If you use Tencent Smart Advisor-Chaotic Fault Generator in Tencent Cloud that are managed by different people but share your cloud account keys, the following issues may arise:
The risk of your key being compromised is high since multiple users are sharing it.
Users might introduce security risks from misoperations due to the lack of user access control.
To solve these issues, you can use sub-accounts to enable different individuals to manage different businesses. By default, sub-accounts do not have permission to use CFG. You need to create a policy to grant them the necessary permissions.
Introduction
Cloud Access Management (CAM) is a set of web services provided by Tencent Cloud that primarily helps customers securely manage access permissions to resources under their Tencent Cloud account. With CAM, you can create, manage, and terminate users (groups), and control who can use which Tencent Cloud resources through identity and policy management. When using CAM, you can associate a policy with a user or a group of users. The policy can authorize or deny users the ability to use specified resources to complete specific tasks. For more basic information on CAM policies, see Policy Syntax. For more information on using CAM policies, please see Policies. Skip this chapter if you don’t need cloud access management of CAM resources for sub-accounts. Skipping this chapter does not affect your understanding and use of the rest of the document.
Getting Started
A CAM policy must authorize the use of one or more CFG operations or deny the use of one or more CFG operations. It must also specify the resources that can be used for the operations (which can be all resources or specific resources for some operations). Additionally, the policy can include conditions set for operating the resources.
Some CFG API operations do not support resource-level permissions. This means that for these types of API operations, you cannot specify a particular resource to use. Instead, you must specify all resources when using these operations.