tencent cloud

TencentDB for CTSDB

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Overview
System Architecture
Use Cases
Key Concepts
Instance Types and Specifications
Purchase Guide
Product Pricing
Purchasing an Instance
Renewal Instructions
Overdue Payment Instructions
Refund Instructions
Getting Started
Connecting to an Instance and Writing Data
Operation Guide
CAM
Managing an Instance
Automatic Backup
System Monitoring
Database Management
Account Management
Managing a Security Group
Public Network Access
InfluxQL Compatibility
Database Management
Schema Query
Data Type
Data Query
InfluxQL Functions
Client
SDK Reference
influx CLI Client
API Documentation
History
Introduction
API Category
Making API Requests
Instance APIs
Database APIs
Data Types
Error Codes
Practical Tutorial
Recommendations for the Data Table Definition
Using the Grafana Service
Integrating the Telegraf Service
Performance White Paper
Test Environment
Testing Tool
Write Performance Test
Query Performance Test
FAQs
Glossary
CTSDB Policy
Privacy Policy
Data Privacy and Security Agreement
Contact Us
DocumentationTencentDB for CTSDBOperation GuideCAMCAM Overview

CAM Overview

PDF
Focus Mode
Font Size
Last updated: 2025-04-30 16:33:26

Feature Introduction

Cloud Access Management (CAM) helps you securely and conveniently manage access to Tencent Cloud services and resources. With CAM, you can create sub-users, user groups, and roles, and control their access scope through policies. CAM supports SSO capabilities for users and roles, allowing you to set up interoperability between enterprise users and Tencent Cloud based on specific management scenes.
The Tencent Cloud root account you initially created has full access to all services and resources under the account. It is recommended to protect the credentials of the root account, use sub-users or roles for daily access, enable multi-factor authentication, and periodically rotate keys.

Overview

If you use multiple cloud platform services, such as Cloud Virtual Machine, Virtual Private Cloud and CloudDB, managed by different people but sharing your cloud account tokens, you might face the issues:
The risk of your key being compromised is high since multiple users are sharing it.
You cannot restrict access for other users, which may lead to misoperations and potential security risks.

Basic Concepts

Root Account

When you register for a Tencent Cloud accout, the generated account is the root account and has management permissions for all cloud resources under that root account. The root account is the fundamental entity for metering and billing Tencent Cloud's resource usage.

Sub-Account

A sub-account is created by a root account and fully belongs to the root account that creates it. It has a definite identity ID and credentials.

Identity Credential

It includes log-in credentials and access certificates. Log-in credentials refer to a user's log-in name and password. Access certificates refer to Cloud API keys (SecretId and SecretKey).

Resource

A resource is an object operated in cloud services, such as a TencentDB for CTSDB 3.0 instance.

Permissions and Policies

Permission: Refers to allowing or denying some users to perform specific operations and access certain resources under certain conditions.
Policy: Refers to the syntax specification that defines and describes one or more permissions. For a detailed description of the syntax, see Permissions and Policies.
Note:
By default, a root account has access permissions to all its resources, while a sub-account does not have access permissions to any resources under the root account. You need to create policies to allow sub-accounts to use the resources or permissions they require.
For detailed operations for the default permission policies and custom policies of CTSDB, see Permissions and Policies.
For detailed operations on authorizing permission policies to sub-accounts or cross-cloud accounts, see Authorizing Policies to Sub-accounts or Cross-Cloud Accounts.

Authorization Granularity

The authorization granularity of cloud products is divided into three levels according to the granularity: service level, operation level, and resource level.
Service level: This defines whether access permissions are authorized to the overall service. It can be divided into allowing full operation permissions for the service or denying all operation permissions for the service. Cloud products with service-level authorization granularity do not support authorizing specific APIs.
Operation level: This defines whether access permissions are authorized to specific APIs of the service. For example: Authorizing a certain account to perform read-only operations on the Cloud Database Service.
Resource level: This defines whether access permissions are authorized to a specific resource. This is the finest level of authorization granularity. For example: Authorizing a certain account to perform only read and write operations on a Cloud Database Service instance. Products that can support resource-level API authorization are identified as having resource-level authorization granularity.
Note:
For a detailed list of business APIs supported by CAM authorization in CTSDB 3.0, see Authorizable Resources and Operation APIs.

More Information

For more information about CAM, see Cloud Access Management in Product Documentation.
Previous Topic: Connecting to an Instance and Writing DataNext Topic: Permissions and Policies

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback