CAM-enabled Cloud Services

Last updated: 2019-12-14 14:33:20

PDF

Overview

CAM (Cloud Access Management) helps you securely manage access to many Tencent Cloud resources and services.
This article contains information about CAM-enabled services, including detailed policy syntax, cloud APIs, console, authorization granularity and temporary certificates.
CAM currently is integrated with the following Tencent Cloud services and resources. Please note that products marked with an asterisk (*) has not yet been released on the international console.

Definitions:

  • Service: Name of the CAM-enabled Tencent Cloud services. For more information about specific service or product, tap the link to go to the product documentation.
  • Policy syntax: Whether the service enables you to use policy syntax to manage access. “✔” means “Yes”; “-” means “No”.
  • Cloud API: Whether sub-account users can use Tencent Cloud API to access the service. “✔” means “Yes”; “-” means “No”.
  • Console: Whether sub-account users can access the service via console. “✔” means “Yes”; “-” means “No”.
  • Authorization granularity: Level of detail used to define authorization rules for controlling the access to resources and services under a Tencent Cloud account.

    Authorization granularity has three levels: Service level, operation level and resource level.

    • Service level: Whether a user can be permitted to access all of the Tencent Cloud services the Tencent Cloud account has purchased.
    • Operation level: Whether a user can be permitted to call the API of a specified Tencent Cloud service the Tencent Cloud account has purchased. For example, a user has read-only access to the Tencent Cloud account's CVM.
    • Resource level: Whether a user can be permitted to access specific resource under the Tencent Cloud account. For example: a user has read-only access to a CVM owned by the Tencent Cloud account. Resource level presents the finest authorization granularity.
  • Temporary key (STS): Whether a user can be permitted to access the service via temporary security credentials. “✔” means “Yes”; “-” means “No”.
  • Role: Whether the service can access other services as a role entity. "✔" means “Yes”; "-" means “No”.

Compute

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CVM Resource level
CPM* Resource level -
TKE Resource level
AS Resource level -
SCF Resource level
BatchCompute Resource level -

Storage

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
COS Resource level
CFS - Service Level -
CSG* - Service level - -
CBS Resource level -
CLS - Service level -

Networking

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CLB Resource level -
VPC Resource level -

Database

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
TencentDB for MySQL Resource level
TencentDB for CTSDB* - Operation level -
TencentDB for MongoDB - - - - -

CDN & Acceleration

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CDN - Operation level -
DSA Service level -

Middleware

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CMQ Resource level -
CKafka Resource level
API Gateway Resource level -
TSF* - - - - -

Domains & Websites

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
Domain Service* - Service level - -
ICP Filing Registration* - Service level - -
HttpDNS* - Service level - -

Network Security

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
Anti-DDoS Basic* Service level - -

Host Security

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
Host Security Operation level -

Security Management

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
SSA Service level - -

Application Security

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
WAF Operation level -

Video Services

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
LVB Operation level -
VOD - Service level - -
ILVB* - Service level - -

Big Data Platform

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
EMR* Operation level
Sparkling Data Warehouse Suite - Resource level -
Snova Data Warehouse* Operation level -
SCS Service level
Elasticsearch Service Operation level -

Big Data Application

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
TIR* - Service level -
DM* - Service level -
TCS* - Service level - -

Face Recognition

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
FaceID* Service level -

Speech Technology

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
Artificial Audio Intelligence* - Service level - -

Natural Language Processing

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
NLP* - Service level - -
TMT* - Service level - -

Intelligent Robot

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
Xiaowei Customer Service* - Service level - -

AI Platform Services

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
TI-ML* - Service level -

Game Services

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
GME - Resource level -

Retail

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
YouMall - - - - -

Mobile

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
TCB* - - - - -

Basic Communication

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
IM* - Service level - -
SMS - Service level - -

Internet of Things

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
IoT Hub* Service level

Blockchain

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
TBaaS* Operation level -

Cloud Resource Management

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
Tag Operation level -

Management & Audit

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CloudAudit Operation level

Monitoring & OPS

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CM Operation level -
CAT* - Service level - -
KMS* Resource level -
MSP* - - - - -

Developer Tools

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
BlueKing* - - - - -

Data Processing

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CI* - Service level -
VC* - - - - -

Solution

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
CPay* - Service level - -

Management & Support

Service Policy Syntax Cloud API Console Authorization Granularity Temporary Key Role
Channel Partner - Operation level - -
Laboratory - - - - -

Third-party Services

Service Role
TrustSQL