Product Introduction

CAM Overview

Features

Scenarios

Basic Concepts

Use Limits

User Types

Purchase Guide

Getting Started

Creating Admin User

Creating and Authorizing Sub-account

Logging In to Console with Sub-account

User Guide

Overview

Users

Access Key

User Groups

Role

Identity Provider

Policies

Permissions Boundary

Troubleshooting

Downloading Security Analysis Report

CAM-Enabled Role

Overview

Compute

Container

Microservice

Essential Storage Service

Data Process and Analysis

Data Migration

Relational Database

Enterprise Distributed DBMS

NoSQL Database

Database SaaS Tool

Database SaaS Service

Networking

CDN and Acceleration

Network Security

Data Security

Application Security

Domains & Websites

Big Data

Middleware

Interactive Video Services

Real-Time Interaction

Media On-Demand

Media Process Services

Media Process

Cloud Real-time Rendering

Game Services

Cloud Resource Management

Management and Audit Tools

Developer Tools

Monitor and Operation

CAM-Enabled API

Overview

Compute

Edge Computing

Container

Distributed cloud

Microservice

Serverless

Essential Storage Service

Data Process and Analysis

Data Migration

Relational Database

Enterprise Distributed DBMS

NoSQL Database

Database SaaS Tool

Networking

CDN and Acceleration

Network Security

Endpoint Security

Data Security

Business Security

Application Security

Domains & Websites

Office Collaboration

Big Data

Voice Technology

Image Creation

Tencent Big Model

AI Platform Service

Natural Language Processing

Optical Character Recognition

Middleware

Communication

Interactive Video Services

Real-Time Interaction

Stream Services

Media On-Demand

Media Process Services

Media Process

Cloud Real-time Rendering

Game Services

Education Sevices

Medical Services

Cloud Resource Management

Management and Audit Tools

Developer Tools

Monitor and Operation

Use Cases

Security Practical Tutorial

Multi-Identity Personnel Permission Management

Authorizing Certain Operations by Tag

Supporting Isolated Resource Access for Employees

Enterprise Multi-Account Permissions Management

Reviewing Employee Operation Records on Tencent Cloud

Implementing Attribute-Based Access Control for Employee Resource Permissions Management

During tag-based authentication, only tag key matching is supported

Business Use Cases

TencentDB for MySQL

CLB

CMQ

COS

CVM

VPC

VOD

Others

API Documentation

History

Introduction

API Category

Making API Requests

User APIs

Policy APIs

Role APIs

Identity Provider APIs

Data Types

Error Codes

FAQs

Role

Key

Others

CAM Users and Permissions

Glossary

Downloading Security Analysis Report

PDF

포커스 모드

폰트 크기

마지막 업데이트 시간: 2024-01-23 17:57:37

Overview
You can download a user credential report to view the credential status of all Tencent Cloud sub-accounts and their sub-users, as well as the console login password, access key and account security settings. This report can also be used for compliance audit.
Directions
1. Log in to the CAM console, and click Overview in the left sidebar.
2. In the “Security Analysis Report” module, click Download User Credential Report and complete identity verification as prompted. Then the report will be automatically generated.
3. After downloading the report, you can view it locally.
Note: 
A user credential report in CSV format is generated in the console every four hours. If you click Download User Credential Report within four hours after the last report is generated, you will get the same report rather than a new one.
Report Format
The user credential report is in CSV format. You can use common spreadsheet software to open the CSV file for further analysis or use the file programmatically and perform custom analysis.
The CSV file contains the following information:
Field
Description
Value
AccountID
Account ID
Sub-account ID
Username
Username
Sub-account username
UserType
User type
Sub-user: sub-user 
Collaborator: collaborator 
WeWork-Sub-user: WeCom sub-user
Message-receiver: message recipient
CreationTime
Creation time
Sample value: 2019/8/16 9:25:56
PasswordEnabled
Whether the console login password is enabled
TRUE: enabled
FALSE: disabled. Console access is disabled and the login password is not set. 
not_supported: not supported. A WeCom sub-user logs in by scanning the QR code without a password. A message recipient only receives messages and does not have a password. A collaborator logs in as a root account and is not subject to this field.
PasswordLastRotation
Time when the password was last modified
FALSE: Console access is disabled and the login password is not set. 
not_supported: not supported. A WeCom sub-user logs in by scanning the QR code without a password. A message recipient only receives messages and does not have a password. A collaborator logs in as a root account and is not subject to this field.
LoginConsoleActive
Whether console login is supported
TRUE: enabled 
FALSE: disabled
not_supported: not supported. A message recipient only receives messages and does not have a login password. A collaborator logs in as a root account and is not subject to this field.
LoginProtectionActive
Whether login protection is enabled
TRUE: enabled
FALSE: disabled
not_supported: not supported. A message recipient only receives messages and does not have a login password.
OperationProtectionActive
Whether operation protection is enabled
TRUE: enabled
FALSE: disabled 
not_supported: not supported. A message recipient only receives messages and does not have a login password.
MFADeviceActive
Whether MFA is enabled
TRUE: enabled
FALSE: disabled 
not_supported: not supported. A message recipient only receives messages and does not have a login password. The sub-user has not been bound to a mobile number or WeChat account. 
Abnormal LoginsNumWithin30Days
Whether suspicious login behavior is detected in 30 days
TRUE: suspicious login behavior detected 
FALSE: suspicious login behavior not detected 
AccessKey1SecretId
SecretId of key 1
N/A: no key
AccessKey1MayBeAtRisk
Whether key 1 has leakage risk
TRUE: at risk 
FALSE: no risk
N/A: no key 1 
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey1CreationTime
Creation time of key 1
N/A: no key 1 
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey1Status
Status of key 1
Active: enabled 
Disable: disabled 
N/A: no key 1
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey1lastUsedDate
Time when key 1 was last used
N/A: no key 1 
not_supported: not supported. A message recipient only receives messages and does not have a login password.
AccessKey1CreatedOver90Days
Whether key 1 has been created for over 90 days
N/A: no key 1 
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey1CreatedOver30Days
Whether key 1 has been created for over 30 days
N/A: no key 1 
not_supported: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2SecretId
SecretId of key 2
N/A: no key 2
AccessKey2MayBeAtRisk
Whether key 2 has leakage risk
TRUE: at risk
FALSE: no risk 
N/A: no key 2
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey2CreationTime
Creation time of key 2
N/A: no key 2 
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey2Status
Status of key 2
Active: enabled 
Disable: disabled
N/A: no key 2 
not_supported: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2lastUsedDate
Time when key 2 was last used
N/A: no key 2 
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey2CreatedOver90Days
Whether key 2 has been created for over 90 days
N/A: no key 2
not_supported: not supported. A message recipient only receives messages and does not have a login password. 
AccessKey2CreatedOver30Days
Whether key 2 has been created for over 30 days
N/A: no key 2 
not_supported: not supported. A message recipient only receives messages and does not have a login password.
﻿

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

tencent cloud

Cloud Access Management

Downloading Security Analysis Report

Overview

Directions

Report Format

도움말 및 지원

Field	Description	Value
AccountID	Account ID	Sub-account ID
Username	Username	Sub-account username
UserType	User type	`Sub-user`: sub-user `Collaborator`: collaborator `WeWork-Sub-user`: WeCom sub-user `Message-receiver`: message recipient
CreationTime	Creation time	Sample value: 2019/8/16 9:25:56
PasswordEnabled	Whether the console login password is enabled	`TRUE`: enabled `FALSE`: disabled. Console access is disabled and the login password is not set. `not_supported`: not supported. A WeCom sub-user logs in by scanning the QR code without a password. A message recipient only receives messages and does not have a password. A collaborator logs in as a root account and is not subject to this field.
PasswordLastRotation	Time when the password was last modified	`FALSE`: Console access is disabled and the login password is not set. `not_supported`: not supported. A WeCom sub-user logs in by scanning the QR code without a password. A message recipient only receives messages and does not have a password. A collaborator logs in as a root account and is not subject to this field.
LoginConsoleActive	Whether console login is supported	`TRUE`: enabled `FALSE`: disabled `not_supported`: not supported. A message recipient only receives messages and does not have a login password. A collaborator logs in as a root account and is not subject to this field.
LoginProtectionActive	Whether login protection is enabled	`TRUE`: enabled `FALSE`: disabled `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
OperationProtectionActive	Whether operation protection is enabled	`TRUE`: enabled `FALSE`: disabled `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
MFADeviceActive	Whether MFA is enabled	`TRUE`: enabled `FALSE`: disabled `not_supported`: not supported. A message recipient only receives messages and does not have a login password. The sub-user has not been bound to a mobile number or WeChat account.
Abnormal LoginsNumWithin30Days	Whether suspicious login behavior is detected in 30 days	`TRUE`: suspicious login behavior detected `FALSE`: suspicious login behavior not detected
AccessKey1SecretId	SecretId of key 1	`N/A`: no key
AccessKey1MayBeAtRisk	Whether key 1 has leakage risk	`TRUE`: at risk `FALSE`: no risk `N/A`: no key 1 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey1CreationTime	Creation time of key 1	`N/A`: no key 1 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey1Status	Status of key 1	`Active`: enabled `Disable`: disabled `N/A`: no key 1 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey1lastUsedDate	Time when key 1 was last used	`N/A`: no key 1 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey1CreatedOver90Days	Whether key 1 has been created for over 90 days	`N/A`: no key 1 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey1CreatedOver30Days	Whether key 1 has been created for over 30 days	`N/A`: no key 1 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2SecretId	SecretId of key 2	`N/A`: no key 2
AccessKey2MayBeAtRisk	Whether key 2 has leakage risk	`TRUE`: at risk `FALSE`: no risk `N/A`: no key 2 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2CreationTime	Creation time of key 2	`N/A`: no key 2 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2Status	Status of key 2	`Active`: enabled `Disable`: disabled `N/A`: no key 2 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2lastUsedDate	Time when key 2 was last used	`N/A`: no key 2 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2CreatedOver90Days	Whether key 2 has been created for over 90 days	`N/A`: no key 2 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.
AccessKey2CreatedOver30Days	Whether key 2 has been created for over 30 days	`N/A`: no key 2 `not_supported`: not supported. A message recipient only receives messages and does not have a login password.