Cloud Access Management (CAM) helps you securely manage permissions for most Tencent Cloud services. This document provides information on the products and services that support CAM in multiple dimensions, such as authorization granularity, console operation, authorization by tag, and reference documentation.
The table below lists Tencent Cloud services that support CAM.
Definitions:
Note:Three authorization granularity levels are supported: service level, operation level, and resource level.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
-
means no documentation available yet.Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Cloud Virtual Machine (CVM) 1 | cvm | Resource level | ✓ | ✓ | ✓ | Access Management |
Auto Scaling (AS) | as | Resource level | ✓ | ✓ | ✓ | - |
BatchCompute | batch | Resource level | ✓ | ✓ | - | Cloud Access Management |
Edge Computing Machine (ECM) | ecm | Resource level | ✓ | ✓ | - | - |
Tencent Cloud Lighthouse (Lighthouse) | lighthouse | Resource level | ✓ | ✓ | - | - |
Tencent Cloud Automation Tools (TAT) | tat | Resource level | ✓ | - | - | Cloud Access Management |
Note:1 In CVM, GPU Cloud Computing (GCC), CVM Dedicated Host (CDH), and Cloud Block Storage (CBS) support CAM.
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Tencent Kubernetes Engine (TKE) | tke | Resource level | ✓ | ✓ | ✓ | Permission Management |
Tencent Container Registry (TCR) | tcr | Resource level | ✓ | - | ✓ | Overview |
Tencent Cloud Mesh (TCM) | tcm | Resource level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Cloud Object Storage (COS) 1 | cos | Resource level | ✓ | ✓ | ✓ | Access Control and Permission Management |
Cloud File Storage (CFS) | cfs | Resource level | ✓ | ✓ | ✓ | Access Management |
Cloud HDFS (CHDFS) | chdfs | Resource level | ✓ | ✓ | - | Authorizing Access with CAM |
Cloud Log Service (CLS) | cls | Resource level | ✓ | ✓ | ✓ | Permission Management |
Note:1 In COS,
GetService
andPutBucket
do not support authorization by tag for the time being; therefore, they need to be authorized with a separate custom policy.
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Cloud Load Balancer (CLB) | clb | Resource level | ✓ | ✓ | ✓ | Cloud Access Management |
Virtual Private Cloud (VPC) 1 | vpc | Resource level | ✓ | ✓ | - | Access Management |
Direct Connect (DC) | dc | Resource level | ✓ | ✓ | - | Access Policy Types |
Note:1 In VPC, Elastic Network Interface (ENI), NAT Gateway, Peering Connection, VPN Connections, Flow Logs (FL), Anycast Internet Acceleration (AIA), Cloud Connect Network (CCN), and Bandwidth Package (BWP) support CAM.
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Global Application Acceleration Platform (GAAP) | gaap | Resource level | ✓ | ✓ | - | - |
Enterprise Content Delivery Network (ECDN) | ecdn | Resource level | ✓ | ✓ | - | Console Permission Description |
Content Delivery Network (CDN) 1 | cdn | Resource level | ✓ | ✓ | ✓ | Console Permissions |
Note:1 In CDN, Secure Content Delivery Network (SCDN) supports CAM.
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
TencentDB for MySQL | cdb | Resource level | ✓ | ✓ | ✓ | Access Management |
TDSQL-C | cynosdb | Resource level | ✓ | ✓ | - | Access Management |
TencentDB for MariaDB | mariadb | Resource level | ✓ | ✓ | ✓ | CAM |
TencentDB for SQL Server | sqlserver | Resource level | ✓ | ✓ | - | CAM |
TencentDB for PostgreSQL | postgres | Resource level | ✓ | ✓ | - | Overview |
TDSQL for MySQL | tdmysql | Resource level | ✓ | ✓ | - | Access Management |
TencentDB for Redis | redis | Resource level | ✓ | ✓ | - | Access Management |
TencentDB for MongoDB | mongodb | Resource level | ✓ | ✓ | ✓ | Access Management |
TencentDB for CTSDB | ctsdb | Resource level | ✓ | ✓ | - | Overview |
TcaplusDB | tcaplusdb | Resource level | ✓ | ✓ | - | Overview |
TencentDB for DBbrain | dbbrain | Resource level | ✓ | - | - | - |
Data Transmission Service (DTS) | dts | Resource level | ✓ | ✓ | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Serverless Cloud Function (SCF) | scf | Resource level | ✓ | ✓ | ✓ | Permission Management |
Serverless Application Center (SAC) | sls | Resource level | ✓ | - | ✓ | Access Management Configuration |
EventBridge | eb | Resource level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Cloud Message Queue (CMQ) - queue model | cmqqueue | Resource level | ✓ | ✓ | - | Users and Permissions |
Cloud Message Queue (CMQ) - topic model | cmqtopic | Resource level | ✓ | ✓ | - | Users and Permissions |
CKafka | ckafka | Resource level | ✓ | - | ✓ | Configuring ACL Policy |
API Gateway | apigw | Resource level | ✓ | ✓ | ✓ | Permission Management |
TDMQ for Pulsar | tdmq | Resource level | ✓ | ✓ | - | Access Management |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Tencent Cloud Elastic Microservice (TEM) | tem | Operation level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Cloud Infinite (CI) | ci | Resource level | ✓ | - | ✓ | Access Management |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
SSL Certificate Service | ssl | Resource level | ✓ | ✓ | ✓ | - |
HTTPDNS | httpdns | Operation level | ✓ | - | - | Overview |
Private DNS | privatedns | Resource level | ✓ | - | - | Access Control Overview |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Cloud Workload Protection Platform (CWPP) | cwpp | Operation level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Data Security Center | dsgc | Operation level | ✓ | - | ✓ | - |
Key Management Service (KMS) | kms | Resource level | ✓ | ✓ | - | Access Control |
Secrets Manager (SSM) | ssm | Resource level | ✓ | ✓ | ✓ | Overview |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Security Operations Center (SOC) | ssa | Operation level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Web Application Firewall (WAF) | waf | Operation level | ✓ | ✓ | - | - |
Vulnerability Scan Service (VSS) | cws | Operation level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Tencent Real-Time Communication (TRTC) | trtc | Resource level | ✓ | ✓ | - | Overview |
Video on Demand (VOD) | consolevod | Resource level | ✓ | ✓ | ✓ | Overview |
Media Processing Service (MPS) | mps | Service level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Elastic MapReduce (EMR) | emr | Resource level | ✓ | ✓ | ✓ | Collaborator/Sub-account Permissions |
Elasticsearch Service (ES) | es | Resource level | ✓ | ✓ | - | CAM-based Access Control Configuration |
Cloud Data Warehouse for ClickHouse (CDWCH) | cdwch | Resource level | ✓ | ✓ | - | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Optical Character Recognition (OCR) | ocr | Service level | ✓ | - | - | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Face Recognition | iai | Resource level | ✓ | - | ✓ | - |
FaceID | faceid | Service level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Automatic Speech Recognition (ASR) | asr | Resource level | ✓ | ✓ | - | Overview |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Game Multimedia Engine (GME) | gme | Resource level | ✓ | ✓ | - | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Tencent Push Notification Service (TPNS) | tpns | Resource level | ✓ | ✓ | - | Advanced Custom Configuration |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Instant Messaging (IM) | im | Resource level | ✓ | ✓ | - | - |
Short Message Service (SMS) | consolesms | Resource level | ✓ | ✓ | - | Cloud Access Management |
Simple Email Service (SES) | ses | Service level | ✓ | - | - | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
IoT Hub | iotcloud | Resource level | ✓ | ✓ | ✓ | Sub-account Access to IoT Hub |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Tag | tag | Operation level | ✓ | - | - | - |
Tencent Infrastructure as Code (TIC) | tic | Service level | ✓ | - | ✓ | - |
Tencent Smart Advisor (TSA) | advisor | Service level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Cloud Access Management (CAM) | cam | Operation level | ✓ | - | - | User Guide |
CloudAudit | cloudaudit | Operation level | ✓ | - | ✓ | - |
Product | Abbreviation in CAM | Authorization Granularity | Console | Authorization by Tag | Service Role | Reference Document |
---|---|---|---|---|---|---|
Tencent Managed Service for Prometheus (TMP) | monitor | Resource level | ✓ | ✓ | ✓ | Overview |
Migration Service Platform (MSP) | msp | Service level | ✓ | - | ✓ | - |
Real User Monitoring (RUM) | rum | Resource level | ✓ | ✓ | - | Overview |
Was this page helpful?