If you are using multiple Tencent Cloud services such as CVM, CBS, VPC, and TencentDB that are managed by different users who share your Tencent Cloud account key, you may face the following problems.
In this case, you can use sub-accounts to allow different users to manage different services to avoid these problems. By default, a sub-account does not have the permission to use CVMs or CVM-related resources. Therefore, you need to create a policy to grant the required resources or permissions to the sub-account.
Cloud Access Management (CAM) is a set of web-based Tencent Cloud services that helps you securely manage and control access permissions to your Tencent Cloud resources. By using CAM, you can create, manage, and delete users (groups) and control who can use Tencent Cloud resources and which Tencent Cloud resources they can use through identity and policy management.
When using CAM, you can associate a policy with a user or a user group, which grants or denies them permission to use specified resources to perform specified tasks. For more information on CAM policy basics, see Policy Syntax. For more information on the use of CAM policies, see Policies.
If you do not need to manage the access permissions of sub-accounts to CBS resources, you can skip this section. This will not affect your understanding and application of the remaining sections of this document.
A CAM policy must grant or deny the permission to one or more CBS operations. At the same time, it must specify the resources that can be operated on (which can be all resources or some resources for certain operations). A policy can also include the conditions set for the operations of the resources.
|Learn the basic structure of a policy||Policy Syntax|
|Define operations in a policy||CBS Operations|
|Define resources in a policy||CBS Resource Paths|
|Restrict a policy by conditions||CBS Condition Keys|
|Learn the resource-level permissions supported by CBS||Resource-Level Permissions Supported by CBS|
|View console examples||Console Examples|