- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Best Practices
- Business Use Cases
- TencentDB for MySQL Cases
- CLB Cases
- CMQ Cases
- COS Cases
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM Cases
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC Cases
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD Cases
- Other Cases
- API Documentation
- Introduction
- API Category
- Making API Requests
- Policy APIs
- Role APIs
- CreateServiceLinkedRole
- DeleteRolePermissionsBoundary
- AttachRolePolicy
- DeleteServiceLinkedRole
- DescribeSafeAuthFlag
- CreateRole
- DeleteRole
- DescribeRoleList
- DetachRolePolicy
- GetServiceLinkedRoleDeletionStatus
- GetRole
- PutRolePermissionsBoundary
- ListAttachedRolePolicies
- UpdateAssumeRolePolicy
- UpdateRoleConsoleLogin
- UpdateRoleDescription
- Identity Provider APIs
- User APIs
- AddUser
- AddUserToGroup
- ConsumeCustomMFAToken
- DeleteUserPermissionsBoundary
- DescribeSafeAuthFlagColl
- DescribeSubAccounts
- CreateGroup
- DeleteGroup
- DeleteUser
- GetCustomMFATokenInfo
- GetGroup
- ListAccessKeys
- GetUser
- ListGroups
- ListCollaborators
- ListGroupsForUser
- ListUsers
- ListUsersForGroup
- PutUserPermissionsBoundary
- RemoveUserFromGroup
- SetMfaFlag
- UpdateGroup
- UpdateUser
- STS APIs
- Data Types(CAM)
- Data Types(STS)
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Best Practices
- Business Use Cases
- TencentDB for MySQL Cases
- CLB Cases
- CMQ Cases
- COS Cases
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM Cases
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC Cases
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD Cases
- Other Cases
- API Documentation
- Introduction
- API Category
- Making API Requests
- Policy APIs
- Role APIs
- CreateServiceLinkedRole
- DeleteRolePermissionsBoundary
- AttachRolePolicy
- DeleteServiceLinkedRole
- DescribeSafeAuthFlag
- CreateRole
- DeleteRole
- DescribeRoleList
- DetachRolePolicy
- GetServiceLinkedRoleDeletionStatus
- GetRole
- PutRolePermissionsBoundary
- ListAttachedRolePolicies
- UpdateAssumeRolePolicy
- UpdateRoleConsoleLogin
- UpdateRoleDescription
- Identity Provider APIs
- User APIs
- AddUser
- AddUserToGroup
- ConsumeCustomMFAToken
- DeleteUserPermissionsBoundary
- DescribeSafeAuthFlagColl
- DescribeSubAccounts
- CreateGroup
- DeleteGroup
- DeleteUser
- GetCustomMFATokenInfo
- GetGroup
- ListAccessKeys
- GetUser
- ListGroups
- ListCollaborators
- ListGroupsForUser
- ListUsers
- ListUsersForGroup
- PutUserPermissionsBoundary
- RemoveUserFromGroup
- SetMfaFlag
- UpdateGroup
- UpdateUser
- STS APIs
- Data Types(CAM)
- Data Types(STS)
- Error Codes
- FAQs
- Glossary
Overview
This document describes how to set sub-user login password rules to regulate sub-users’ login password character types, length, and validity period.
Note:
After the login password expires, sub-users will not be able to log in via other login methods and must reset the password.
Directions
Log in to the CAM console and select Users > User Settings in the left sidebar.
Set the password rule.
Note:
- This password rule applies to the password of a sub-user created via a custom method. For example, if you set the rule to "Should contain at least 10 characters of digits and lowercase letters", the password of the sub-user you created should comply with this rule.
- This rule does not apply to sub-users that log in via WeCom or collaborators.
Rules Options Restrictions Character type Select the characters that must be used in the password. You can choose numeric characters, uppercase letters, lowercase letters, special characters (except for spaces) At least one item must be selected Length Restrict the minimum password length The length can be set between 8 - 32 characters Validity period Restrict the password validity period. When the password expires, it must be reset The period can be set between 0 - 365 days Duplication restrictions Restrict the usage of old passwords Between 0 - 24 recent passwords can be restricted from being reused. Retry restrictions Restricts the number of times that the wrong password can be entered. If the number of times the wrong password is entered exceeds the limit set, the login will be locked for 1 hour automatically. This can be set to 0-10 times/hour. Click Apply Changes to set the configured password rules. You can set the password of a sub-user according to the new rules. When sub-users reset passwords, they must do so according to the password rules you have set.
Note:
For the security of your account, sub-users will not be prompted by the rule when they are resetting the password. Sub-users with the cam:GetPasswordRules permission and the root account can go to User Settings in the console and click Download current password rules in Note to pass the current password rule to the user that needs it, as shown in the following figure:
Was this page helpful?