CAM is a web-based Tencent Cloud service that helps you securely manage and control access to your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users (user groups), and control who can access and use your Tencent Cloud resources through identity and policy management. For more information on CAM policies and how to use them, see Concepts.
A root account can grant a sub-account or collaborator access to specified CLS resources.
CLS offers two preset access policies to meet your basic access management demand.
For how to use the policies, see Authorization Management.
You can use a custom access policy to grant access at a finer granularity, for example, to allow a specific user to view the data of a specific log topic.
A custom access policy consists of two parts:
Configuring custom access policies can be a demanding process. The examples we offer in Access Policy Templates should meet most access management needs. You can also modify the examples based on your requirements. Detailed directions are as follows:
Log in to the console with the root account (or an account with CAM access). On the Policies page, click Create Custom Policy.
In the pop-up window, click Create by Policy Syntax.
On the Select Policy Template page, select Blank Template and click Next.
On the Edit Policy page, enter a policy name and policy content. For the latter, you can copy the content from Access Policy Templates. For example, to grant the sub-account permission to use LogListener, copy the policy as shown below:
Click Complete to save the policy. Then, you can associate it with a user/user group to grant the user/user group the corresponding operation permissions as instructed in Authorization Management.