If your company has management personnel with different identities, you can use CAM to divide permissions and grant different permissions to different people to facilitate management and control. This document uses a typical case to describe how to manage the permissions of different identities through sub-accounts.
CompanyExamplehas two OPS engineers
DevAis responsible for server OPS and has all operation permissions of CVM instances under the company account
DevBis responsible for TencentDB for MySQL OPS and has all operation permissions of TencentDB for MySQL instances under the company account
DevBthrough custom sub-user creation.
DevAand click Authorize in the Operation column on the right as shown below:
QcloudCVMFullAccessand click OK as shown below:
QcloudCDBFullAccesspolicy with the sub-account
DevBas instructed in steps 2 and 3.
DevAhas all the operation permissions of CVM instances, while the sub-account
DevBhas all the operation permissions of TencentDB for MySQL instances.
If you need to configure a CAM user as another role, you can follow the above process and search for and select the corresponding permissions policy name in steps 2 and 3. For specific permissions, please see System Permissions
|Admin||AdministratorAccess||This policy allows you to manage all users and their permissions, related financial info, and cloud service assets under this account.|
|Financial admin||QCloudFinanceFullAccess||This policy allows you to manage related financial information under the account, such as payment and invoicing.|
|Database admin||QCloudFinanceFullAccess||This policy allows you to manage related financial information under the account, such as payment and invoicing.|
|QcloudCynosDBFullAccess||Full access to TDSQL-C|
|QcloudMariaDBFullAccess||Full access to TencentDB for MariaDB|
|QcloudSQLServerFullAccess||Full access to TencentDB for SQL Server|
|QcloudCDWPGFullAccess||Full access to TencentDB for PostgreSQL|
|Network admin||QcloudCLBFullAccess||Full access to CLB|
|QcloudVPCFullAccess||Full access to VPC|
|QcloudDCFullAccess||Full access to Direct Connect|
|Monitoring admin||QcloudMonitorFullAccess||Full access to Cloud Monitor, including the permission to view user groups|
|QcloudCATFullAccess||Full access to CAT|
|QcloudTAPMFullAccess||Full access to TAPM|