Cloud Access Management (CAM) is used to manage the access permissions for the resources under Tencent Cloud accounts. With CAM, you can use the identity management and policy management features to control which Tencent Cloud resources can be accessed by which sub-accounts.
For example, if your account has HTTPDNS domains deployed in different projects, to strengthen access control, you can authorize resources and assign the admin of project A an authorization policy, specifying that only the admin can manipulate the HTTPDNS domain resources under project A.
You can skip this section if you don't need to manage the permissions of HTTPDNS resources for sub-users.
Currently, CAM-based access authorization is only supported in the console.
A root account authorizes sub-accounts by binding policies. The policy settings can be specific to the level of API, Resource, User/User Group, Allow/Deny, and Condition.
Resource: An object that is operated in Tencent Cloud services, such as a CVM instance, a COS bucket, or a VPC instance.
Permission: An authorization that allows or forbids users to perform certain operations. By default, the root account has full access to all resources under the account, while a sub-account does not have access to any resources under its root account.
Policy: Syntax rule that defines and describes one or more permissions. The root account performs authorization by associating policies with users/user groups.
For more information, see CAM Overview.
|Relationship between policy and user||Policy|
|Basic policy structure||Policy Syntax|
|CAM-enabled products||CAM-Enabled Products|