tencent cloud

Tencent Container Registry

Release Notes and Announcements
Release Notes
Announcements
User Tutorial
Product Introduction
Overview
TCR Service Levels and Capacity Limits
Strengths
Scenarios
Purchase Guide
Billing Overview
Purchase Methods
Notes on Arrears
Getting Started
Quick Start
TCR Individual Getting Started
Operation Guide
Creating an Enterprise Edition Instance
Access Configuration
Manage Image Repository
Image Distribution
Image Security
Image Cleanup
DevOps
OCI Artifacts Management
Operation Guide for TCR Individual
Terminating/Returning Instances
Use Cases
TCR Personal migration
TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network
Synchronizing Images to TCR Enterprise Edition from External Harbor
TKE Serverless Clusters Pull TCR Container Images
Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud
Nearby Access Through Image Synchronization Between Multiple Global Regions
Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access
API Documentation
History
Introduction
API Category
Making API Requests
Instance Management APIs
Namespace APIs
Access Control APIs
Instance Synchronization APIs
Tag Retention APIs
Trigger APIs
Helm Chart APIs
Image Repository APIs
Custom Account APIs
Data Types
Error Codes
FAQs
TCR Individual Edition
TCR Enterprise Edition
Related Agreement
Service Level Agreement
Contact Us
Glossary
DocumentationTencent Container RegistryRelease Notes and AnnouncementsAnnouncementsTCR API Authentication Upgrade Notice

TCR API Authentication Upgrade Notice

PDF
Focus Mode
Font Size
Last updated: 2025-04-27 09:15:53
To provide more comprehensive authentication features, Tencent Container Registry (TCR) plans to enable some APIs to connect to Cloud Access Management (CAM) on April 25, 2025. If you have sub-accounts that need to access the corresponding APIs, follow the instructions on creating custom policies by policy generator. Otherwise, your sub-accounts will not be able to access the corresponding APIs. Thank you for your trust and support for Tencent Cloud. If you have any questions when using the cloud products, please contact us.

Common Authorization Methods

Method 1: Creating Custom Policies

Implementation Method

Create policies based on the principle of least privilege for different sub-accounts and bind the policies to the sub-accounts.

Applicable Scenario

Permission control is relatively stricter. The operation scope of each sub-account needs to be refined as needed.

Operation Steps

1. On the policy page of the CAM console, click Create Custom Policy in the upper left corner.
2. In the pop-up window, select a creation method by clicking Create by policy syntax, and enter the next page to select a policy template.
3. On the policy template selecting page, enter the keywords to search. For example, select all templates as the template type, enter the keyword a, and select the AdministratorAccess template.
4. Click Next to enter the policy editing page.
5. On the policy editing page, click Complete to finish creating a custom policy by policy syntax after you confirm the policy name and policy content. The default policy name and policy content are automatically generated by the console. The default policy name is policygen, and the numerical suffix is generated based on the creation date.
6. On the policy page of the CAM console, find the created policy and click Associate User/Group/Role in the Action column.
7. In the Associate User/User Group/Role pop-up window, select the user/user group/role to be associated and click OK to complete association of the user and the policy.
Note:
If the APIs are DeleteImage, DeleteNamespace, DescribeImages, DescribeTagRetentionExecutionTask, ForwardRequest, use the corresponding "API Names at CAM Side for Authentication Configuration" to add permissions.
For example, if the API is DescribeImages, you need to use the DescribeRepositories API to add permission.

Method 2: Binding to the Preset Policy

Implementation Method

Bind the sub-accounts to the QcloudTCRFullAccess preset policy that contains ALL API operation permissions of TCR.

Applicable Scenario

Business personnel have the basic operation permissions of all function modules.

Operation Steps

1. On the policy page of the CAM console, select the policy type TCR, locate "QcloudTCRFullAccess", and click Associate User/Group/Role in the Operation column.
2. In the Associate Users/User Groups/Roles window, select the user, user group, or role you want to associate and click Confirm to complete the association.

List of APIs Added for Authentication

API Name
API Description
API Names at CAM Side for Authentication Configuration
AuthorizeUserImageBuildConfig
Adds coding authentication on the Enterprise Edition.
-
CreateApplicationTokenPersonal
Creates access credential for third-party application on the Personal Edition.
-
CreateNamespace
Creates a namespace on the Enterprise Edition.
-
CreateRepository
Creates an image repository on the Enterprise Edition.
-
DeleteImage
Deletes a specified image on the Enterprise Edition.
DeleteRepository
DeleteNamespace
Deletes a namespace on the Enterprise Edition.
DeleteRepository
DeleteRepositoryTags
Deletes Repository Tags in batches on the Enterprise Edition.
-
DescribeImageConfigPersonal
Queries image version configuration information on the Personal Edition.
-
DescribeImageFilterPersonal
Queries the list of tags on the Personal Edition that have the content same with a specified tag.
-
DescribeImageLifecycleGlobalPersonal
Obtains the auto-cleanup policy of the global image versions on the Personal Edition.
-
DescribeImagePersonal
Obtains the image repository tag list on the Personal Edition.
-
DescribeImages
Queries the container image information on the Enterprise Edition.
DescribeRepositories
DescribeInstanceAllNamespaces
Queries the namespaces of all instances on the Enterprise Edition.
-
DescribeNamespacePersonal
Queries the namespace information on the Personal Edition.
-
DescribeNamespaces
Queries the namespace information on the Enterprise Edition.
-
DescribeRegions
Lists the AZs of instances on the Enterprise Edition.
-
DescribeRepositories
Queries the image repository information on the Enterprise Edition.
-
DescribeRepositoryAllPersonal
Queries all accessible image repositories on the Personal Edition.
-
DescribeRepositoryFilterPersonal
Obtains the image repositories that satisfy the entered search condition on the Personal Edition.
-
DescribeRepositoryOwnerPersonal
Queries all repositories on the Personal Edition.
-
DescribeRepositoryPersonal
Queries the repository information on the Personal Edition.
-
DescribeTagRetentionExecutionTask
Queries the version retention execution tasks on the Enterprise Edition.
DescribeTagRetentionRules
DescribeUserQuotaPersonal
Queries the user quotas on the Personal Edition.
-
ForwardRequest
TCR proxy forwarding API.
DescribeInstances
ListChartRelease
Queries Chart version list on the Enterprise Edition.
-
ManageInternalEndpoint
Manages instance's VPC connections on the Enterprise Edition.
-
UploadHelmChart
Uploads Helm Chart on the Enterprise Edition.
-
ValidateNamespaceExistPersonal
Verifies the existence of namespaces on the Personal Edition.
-
ValidateUserPersonal
Verifies the existence of users on the Personal Edition.
-
Previous Topic: Announcement on Merging the Entries of TCR Enterprise and TCR IndividualNext Topic: User Tutorial

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback