tencent cloud


Cloud Access Management

Last updated: 2024-01-18 16:24:26
    This document describes the access management feature of SMS. For more information on access management for other Tencent Cloud services, please see CAM-Enabled Products.
    Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions to your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
    SMS has been connected to CAM. You can grant appropriate SMS access permissions to sub-accounts as needed.

    Getting Started

    Before using CAM for SMS, you need to have some knowledge of the basic concepts in CAM and SMS, including:
    CAM: user and policy

    Use Cases

    Permission isolation at the Tencent Cloud service level

    Among the various departments using Tencent Cloud in an organization, department A is in charge of the SMS service. Personnel of department A need permission to access SMS, but not to access other Tencent Cloud services. To this end, the organization can create a sub-account for department A through the root account, grant it only SMS-related permissions, and then provide it to department A.

    Permission isolation at the SMS application level

    When multiple businesses in an organization are using SMS, isolation is needed. Isolation involves resource isolation and permission isolation, of which the former is enabled by the SMS application system and the latter is implemented by SMS access management. In this case, sub-accounts can be created for each business and granted permission to the relevant SMS applications so that each business can only access the specified applications.

    Permission isolation at the SMS action level

    Product operations personnel of a business using SMS in an organization need to access the SMS console to get delivery statistics, but they should be forbidden to perform sensitive operations (such as modifying an over-limit delivery notification or a delivery rate limit) so as to protect the business against any faulty operations. To do this, you can create a custom policy that has permissions to log in to the SMS console but no permissions to call the APIs for over-limit delivery notification and delivery rate limit, create a sub-account and bind it to that policy, and then provide the sub-account information to the product operations personnel.

    Authorization Granularity

    The core feature of CAM is to allow or forbid an account to perform some operations or manipulate some resources. SMS access management supports resource-level authorization. The resource granularity is the SMS application, and the operation granularity is the TencentCloud API, including server APIs and APIs that may be used when the SMS console is accessed. For more information, please see Authorizable Resources and Actions.


    SMS access management supports authorization at the application level but not at the finer-grained resource level (such as the application information and the configuration information).
    SMS access management does not support projects and tags.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support