tencent cloud

Feedback

Overview

Last updated: 2023-04-24 15:00:03

    Overview

    Cloud Access Management (CAM) helps you securely manage permissions for most Tencent Cloud services. This document provides information on the products and services that support CAM in multiple dimensions, such as authorization granularity, console operation, authorization by tag, and reference documentation.
    The table below lists Tencent Cloud services that support CAM.
    Definitions:

    • Service: Name of a CAM-enabled Tencent Cloud service. For more information on a specific service, click the link to the reference document.
    • Authorization granularity: The finest authorization granularity currently supported by the service.
    Note:

    Three authorization granularity levels are supported: service level, operation level, and resource level.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
    • Console: Whether sub-accounts can access the service through the console. "✓" means yes, while "-" means no.
    • Authorization by tag: Whether the service supports using tags for permission management. "✓" means yes, while "-" means no.
    • Service role: Whether the service can access other services as a role entity. "✓" means yes, while "-" means no.
    • Reference document: Link to the document on CAM-based access control for the service. - means no documentation available yet.

    Compute

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Virtual Machine (CVM) 1 cvm Resource level Access Management
    Auto Scaling (AS) as Resource level -
    BatchCompute batch Resource level - Cloud Access Management
    Edge Computing Machine (ECM) ecm Resource level - -
    Tencent Cloud Lighthouse (Lighthouse) lighthouse Resource level - -
    Tencent Cloud Automation Tools (TAT) tat Resource level - - Cloud Access Management
    Note:

    1 In CVM, GPU Cloud Computing (GCC), CVM Dedicated Host (CDH), and Cloud Block Storage (CBS) support CAM.

    Container

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tencent Kubernetes Engine (TKE) tke Resource level Permission Management
    Tencent Container Registry (TCR) tcr Resource level - Overview
    Tencent Cloud Mesh (TCM) tcm Resource level - -

    Storage

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Object Storage (COS) 1 cos Resource level Access Control and Permission Management
    Cloud File Storage (CFS) cfs Resource level Access Management
    Cloud HDFS (CHDFS) chdfs Resource level - Authorizing Access with CAM
    Cloud Log Service (CLS) cls Resource level Permission Management
    Note:

    1 In COS, GetService and PutBucket do not support authorization by tag for the time being; therefore, they need to be authorized with a separate custom policy.

    Network

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Load Balancer (CLB) clb Resource level Cloud Access Management
    Virtual Private Cloud (VPC) 1 vpc Resource level - Access Management
    Direct Connect (DC) dc Resource level - Access Policy Types
    Note:

    1 In VPC, Elastic Network Interface (ENI), NAT Gateway, Peering Connection, VPN Connections, Flow Logs (FL), Anycast Internet Acceleration (AIA), Cloud Connect Network (CCN), and Bandwidth Package (BWP) support CAM.

    CDN and Acceleration

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Global Application Acceleration Platform (GAAP) gaap Resource level - -
    Enterprise Content Delivery Network (ECDN) ecdn Resource level - Console Permission Description
    Content Delivery Network (CDN) 1 cdn Resource level Console Permissions
    Note:

    1 In CDN, Secure Content Delivery Network (SCDN) supports CAM.

    Database

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    TencentDB for MySQL cdb Resource level Access Management
    TDSQL-C cynosdb Resource level - Access Management
    TencentDB for MariaDB mariadb Resource level CAM
    TencentDB for SQL Server sqlserver Resource level - CAM
    TencentDB for PostgreSQL postgres Resource level - Overview
    TDSQL for MySQL tdmysql Resource level - Access Management
    TencentDB for Redis redis Resource level - Access Management
    TencentDB for MongoDB mongodb Resource level Access Management
    TencentDB for CTSDB ctsdb Resource level - Overview
    TcaplusDB tcaplusdb Resource level - Overview
    TencentDB for DBbrain dbbrain Resource level - - -
    Data Transmission Service (DTS) dts Resource level -

    Serverless

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Serverless Cloud Function (SCF) scf Resource level Permission Management
    Serverless Application Center (SAC) sls Resource level - Access Management Configuration
    EventBridge eb Resource level - -

    Middleware

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Message Queue (CMQ) - queue model cmqqueue Resource level - Users and Permissions
    Cloud Message Queue (CMQ) - topic model cmqtopic Resource level - Users and Permissions
    CKafka ckafka Resource level - Configuring ACL Policy
    API Gateway apigw Resource level Permission Management
    TDMQ for Pulsar tdmq Resource level - Access Management

    Microservice

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tencent Cloud Elastic Microservice (TEM) tem Operation level - -

    Data Processing

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Infinite (CI) ci Resource level - Access Management

    Domain Name and Website

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    SSL Certificate Service ssl Resource level -
    HTTPDNS httpdns Operation level - - Overview
    Private DNS privatedns Resource level - - Access Control Overview

    Terminal Security

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Workload Protection Platform (CWPP) cwpp Operation level - -

    Data Security

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Data Security Center dsgc Operation level - -
    Key Management Service (KMS) kms Resource level - Access Control
    Secrets Manager (SSM) ssm Resource level Overview

    Security Management

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Security Operations Center (SOC) ssa Operation level - -

    Application Security

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Web Application Firewall (WAF) waf Operation level - -
    Vulnerability Scan Service (VSS) cws Operation level - -

    Video Services

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tencent Real-Time Communication (TRTC) trtc Resource level - Overview
    Video on Demand (VOD) consolevod Resource level Overview
    Media Processing Service (MPS) mps Service level - -

    Data Analysis

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Elastic MapReduce (EMR) emr Resource level Collaborator/Sub-account Permissions
    Elasticsearch Service (ES) es Resource level - CAM-based Access Control Configuration
    Cloud Data Warehouse for ClickHouse (CDWCH) cdwch Resource level - -

    OCR

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Optical Character Recognition (OCR) ocr Service level - - -

    Face Recognition

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Face Recognition iai Resource level - -
    FaceID faceid Service level - -

    Speech Technology

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Automatic Speech Recognition (ASR) asr Resource level - Overview

    Gaming Services

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Game Multimedia Engine (GME) gme Resource level - -

    Mobile Services

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tencent Push Notification Service (TPNS) tpns Resource level - Advanced Custom Configuration

    Cloud Communication

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Instant Messaging (IM) im Resource level - -
    Short Message Service (SMS) consolesms Resource level - Cloud Access Management
    Simple Email Service (SES) ses Service level - - -

    Internet of Things

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    IoT Hub iotcloud Resource level Sub-account Access to IoT Hub

    Cloud Resource Management

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tag tag Operation level - - -
    Tencent Infrastructure as Code (TIC) tic Service level - -
    Tencent Smart Advisor (TSA) advisor Service level - -

    Management and Audit

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Cloud Access Management (CAM) cam Operation level - - User Guide
    CloudAudit cloudaudit Operation level - -

    Monitoring and Ops

    Product Abbreviation in CAM Authorization Granularity Console Authorization by Tag Service Role Reference Document
    Tencent Managed Service for Prometheus (TMP) monitor Resource level Overview
    Migration Service Platform (MSP) msp Service level - -
    Real User Monitoring (RUM) rum Resource level - Overview
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support