosure.
- You can not limit other people's Access and Permission, it is easy to cause security risks caused by misoperation.
At this time, you can avoid the above problems by implementing different people to manage different services through sub-accounts. By default, sub-accounts do not have the right to use CVM or Permission of CVM-related resources. Therefore, we need to create a policy to allow sub-accounts to use the resources they need or Permission.
Access manages (Cloud Access Management,CAM) Is a set of Web services provided by Tencent Cloud, which is mainly used to help customers safely manage the resources under Tencent Cloud's account, Access Permission. Through CAM, you can create, manage and Terminate users (groups), and control who can use which Tencent Cloud resources through identity management and policy management.
When you use CAM, you can associate the policy with a user or a group of users Associate. The policy can authorize or deny users to use specified resources to complete the specified job. For more basic information about CAM policies, please refer to the Policy Syntax . For more information about the use of CAM policies, please refer to the Policy .
If you do not need to manage CBS-related resources in your sub-account by Access, you can skip this section. Skipping these sections does not affect your understanding and use of the rest of the document.
The CAM policy must authorize the use of one or more CBS-related operations or must reject one or more CBS-related operations. At the same time, it must specify the resources available (all cloud resources or part of the resources) for the operation. A policy also defines the conditions of resource operation.
|Understand the basic structure of policy||Policy Syntax|
|Define actions in the policy||CBS related operations|
|Define resources in a policy||CBS related resource path|
|Use conditions to restrict policies||Conditional key of CBS|
|Resource-level Permission supported by CBS||Resource-level Permission supported by CBS|
|Console example||Console example|