CAM-Enabled Products

Last updated: 2020-06-28 14:50:29

    Overview

    Cloud Access Management (CAM) helps you securely manage permissions for most Tencent Cloud services. This document provides information on the products and services that support CAM in multiple dimensions, such as authorization granularity, console operation, authorization by tag, and reference documentation.
    The table below lists Tencent Cloud services that support CAM.
    Definitions:

    • Service: name of a CAM-enabled Tencent Cloud service. For more information on a specific service, click the link to the reference document.
    • Authorization granularity: the finest authorization granularity currently supported by the service.

    Three authorization granularity levels are supported: service level, operation level and resource level.

    • Service level: it defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service.
    • Operation level: it defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: it is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
    • Console: whether sub-accounts can access the service through the console. "✓" means yes, while "-" means no.
    • Authorization by tag: whether the service supports using tags for permission management. "✓" means yes, while "-" means no.
    • Service role: whether the service can access other services as a role entity. "✓" means yes, while "-" means no.
    • Reference document: link to the document on CAM-based access control for the service. "-" means no documentation available yet.

    Compute

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Virtual Machine (CVM) 1 Resource level CAM Guide
    Tencent Kubernetes Engine (TKE) Resource level - CAM Guide
    Auto Scaling (AS) Resource level - -
    BatchCompute Resource level - - CAM Guide
    Tencent Container Registry (TCR) Resource level - -

    1 In CVM, GPU Cloud Computing (GCC) and CVM Dedicated Host (CDH) support CAM.

    Storage

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Object Storage (COS) Resource level - CAM Guide
    Cloud File Storage (CFS) Resource level - CAM Guide
    Cloud Block Storage (CBS) Resource level - -
    Cloud Data Migration (CDM) Service level - - -
    Cloud Log Service (CLS) Resource level - CAM Guide

    Networking

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Load Balancer (CLB) Resource level CAM Guide
    Virtual Private Cloud (VPC)1 Resource level - - -
    Direct Connect (DC) Operation level - - -

    1 In VPC, Elastic Network Interface (ENI), NAT Gateway, Peering Connection, VPN Connections, Flow Logs (FL), Anycast Internet Acceleration (AIA), Cloud Connect Network (CCN), and Bandwidth Package (BWP) support CAM.

    CDN and Acceleration

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Global Application Acceleration Platform (GAAP) Resource level - - -
    Enterprise Content Delivery Network (ECDN) Resource level - - -
    Content Delivery Network (CDN)1 Resource level - CAM Guide

    Database

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    TencentDB for MySQL Resource level - CAM Guide
    TencentDB for MariaDB Resource level - CAM Guide
    TencentDB for SQL Server Resource level - - CAM Guide
    TencentDB for PostgreSQL Resource level - - -
    TencentDB for TDSQL Resource level - - CAM Guide
    TencentDB for Redis Resource level - - CAM Guide
    TencentDB for MongoDB Resource level - CAM Guide
    Data Transmission Service (DTS) Resource level - -
    TcaplusDB Resource level - -

    Serverless

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Serverless Cloud Function (SCF) Resource level - CAM Guide
    Serverless Framework Resource level - - -

    Middleware

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Message Queue (CMQ) Resource level - - CAM Guide
    Cloud Kafka (CKafka) Resource level - -
    API Gateway Resource level - CAM Guide

    Data Processing

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Infinite (CI) Resource level - CAM Guide

    Domain Names and Websites

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    ICP Filing Service level - - -
    SSL Certificates Service Resource level - - -

    Network Security

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Aegis Anti-DDoS - - - -

    1 In Anti-DDoS, Anti-DDoS Pro and Anti-DDoS Advanced support CAM.

    Data Security

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Key Management Service (KMS) Resource level - - CAM Guide

    Security Management

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Security Operations Center Operation level - -

    Application Security

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Web Application Firewall (WAF) Operation level - - -

    Video Services

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tencent Real-Time Communication (TRTC) Service level - - -
    Live Video Broadcasting (LVB) Resource level CAM Guide
    Video on Demand (VOD) Resource level - - CAM Guide
    Media Processing Service (MPS) Service level - -
    MediaLive Operation level - - -

    Big Data Platform

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Elastic MapReduce (EMR) Resource level - CAM Guide
    Elasticsearch Service (ES) Resource level - - CAM Guide

    Image Recognition

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Optical Character Recognition (OCR) Service level - - -

    Gaming Services

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Game Multimedia Engine (GME) Resource level - - -

    Mobile Services

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tencent Push Notification Service (TPNS) Resource level - - CAM Guide

    Cloud Communication

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Instant Messaging (IM) Service level - - -
    Short Message Service (SMS) Operation level - - -

    Cloud Resource Management

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tag Operation level - - -
    Tencent Infrastructure as Code (TIC) Service level - - -

    Management and Auditing

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Access Management (CAM) Operation level - - CAM Guide
    CloudAudit Operation level - -
    Tencent Cloud Organization (TCO) Operation level - - -

    Monitoring and OPS

    Service Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Monitor Operation level - -
    Migration Service Platform (MSP) Service level - -

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help