tencent cloud

Virtual Private Cloud

Release Notes and Announcements
Release Notes
Announcements
Tencent Cloud Network Overview
Product Introduction
Overview
Strengths
Use Cases
Concepts
Quota Limit
Service Regions and Service Providers
Purchase Guide
Billing Overview
Payment Overdue
Quick Start
Network Planning
VPC Connections
Building Up an IPv4 VPC
Operation Guide
Network Topology
Network performance dashboard
Virtual Private Cloud (VPC)
Subnets
Route Tables
Elastic IP
HAVIPs
Elastic Network Interface
Bandwidth Package
Network Connection
Security Management
Diagnostic Tools
Alarming and Monitoring
Practical Tutorial
View the Total Bandwidth for Single-Region Traffic-Based Billing
Migrating from the Classic Network to VPC
Best Practices of Security Group Change
Configuring CVM Instance as Public Gateway
Building HA Primary/Secondary Cluster with HAVIP + Keepalived
Hybrid Cloud Primary/Secondary Communication (DC and VPN)
Hybrid Cloud Primary/Secondary Communication (CCN and VPN)
CVM Access to Internet Through EIP
Troubleshooting
VPCs or Subnets Cannot Be Deleted
Network Disconnection After Connecting Two VPCs over CCN
Failed to Ping CVMs in the Same VPC
API Documentation
History
Introduction
API Category
Making API Requests
VPC APIs
Route Table APIs
Elastic Public IP APIs
Elastic IPv6 APIs
Highly Available Virtual IP APIs
ENI APIs
Bandwidth Package APIs
NAT Gateway APIs
Direct Connect Gateway APIs
Cloud Connect Network APIs
Network ACL APIs
Network Parameter Template APIs
Network Detection-Related APIs
Flow Log APIs
Gateway Traffic Monitor APIs
Private Link APIs
Traffic Mirroring APIs
Other APIs
Subnet APIs
VPN Gateway APIs
Security Group APIs
Snapshot Policy APIs
Error Codes
Data Types
FAQs
General
Connection
Security
Contact Us
Glossary
DocumentationVirtual Private CloudOperation GuideSecurity ManagementAccess ManagementCloud Access Management Overview

Cloud Access Management Overview

PDF
Focus Mode
Font Size
Last updated: 2024-10-22 16:16:08
If you are using multiple Tencent Cloud services such as VPC, CVM, and TencentDB that are managed by different users sharing your Tencent Cloud account key, you may encounter the following problems:
Your key is shared by multiple users, which poses a high risk of leakage.
You cannot limit the access permissions of other users, which poses a security risk due to potential misoperation.
To prevent these problems, you can use sub-accounts to allow different users to manage different services. By default, a sub-account has no permission to use a CVM or CVM-related resources. Therefore, you need to create a policy to grant the required resources or permissions to sub-accounts.

Overview

Cloud Access Management (CAM) is a web service provided by Tencent Cloud to help customers manage the permissions to access resources under their Tencent Cloud accounts in a secure way. You can use CAM to create, manage, and terminate users (or user groups), and use identity management and policy management to control Tencent Cloud resources that can be used by each user.
When using CAM, you can associate a policy to a user or a group of users. The policy can authorize or deny users’ requests of using specified resources to complete specified tasks.
For more basic information on CAM policies, see Syntax Logic.
For more usage information on CAM policies, see Policies.
If you do not need to manage the access permissions of sub-accounts for VPC resources, you can skip this section. This will not affect your understanding and usage of other parts in the document.

Getting Started

A CAM policy must authorize or deny the use of one or more VPC operations. At the same time, it must specify the resources (which can be all resources or partial resources for certain operations) that can be used for the operations. The policy can also include the conditions set for the operation resources.
Some VPC API operations support resource-level permissions. That is, when calling these APIs, you cannot specify some resources for the operations. Instead, you must specify all resources for the operations.
Task
Link
Basic structure of a policy
Policy Syntax
Define operations in the policy
VPC Operations
Define resources in the policy
VPC Resource Paths
Resource-level permissions supported by VPC
Console example
Previous Topic: Configuration CaseNext Topic: Authorizable Resource Types

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback