- Product Introduction
- Purchasing Guide
- Operation Guide
- Operations Overview
- Viewing ENI Information
- Creating an ENI
- Configuring Security Groups
- Binding and Configuring an ENI
- Setting Service Level
- Deleting an ENI
- Unbinding from a CVM
- Binding Secondary Private IP Addresses
- Releasing Secondary Private IP Addresses
- Binding EIPs
- Unbinding EIPs
- Modifying Primary Private IPs
- Changing the Subnet of an ENI
- Cloud Access Management
- Best Practice
- API Documentation
- FAQs
- Contact Us
- Glossary
- Product Introduction
- Purchasing Guide
- Operation Guide
- Operations Overview
- Viewing ENI Information
- Creating an ENI
- Configuring Security Groups
- Binding and Configuring an ENI
- Setting Service Level
- Deleting an ENI
- Unbinding from a CVM
- Binding Secondary Private IP Addresses
- Releasing Secondary Private IP Addresses
- Binding EIPs
- Unbinding EIPs
- Modifying Primary Private IPs
- Changing the Subnet of an ENI
- Cloud Access Management
- Best Practice
- API Documentation
- FAQs
- Contact Us
- Glossary
If you have activated several Tencent Cloud services, such as VPC, CVM and TencentDB, and you let other users to manage these services by sharing your cloud account key, the following problems may arise:
The possibility of your key being compromised is high because it is shared by several users.
The access of other users is not under control. They can introduce security risks caused by misoperations.
To avoid the above problems, you can create sub-accounts for other users to manage different services. By default, a sub-account can not work with VPCs. Therefore, you need to create a policy to grant VPC-related permissions to them.
Note:
VPC supports access control on the resource level, such as an ENI.
Skip this chapter if you don’t need to manage the access permission of sub-accounts for VPC resources.
Overview
Tencent Cloud’s Cloud Access Management (CAM) is a web service that helps you manage the access permissions for resources under your Tencent Cloud accounts. With CAM, you can create, manage, or terminate users (user groups), and manage identities and policies to allow specific users to access and use specific Tencent Cloud resources.
You can use CAM to bind a user or user group to a policy which allows or denies them access to specified resources to complete specified tasks.
For more information on CAM policy elements, see Element Reference.
For more information on how to use CAM policies, see Policy.
Getting Started
A CAM policy allows or denies one or more VPC operations. You need to specify the target of the operation. The policy can also include some custom conditions.
Some APIs do not support resource-level permissions, which means that you cannot specify resources when using those APIs.
Content | Reference |
Basic policy structure | |
Defining operations in a policy | |
Defining resources in a policy | |
Resource-level permissions supported by ENI | |
CAM examples |
Yes
No
Was this page helpful?