tencent cloud

Cloud Workload Protection Platform

Release Notes and Announcements
Release Notes
Announcements
Getting Started
Product Introduction
Overview
Advantages
Basic Concepts
Scenarios
Associated Products
Features in Different Editions
Purchase Guide
Purchase Security Protection Licenses
Purchasing Log Analysis Service
Quick Start
Operation Guide
Security Dashboard
Asset Overview
Server List
Asset Fingerprint
Vulnerability Management
Baseline Management
Malicious File Scan
Unusual Login
Password Cracking
Malicious Requests
High-risk Commands
Local Privilege Escalation
Reverse Shell
Java Webshell
Critical File Monitor
Network Attack
A Ransomware Defense
Log Analysis
License Management
Alarm Setting
Cloud Access Management
Hybrid Cloud Installation Guide
FAQs for Beginners
Cloud Workload Protection Description
Feature Description
Agent Process Description
A Security Baseline Detection List
Parsing of JSON Format Alarm Data
Log Field Data Parsing
Agent Installation Guide
Security Score Overview
Practical Tutorial
Auto Fix of Vulnerabilities
Malicious File Processing
Troubleshooting
Intrusions on Linux
Intrusions on Windows
Offline Agent on Linux
Offline Agent on Windows
An Abnormal Log-in Notification
API Documentation
History
Introduction
API Category
Asset Management APIs
Virus Scanning APIs
Abnormal Log-in APIs
Password Cracking APIs
Malicious Request APIs
High-Risk Command APIs
Local Privilege Escalation APIs
Reverse Shell APIs
Vulnerability Management APIs
New Baseline Management APIs
Baseline Management APIs
Advanced Defense APIs
Security Operation APIs
Expert Service APIs
Other APIs
Overview Statistics APIs
Settings Center APIs
Making API Requests
Intrusion Detection APIs
Data Types
Error Codes
FAQs
Agreements
Terms of Service
Service Level Agreement
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationCloud Workload Protection PlatformOperation GuideCloud Access Management

Cloud Access Management

PDF
Focus Mode
Font Size
Last updated: 2024-08-13 16:29:50

Overview

If you have used multiple Tencent Cloud services, which are managed by different users who share your root account key with the highest privilege, the following problems may exist:
Your key is shared by multiple users, so there are huge risks of data breaches.
Your users might introduce security risks from misoperations due to the lack of user access control.
In this case, you can create multiple users in CAM overview to take charge of different services, and give them viewing and operating privileges on different consoles by associating policies. This document provides examples of viewing and operating privileges for CWPP, guiding users on how to use access policies for CWPP.

Examples

Full Access Policy

To grant users full access to all CWPP APIs, you need to associate the policy QcloudCWPPFullAccess with them. See license management to grant users full access with the preset policy QcloudCWPPFullAccess.

Read-only Policy

To grant users query access to CWPP, without other privileges to add, delete, or modify, you need to associate the policy QcloudCWPPReadOnlyAccess with them. The policy is implemented by granting users access privileges to APIs prefixed with Describe, Get, Check, and Export. See license management to grant users read-only access with the preset policy QcloudCWPPReadOnlyAccess.

Custom Policies

If the preset policies cannot meet your needs, you can achieve your goal by creating custom policies.
Note:
New users will not be associated with any CWPP policies by default, indicating they do not have any privileges. For more information, see user guide for CAM.
Previous Topic: Alarm SettingNext Topic: Overview

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback