Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage the access permissions of resources under your Tencent Cloud account. With CAM, you can create, manage, and terminate users (groups) and use identity and policy management to control user access to Tencent Cloud resources.
Granting Access
You can grant access permissions by specifying a user to perform a specified action on specified resources under a specified condition. Generally, the following four elements are used to describe an access policy: principal, resource, action, and condition (optional).
Access Authorization Elements
Tencent Cloud identity
When you sign up for a Tencent Cloud account, the system creates a root account identity for you to log in to the Tencent Cloud services. With the root account, you can use the user management feature to manage different user types, such as collaborator, message recipient, sub-user, and role. For specific definitions, see Glossary.
Tencent Cloud TCHouse-P cluster resource
Tencent Cloud TCHouse-P resources refer to the clusters of Tencent Cloud TCHouse-P, which are also the objects of access control. Usually, you can see the Tencent Cloud TCHouse-P identifier in the console as shown below:
Here, snova-28fg7yl3 is the unique cluster identifier, which can also be seen as the identifier of the Tencent Cloud TCHouse-P resource.
Tencent Cloud TCHouse-P cluster action
Cluster actions are performed by users in the Tencent Cloud TCHouse-P console. Basically, each action can be mapped to a TencentCloud API, such as deleting a cluster and viewing cluster details. Each action has an action identifier that can be used for its access control (read and write).
Principle of least privilege
You must specify the scope of the permission granted to the specified user for performing what actions and access what resources under what conditions.
