tencent cloud

TencentDB for SQL Server

Release Notes and Announcements
Release Notes
Product Announcements
User Guide
Product Introduction
Overview
Product Architecture
Strengths
Use Cases
Regions and AZs
Major Version Lifecycle Explanation
Features and Differences
Instance Types
Instance Specifications
Storage Types
Common Concepts
Network Environment
License Statement
Purchase Guide
Billing Overview
Product Pricing
Purchase Methods
Renewal Instructions
Payment Overdue
Refund
From Pay-as-You-Go to Monthly Subscription
Instance Adjustment Fees Description
Local Backup Space Billing
Cross-Region Backup Billing
Viewing Bill Details
Getting Started
Creating TencentDB for SQL Server Instance
Connecting to TencentDB for SQL Server Instance
Managing TencentDB for SQL Server Instance
Operation Guide
Constraints and Limits
Usage Specifications and Suggestions
Maintaining Instance
Adjusting Instance Configuration
Read-Only Instance
Network and Security
Account Management
Database Management
Data Security
Parameter Configuration
Monitoring and Alarms
Backup and Restoration 
Log Management
Publish-Subscribe
SSIS
Data Migration (New)
Data Migration (Legacy)
Data Synchronization (DTS) 
Practical Tutorial
TencentDB for SQL Server Methods for Regular Maintenance
TencentDB for SQL Server Optimization of Slow SQL
How to Better Use Tempdb
Cross-Account Backup Restoration
Creating VPC for TencentDB for SQL Server
Connecting Kingdee K/3 WISE to TencentDB for SQL Server
Account Permissions and Permission Control
Enabling and Disabling the CDC Feature
Shrinking a Database
API Documentation
History
Introduction
API Category
Making API Requests
Sales and fee related APIs
Instance Management related APIs
Operation and maintenance management related APIs
Network management related APIs
Account management related APIs
Database management related APIs
Security group management related APIs
Data security encryption related APIs
Parameter configuration related APIs
Extended Event related APIs
Log management related APIs
Read only instance management related APIs
Publish and subscribe related APIs
Backup related APIs
Rollback related APIs
Data migration (cold standby migration) related APIs
SQL Server Integration Services (SSIS) related APIs
Data migration (DTS old version) related APIs
Data Types
Error Codes
FAQs
Overview
Model Selection
Pricing and Selection
Connection and Network
Account and Permission
Backup and Rollback
Data Migration
Publish/Subscribe
Read-Only Instance
Version and Architecture Upgrade
Disk Space and Specification Adjustment
Monitoring and Alarms
Log-Related
Parameter Modification
Features
Performance, Space, and Memory-Related FAQs
Service Agreement
Service Level Agreement
Terms of Service
Performance Evaluation
Performance Test Report
Glossary
Contact Us
ドキュメントTencentDB for SQL ServerOperation GuideData SecurityAccess ManagementCAM Overview

CAM Overview

PDF
フォーカスモード
フォントサイズ
最終更新日: 2024-01-18 17:23:30

Issues

If you use Tencent Cloud services, including CVM, VPC, and TencentDB, which are managed by different people who share your Tencent Cloud account key, the following issues may arise:
There is a high risk of key leakage because the key is shared among multiple individuals.
The absence of limitations on other users' access rights may easily lead to incorrect operations, causing security risks.

Solutions

You can avoid the issues above by providing different users with sub-accounts, permitting them to manage different services. By default, a sub-account does not possess the authorization to utilize Tencent Cloud services or the related resources. Consequently, we should formulate a policy to allow sub-accounts to use the resources and permissions they need.
Cloud Access Management (CAM) aids in the secure and convenient management of access to Tencent Cloud services and resources. With CAM, you can create sub-accounts, user groups, and roles, controlling their access scope through a policy. CAM supports SSO capabilities for users and roles, allowing targeted settings for interaction between corporate users and Tencent Cloud based on specific management circumstances. Your initially created Tencent Cloud root account possesses complete access to all Tencent Cloud services and resources. It is recommended to safeguard your root account credentials, utilize sub-accounts or roles for daily access, enable multi-factor authentication, and change keys regularly.
While CAM is used, a policy can be associated with a user or a group of users to allow or reject the use of specific resources by users to accomplish designated tasks. For more information on CAM policies, please refer to Policy Syntax.
If you do not need to manage the CAM of the related resources of the Tencent Cloud Database for the sub-accounts, you may bypass this part. It will not impede your comprehension or usage of the remaining parts in this document.

Quick Start

A CAM policy must authorize or deny the use of one or more cloud database operations. Simultaneously, it must specify the resources that can be used for these operations, which could be all the resources (some operations can also be partial resources). The policy can also encompass the conditions stipulated for the operated resources.
Note:
Users are recommended to use CAM policies to manageTencentDB resources and authorize TencentDB operations. While the experience for existing users with project-based permissions remains unchanged, it is not suggested to continue resource management and operation authorization with project-based permissions.
The TencentDB does not support the setting of related validity conditions for the time being.
Task
Link
Understanding the fundamental structure of policies
Defining operations in a policy
Defining resources in a policy
Resource-level permissions supported by TencentDB

前の記事へ: Disk Encryption次の記事へ: Authorization Policy Syntax

ヘルプとサポート

この記事はお役に立ちましたか?

フィードバック