Allowing others to access your Tencent Cloud account
You can grant permissions to other people, allowing them to manage and use the resources in your Tencent Cloud account without having to share your account name and password.
Refined permission management
For different resources, you can grant different permissions to different people. For example, you can allow certain users to fully use CVM (such as creating and deleting CVMs); you can also allow certain
Free to use
The user and permission management feature is provided by your Tencent Cloud account and is free of charge. If the sub-users you create by using this feature use other Tencent Cloud services, you will be
Creating with policy generator – You can configure policies for various businesses using the graphic interface and choose the granularity for default businesses. You can use the generator to generate most policies without having to write JSON.
Configuring by business permissions – You can easily configure a new policy based on an existing policy that already contains certain default business features, and then customize it to meet your new requirements.
Creating using policy syntax – Based on your actual requirements, you can customize the policy syntax and write JSON to meet your needs for customized policies.
Enterprise (Organization) Personnel Management:
Managing users and their access permissions – With CAM, you can create users and assign them individual security credentials (such as access keys, passwords and multi-factor authentication devices), or require temporary security credentials to allow users to access Tencent Cloud services and resources. You can manage various permissions in order to control which operations are available to the users.
A CAM user can be the following:
- A privileged administrator who requires permissions to access the console in order to manage your Tencent Cloud resources.
- An end user who needs to access the content in Tencent Cloud.
- A system which requires permissions to programmatically access your Tencent Cloud data.
Enterprise (Organization) Department Management:
A group contains a set of CAM users. You can use groups to assign permissions to multiple users, which will make it easier to manage permissions for those users. For example, you can configure a group called “R&D” and assign permissions commonly required by administrators to this group. Then all users in this group will automatically acquire the permissions assigned to this group.
If a new user joins your organization and is expected to have administrator permissions, you can assign the appropriate permissions to the user by adding them to this group. Similarly, if anyone has a job change, you can simply delete the user from the original group and add them to the new group without having to edit user permissions.
In order to assign permissions to users, groups, roles or resources, you must create a policy first, for which you can specify the following:
Operations – Which Tencent Cloud operations are allowed for the user. For example, you can allow users to create CVMs. Any operation that isn’t explicitly allowed will be denied.
Resources – Which resources the users can operate on. For example, you can set Tencent Cloud COS buckets against which the users may execute Get Bucket Tagging operation. Users cannot access any resources without your prior explicit authorization.
Permissions – Whether to allow or reject access. Since access is rejected by default, you usually need to compose policies that allow access.
Conditions – Conditions to be met for the policy to take effect. For example, you can allow a user to access certain COS buckets only on condition that the user connects from a certain IP range or uses multi-factor authentication upon login.
Account Security Configuration:
Login Protection – User needs to enter verification code to log in if this is enabled. You can choose MFA verification code or mobile phone verification code based on your need.
Operation Protection – This configuration requires users to enter verification code to verify identity before executing sensitive operations (such as shutting down CVMs) in order to ensure operation safety.
MFA (Multi-factor Authentication) – Tencent Cloud supports two authentication methods: hardware device authentication and virtual device authentication. For virtual device authentication, you can use the MFA feature of Tencent Cloud WeChat Mini Program, which is fast and convenient.