tencent cloud

Elastic MapReduce

  • Release Notes and Announcements
  • Product Introduction
  • Purchase Guide
    • EMR on CVM Billing Instructions
    • EMR on TKE Billing Instructions
    • EMR Serverless HBase Billing Instructions
    • EMR Serverless TCBase Billing Overview
  • Getting Started
  • EMR on CVM Operation Guide
    • Planning Cluster
    • Administrative rights
    • Configuring Cluster
    • Managing Cluster
    • Managing Service
    • Monitoring and Alarms
    • TCInsight
  • EMR on TKE Operation Guide
  • EMR Serverless HBase Operation Guide
  • EMR Serverless TCBase Operation Guide
  • EMR Development Guide
    • Hadoop Development Guide
    • Spark Development Guide
    • Hbase Development Guide
    • Phoenix on Hbase Development Guide
    • Hive Development Guide
    • Presto Development Guide
    • Sqoop Development Guide
    • Hue Development Guide
    • Oozie Development Guide
    • Flume Development Guide
    • Kerberos Development Guide
    • Knox Development Guide
    • Alluxio Development Guide
    • Kylin Development Guide
    • Livy Development Guide
    • Kyuubi Development Guide
    • Zeppelin Development Guide
    • Hudi Development Guide
    • Superset Development Guide
    • Impala Development Guide
    • Druid Development Guide
    • TensorFlow Development Guide
    • Kudu Development Guide
    • Ranger Development Guide
    • Kafka Development Guide
    • StarRocks Development Guide
    • Flink Development Guide
    • JupyterLab Development Guide
    • MLflow Development Guide
  • Practical Tutorial
    • Practice of EMR on CVM Ops
    • Data Migration
    • Practical Tutorial on Custom Scaling
  • API Documentation
    • History
    • Introduction
    • API Category
    • Making API Requests
    • Cluster Resource Management APIs
    • Cluster Services APIs
    • User Management APIs
    • Information Query APIs
    • Scaling APIs
    • Configuration APIs
    • Other APIs
    • Cluster Lifecycle APIs
    • Serverless HBase APIs
    • YARN Resource Scheduling APIs
    • Data Types
    • Error Codes
  • FAQs
    • EMR on CVM
  • Service Level Agreement
  • Contact Us
DokumentasiElastic MapReduce EMR on CVM Operation GuideAdministrative rightsCAM Overview

CAM Overview

Download
Mode fokus
Ukuran font
Terakhir diperbarui: 2026-01-13 15:02:14

CAM Overview

Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions, resources, and use permissions of your Tencent Cloud account. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
When using EMR, you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, see Element Reference. For more information on how to use CAM policies, see Policy.
When using Tencent Cloud EMR, different departments and roles need different permissions in order to avoid security risks such as leakages and maloperations. To this end, you can assign different permissions to different users through sub-accounts. By default, a sub-account does not have the permission to use EMR or related resources. Therefore, you need to create a policy to grant the required permission to the sub-account first.

CAM Overview

CAM Policy Use Cases

Applicable Scenario
Permission Granularity
Operation
Link
When enabling EMR service for the first time, you need to authorize EMR the permission to access cloud services (including CVM, CBS, and TencentDB) using the service roles.
Permission for EMR to access cloud resources
Authorize an EMR preset service role.
When creating or using an EMR cluster, if access to Cloud Object Storage (COS) is required, you need to authorize EMR the permission to access COS using service-related roles.
Permission for EMR to access all COS resources
Authorize an EMR preset service-related role.
If you need to granularly specify cluster access permissions to the corresponding COS resources, you can set a custom service role as needed.
Access management for EMR to access specified COS buckets
Create a custom service role and authorize and complete authorization.
Depending on authorization requirements, you can grant different granularity operation permissions to sub-users or collaborators through preset policies.
Access permissions for sub-users or collaborators to access EMR
Authorize a collaborator or sub-user based on preset policies.
Depending on authorization requirements, you can grant different granularity operation permissions to sub-users or collaborators through custom permission policies.
Access permissions for sub-users or collaborators to access EMR
Create a custom permission policy and associate the policy to the sub-account.
Topik sebelumnya: Cross-AZ High AvailabilityTopik selanjutnya: Role Authorization

Bantuan dan Dukungan

Apakah halaman ini membantu?

masukan