CAM-enabled Cloud Services

Last updated: 2020-02-13 09:28:37

PDF

Introduction

Cloud Access Management (CAM) helps you securely manage permissions for most Tencent Cloud services. This document provides information on the services that support CAM. The information covers authorization granularity, console operations, using tags for authorization, reference documentation, etc.
The table below lists Tencent Cloud services that support CAM.
Definitions:

  • Service: name of the CAM-enabled Tencent Cloud service. For more information on a specific service, click the name to link to the product documentation.
  • Authorization granularity: the finest authorization granularity currently supported by the service.

Authorization granularity has three levels: service level, operation level, and resource level.

  • Service level defines whether a user has the permission to access a specific service as a whole. A user either has full access to the service or has no access to it.
  • Operation level defines whether a user has the permission to call a specific API of a service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account Read/Write access to a specific CVM is an authorization at the resource level..
  • Console: whether sub-accounts can access the service through the Console. “✓” means “Yes”; “-” means “No”.
  • Using tags for authorization: whether the service supports using tags for permissions management. “✓” means “Yes”; “-” means “No”.
  • Service role: whether the service can access other services as a role entity. "✓" means “Yes”; "-" means “No”.
  • Reference documentation: the link to the documentation on access control for the service. “-” means “Documentation not available yet”.

Compute

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Cloud Virtual Machine (CVM) 1 Resource level Access Control
Tencent Kubernetes Engine (TKE) Resource level - Access Control
Auto Scaling (AS) Resource level - -
Serverless Cloud Function (SCF) Resource level - Access Control
BatchCompute Resource level - - -

1 Both GCC instances and CDH instances support CAM.

Storage

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Cloud Object Storage (COS) Resource level - Access Control
Cloud File Storage (CFS) Resource level - Access Control
Cloud Block Storage (CBS) Resource level - -
Cloud Log Service (CLS) Resource level - Access Control

Networking

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Cloud Load Balancer (CLB) Resource level Access Control
Virtual Private Cloud (VPC)1 Resource level - - -
Direct Connect (DC) Resource level - - -

1CAM is supported by ENI, NAT Gateway, Peering Connection, VPN Connection, Anycast Internet acceleration (AIA), and Cloud Connect Network (CCN).

Database

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
TencentDB for MySQL Resource level - Access Control
TencentDB for SQL Server Resource level - - -
TencentDB for TDSQL Resource level - - Access Control
TencentDB for Redis Resource level - - Access Control
TencentDB for MongoDB Resource level - Access Control
Data Transfer Service Resource level - -

CDN & Acceleration

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Global Application Acceleration Platform (GAAP) Resource level - - -
Enterprise Content Delivery Network (ECDN) Service level - - -
Content Delivery Network (CDN) Operation level1 - Access Control

Middleware

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Cloud Message Queue (CMQ) Resource level - - -
CMQ Kafka (CKafka) Resource level - -
API Gateway Resource level - -

Domain Names and Websites

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Website ICP Filing Service level - - -

Network Security

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Anti-DDoS Pro Service level - - -
Anti-DDoS Advanced Service level - - -

Data Security

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Key Management Service (KMS) Resource level - - Access Control

Security Management

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Security Operations Center Operation level - -

Application Security

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Web Application Firewall (WAF) Operation level - - -

Video Services

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Live Video Broadcasting (LVB) Resource level Access Control

Big Data Platform

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Elastic MapReduce (EMR) Operation level - Access Control
Tencent Sparkling Data Warehouse Suite Resource level - -
Oceanus Service level - -
Elasticsearch Service (ES) Operation level - - Access Control

Image Recognition

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Optical Character Recognition (OCR) Service level - - -

Gaming Services

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Game Multimedia Engine (GME) Resource level - - -

Mobile Services

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Tencent Push Notification Service (TPNS) Operation level - - -

Cloud Communication

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
SMS Operation level - - -

Cloud Resource Management

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Tag Operation level - - -

Management and Auditing

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Cloud Access Management (CAM) Operation level - - Access Control
CloudAudit (CA) Operation level - -
Tencent Cloud Organization (TCO) Operation level - - -

Monitoring and OPS

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Cloud Monitor (CM) Operation level - - -
Migration Service Platform (MSP) - - - -

Developer Tools

Service Authorization Granularity Console Using Tags for Authorization Service Role Reference Documentation
Tencent Infrastructure as Code Service level - - -