tencent cloud

Tencent Cloud Mesh

TCM Policy
Privacy Policy
Data Processing And Security Agreement
DocumentationTencent Cloud Mesh

CAM Preset Policy Authorization

Focus Mode
Font Size
Last updated: 2023-12-26 14:20:49
You can associate Tencent Cloud Mesh-related preset policies in CAM with sub-accounts to rapidly complete CAM authorization for Tencent Cloud Mesh.
You can grant your sub-account the necessary permissions by using the following preset policies:
Policy
Description
QcloudTCMFullAccess
Full access to Tencent Cloud Mesh (All operations such as creation and deletion are allowed.)
QcloudTCMReadOnlyAccess
Read-only access to Tencent Cloud Mesh (Viewing all resources in Tencent Cloud Mesh is allowed, but creating, updating, and deleting them are not allowed.)

Preset Policy for Full Access to Tencent Cloud Mesh

Policy name: QcloudTCMFullAccess; policy content:
{
    "version": "2.0",
    "statement": [
        {
            "action": [
                "tcm:*"
            ],
            "resource": "*",
            "effect": "allow"
        }
    ]
}

Preset Policy for Read-Only Access to Tencent Cloud Mesh

Policy name: QcloudTCMReadOnlyAccess; policy content:
{
    "version": "2.0",
    "statement": [
        {
            "action": [
                "tcm:List*",
                "tcm:Describe*",
                "tcm:ForwardRequestRead"
            ],
            "resource": "*",
            "effect": "allow"
        }
    ]
}
The use of Tencent Cloud Mesh also involves CAM permissions of related products such as VPC, CCN, CLB, and TKE. You can grant appropriate permissions to sub-accounts by referring to the CAM authorization document of the corresponding product.
Tencent Cloud Mesh-related Product
Authorization Guide
VPC
CLB
TKE

Associating Sub-accounts with Preset Policies

In the step for setting user permissions when creating a sub-account, you can associate preset policies with the sub-account by direct association or association via group.

Direct Association

You can directly associate your sub-account with a policy to obtain the permissions contained in the policy.
1. Log in to the CAM console and choose Users > User list on the left sidebar.
2. On the User list page, find the target sub-account and click Grant permission in the Operation column.
3. On the Associate policies page, select the policies that you want to associate.
4. Click OK.

Association via Group

You can add your sub-account to a user group. Then, the sub-account automatically obtains the permissions that are associated with this user group. To disassociate the sub-account from the policies of the group, you simply need to remove the sub-account from the user group.
1. Log in to the CAM console and choose Users > User list on the left sidebar.
2. On the User list page, find the target sub-account and choose More > Add to group in the Operation column.
3. On the Add to group page, select the target user group.
4. Click OK.

Logging In to the Sub-account for Verification

Log in to the Tencent Cloud Mesh console to verify that the features corresponding to the associated policies can be used. If they can be used, the sub-account was successfully authorized.
Next Topic: Privacy Policy

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback