If you use the performance testing service in Tencent Cloud, which is managed by different people but shares your cloud account key, the following issues may arise:
The risk of your key being exposed is high since multiple users are sharing it.
You cannot restrict others' access permissions, which can easily lead to accidental operations causing security risks.
At this point, you can address the above issues by using sub-accounts to enable different people to manage different services. By default, sub-accounts do not have permission to use the performance testing service. Therefore, you need to create policies to grant sub-accounts the permissions they need to access the required resources.
Introduction
Cloud Access Management (CAM) is a set of web services provided by Tencent Cloud. It is mainly used to help customers securely manage access permissions to resources under Tencent Cloud accounts. With CAM, you can create, manage, and terminate users (groups), and control who can use which Tencent Cloud resources through identity and policy management. When using CAM, you can associate a policy with a user or a group of users. The policy can authorize or deny users the ability to use specified resources to complete specific tasks. For more basic information on CAM policies, see Policy Syntax. For more information on using CAM policies, see Policies. Authorization Methods
PTS supports two authorization methods: resource-level authorization and tag-based authorization. Here is a detailed explanation of each method:
Resource-level authorization: You can grant sub-accounts management permissions for individual resources through policy syntax or default policies. For more information, see Policy Syntax and Policy Granting. Tag-based authorization: You can grant sub-accounts management permissions for resources associated with specific tags by tagging the resources accordingly. For more information, see Tag Overview. Note:
If you do not need to conduct cloud access management on performance testing service-related resources for sub-accounts, you can skip this section. Skipping these parts will not affect your understanding and use of the rest of the document.