tencent cloud

Elastic MapReduce

Release Notes and Announcements
Release Notes
Announcements
Security Announcements
Product Introduction
Overview
Strengths
Architecture
Features
Use Cases
Constraints and Limits
Technical Support Scope
Product release
Purchase Guide
EMR on CVM Billing Instructions
EMR on TKE Billing Instructions
EMR Serverless HBase Billing Instructions
Getting Started
EMR on CVM Quick Start
EMR on TKE Quick Start
EMR on CVM Operation Guide
Planning Cluster
Administrative rights
Configuring Cluster
Managing Cluster
Managing Service
Monitoring and Alarms
TCInsight
EMR on TKE Operation Guide
Introduction to EMR on TKE
Configuring Cluster
Cluster Management
Service Management
Monitoring and Ops
Application Analysis
EMR Serverless HBase Operation Guide
EMR Serverless HBase Product Introduction
Quotas and Limits
Planning an Instance
Managing an Instance
Monitoring and Alarms
Development Guide
EMR Development Guide
Hadoop Development Guide
Spark Development Guide
Hbase Development Guide
Phoenix on Hbase Development Guide
Hive Development Guide
Presto Development Guide
Sqoop Development Guide
Hue Development Guide
Oozie Development Guide
Flume Development Guide
Kerberos Development Guide
Knox Development Guide
Alluxio Development Guide
Kylin Development Guide
Livy Development Guide
Kyuubi Development Guide
Zeppelin Development Guide
Hudi Development Guide
Superset Development Guide
Impala Development Guide
Druid Development Guide
TensorFlow Development Guide
Kudu Development Guide
Ranger Development Guide
Kafka Development Guide
Iceberg Development Guide
StarRocks Development Guide
Flink Development Guide
JupyterLab Development Guide
MLflow Development Guide
Practical Tutorial
Practice of EMR on CVM Ops
Data Migration
Practical Tutorial on Custom Scaling
API Documentation
History
Introduction
API Category
Cluster Resource Management APIs
Cluster Services APIs
User Management APIs
Data Inquiry APIs
Scaling APIs
Configuration APIs
Other APIs
Serverless HBase APIs
YARN Resource Scheduling APIs
Making API Requests
Data Types
Error Codes
FAQs
EMR on CVM
Service Level Agreement
Contact Us
ドキュメントElastic MapReduce EMR on CVM Operation GuideAdministrative rightsCAM Overview

CAM Overview

PDF
フォーカスモード
フォントサイズ
最終更新日: 2026-01-13 15:02:14

CAM Overview

Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions, resources, and use permissions of your Tencent Cloud account. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
When using EMR, you can associate a policy with a user or user group to allow or forbid them to use specified resources to complete specified tasks. For more information on CAM policies, see Element Reference. For more information on how to use CAM policies, see Policy.
When using Tencent Cloud EMR, different departments and roles need different permissions in order to avoid security risks such as leakages and maloperations. To this end, you can assign different permissions to different users through sub-accounts. By default, a sub-account does not have the permission to use EMR or related resources. Therefore, you need to create a policy to grant the required permission to the sub-account first.

CAM Overview

CAM Policy Use Cases

Applicable Scenario
Permission Granularity
Operation
Link
When enabling EMR service for the first time, you need to authorize EMR the permission to access cloud services (including CVM, CBS, and TencentDB) using the service roles.
Permission for EMR to access cloud resources
Authorize an EMR preset service role.
When creating or using an EMR cluster, if access to Cloud Object Storage (COS) is required, you need to authorize EMR the permission to access COS using service-related roles.
Permission for EMR to access all COS resources
Authorize an EMR preset service-related role.
If you need to granularly specify cluster access permissions to the corresponding COS resources, you can set a custom service role as needed.
Access management for EMR to access specified COS buckets
Create a custom service role and authorize and complete authorization.
Depending on authorization requirements, you can grant different granularity operation permissions to sub-users or collaborators through preset policies.
Access permissions for sub-users or collaborators to access EMR
Authorize a collaborator or sub-user based on preset policies.
Depending on authorization requirements, you can grant different granularity operation permissions to sub-users or collaborators through custom permission policies.
Access permissions for sub-users or collaborators to access EMR
Create a custom permission policy and associate the policy to the sub-account.
前の記事へ: Cross-AZ High Availability次の記事へ: Role Authorization

ヘルプとサポート

この記事はお役に立ちましたか?

フィードバック