please select
Features & Server APIs
  • On-Cloud Recording
  • Relay to CDN
  • RTMP Streaming with TRTC
  • Event Callbacks
    • Room&Media Callbacks
    • Relay to CDN Callback
    • Cloud Recording Callback
    • Verify Signature Example
  • Sending and Receiving Messages
  • Access Management
    • Overview
    • Manageable Resources and Actions
    • Preset Policies
    • Custom Policies
  • Enabling Advanced Permission Control
  • How to push stream to TRTC room with OBS WHIP
  • Server APIs
    • API Category
    • History
    • Making API Request
      • Request Structure
      • Common Params
      • Signature v3
      • Signature
      • Responses
    • Room Management APIs
      • SetUserBlockedByStrRoomId
      • SetUserBlocked
      • RemoveUser
      • DismissRoom
      • RemoveUserByStrRoomId
      • DismissRoomByStrRoomId
    • Call Quality Monitoring APIs
      • DescribeRoomInfo
      • DescribeUserEvent
      • DescribeCallDetailInfo
      • DescribeUserInfo
      • DescribeScaleInfo
    • Pull Stream Relay Related Interface
      • StartStreamIngest
      • StopStreamIngest
      • DescribeStreamIngest
    • On-cloud Recording APIs
      • CreateCloudRecording
      • DescribeCloudRecording
      • ModifyCloudRecording
      • DeleteCloudRecording
    • Stream Mixing and Relay APIs
      • UpdatePublishCdnStream
      • StartPublishCdnStream
      • StopPublishCdnStream
    • Usage Statistics APIs
      • DescribeTrtcUsage
      • DescribeRecordingUsage
      • DescribeMixTranscodingUsage
      • DescribeRelayUsage
      • DescribeTrtcRoomUsage
    • Data Types
    • Error Codes
    • Appendix
      • Event ID Mapping Table
Docs Overview/
Features & Server APIs/
Access Management/
Overview/

Overview

notice
This document describes the management of access to TRTC. For access management of other Tencent Cloud services, see CAM-Enabled Products.
Cloud Access Management (CAM) is a web service provided by Tencent Cloud that helps customers securely manage access to their Tencent Cloud account resources. CAM allows you to create, manage, or terminate users or user groups and control who is allowed to access and use your Tencent Cloud resources through identity and policy management.
TRTC has supported CAM. You can grant TRTC permissions to sub-accounts as needed.

Getting Started

Before you start, make sure that you understand the basic concepts of CAM and TRTC, including:
CAM: User Types and Policy
TRTC: Application and SDKAppID

Use Cases

Granting product-level permissions

A company has multiple departments that are using Tencent Cloud’s products. Department A is solely responsible for TRTC-related business, and the company needs to grant the department access to TRTC but not to other Tencent Cloud products. To achieve this, the company can create a sub-account for department A under its root account and grant the sub-account only TRTC-related permissions.

Granting application-level permissions

A company has multiple businesses that are using TRTC and needs to isolate them from each other. There are two dimensions to isolation: resource isolation and permission isolation. The former is enabled by TRTC’s application system, and the latter by CAM. The company can create a sub-account for each of the businesses and grant them access only to the TRTC applications they are responsible for.

Granting action-level permissions

A company has a business that is using TRTC. It needs to grant the business’ operational staff access to the TRTC console so that they can obtain usage statistics, and at the same time deny them access to critical operations such as modifying relayed push and on-cloud recording configurations. To achieve this, the company can create a custom policy that has the permissions to use relevant APIs to log in to the TRTC console and view usage statistics, and associate the policy with the sub-account created for the operational staff.

Authorization Granularity

In essence, CAM enables you to allow or forbid specified accounts to access certain resources. TRTC access management supports resource-level authorization. The granularity of manageable resources is TRTC applications, and the granularity of manageable actions is TencentCloud APIs, including server APIs and the APIs used to access the TRTC console. For more information, please see Manageable Resources and Actions.

Limitations

The granularity of manageable resources for TRTC access management is applications. Access control of finer granularity (e.g., application information or configuration information) is not supported.
TRTC does not support project-level access management. We recommend that you use tags to manage your cloud service resources.