tencent cloud


Last updated: 2024-01-23 17:59:15


    A role is a virtual user in CAM, which can be granted a permission policy and has the corresponding permissions of the root account. For more information, see Role Overview.
    When creating a role, you can choose to use a Tencent Cloud root account as the role entity, create the role, and bind the authorization policy to it. The root account acting as an entity can grant its CAM sub-accounts the permission to assume this role by creating a permisson policy. Then the CAM sub-accounts can log in to the corresponding root account console by switching roles in the Tencent Cloud console and perform operations within the authorization scope, or they can initiate cross-account requests through API.


    Suppose there are two root accounts in the enterprise, account A and account B, and the security management employee m has CAM sub-user a under account A. If employee m wants to use this sub-account to simultaneously manage the security information under account B, the following steps can be followed:


    1. Create the security operation role role under Account B and specify the role entity as root account A. For more information, see Creating a Role.
    2. Under Account A, create a permission policy that supports role assumption of the security operation role role through AssumeRole.
    3. Assign the policy to CAM sub-user a. For more information, see Authorizing Sub-account with Role Assuming Policy.
    4. The employee m logs in as CAM sub-user a.
    5. Employee m selects the switch role option on the Tencent Cloud Console and logs in using the security role role. For more information, see Using a Role.
    6. Execute security operations-related tasks.
    7. If employee m needs to carry out security operation-related tasks for multiple root accounts simultaneously, the aforementioned steps can be followed to grant m the corresponding security operation permissions for each root account.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support