tencent cloud


Cloud Access Management

Last updated: 2022-09-22 11:19:30


    If you have used multiple Tencent Cloud services, which are managed by different users who share your root account key with the highest permission, the following problems may exist:

    • Your key is shared by multiple users, posing huge risks of data breaches.
    • Your users might introduce security risks from misoperations due to the lack of user access control.

    In this case, you can create multiple users in CAM to take charge of different services, and give them permissions on different consoles by associating policies. This document provides samples to guide you on how to use the CWPP access policies.


    Full access policy

    To grant your users full access to all CWPP APIs, you need to associate the policy QcloudCWPPFullAccess with them.
    See Authorization Management to grant users full access with the preset policy QcloudCWPPFullAccess.

    Read-only policy

    To grant users query access to CWPP, without other permission to add, delete, and modify, you need to associate the policy QcloudCWPPReadOnlyAccess with them. The policy is implemented by restricting user access to the APIs starting with "Describe", "Get", "Check", and "Export".
    See Authorization Management to grant users read-only access with the preset policy QcloudCWPPReadOnlyAccess.

    Custom policies

    If the preset policies cannot meet your needs, you can create a custom policy.


    New users will not be associated with any CWPP policies by default, indicating they do not have any permissions. For more information, see Overview.

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support