tencent cloud

Cloud Access Management

Product Introduction
CAM Overview
Features
Scenarios
Basic Concepts
Use Limits
User Types
Purchase Guide
Getting Started
Creating Admin User
Creating and Authorizing Sub-account
Logging In to Console with Sub-account
User Guide
Overview
Users
Access Key
User Groups
Role
Identity Provider
Policies
Permissions Boundary
Troubleshooting
Downloading Security Analysis Report
CAM-Enabled Role
Overview
Compute
Container
Microservice
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Database SaaS Service
Networking
CDN and Acceleration
Network Security
Data Security
Application Security
Domains & Websites
Big Data
Middleware
Interactive Video Services
Real-Time Interaction
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
CAM-Enabled API
Overview
Compute
Edge Computing
Container
Distributed cloud
Microservice
Serverless
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Networking
CDN and Acceleration
Network Security
Endpoint Security
Data Security
Business Security
Application Security
Domains & Websites
Office Collaboration
Big Data
Voice Technology
Image Creation
Tencent Big Model
AI Platform Service
Natural Language Processing
Optical Character Recognition
Middleware
Communication
Interactive Video Services
Real-Time Interaction
Stream Services
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Education Sevices
Medical Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
Use Cases
Security Practical Tutorial
Multi-Identity Personnel Permission Management
Authorizing Certain Operations by Tag
Supporting Isolated Resource Access for Employees
Enterprise Multi-Account Permissions Management
Reviewing Employee Operation Records on Tencent Cloud
Implementing Attribute-Based Access Control for Employee Resource Permissions Management
During tag-based authentication, only tag key matching is supported
Business Use Cases
TencentDB for MySQL
CLB
CMQ
COS
CVM
VPC
VOD
Others
API Documentation
History
Introduction
API Category
Making API Requests
User APIs
Policy APIs
Role APIs
Identity Provider APIs
Data Types
Error Codes
FAQs
Role
Key
Others
CAM Users and Permissions
Glossary
DocumentationCloud Access ManagementCAM-Enabled APIManagement and Audit ToolsCloud Access Management

Cloud Access Management

PDF
Focus Mode
Font Size
Last updated: 2026-03-30 09:06:46

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
Cloud Access Management cam Supported not supported Operation level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Other Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AcceptOrganizationInvitationTest Test Operation level * not supported
BuildDataFlowAuthToken BuildDataFlowAuthToken Resource level qcs::cam:${ResourceRegion}:uin/:resourceUser/${ResourceId}/${ResourceAccount} Supported
GenerateOIDCAccessToken Generate access token Operation level * Supported
UpdateCICUserSAMLConfig Update CIC SAML Identity Provider Operation level * Supported

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AddCollaborator AddCollaborator Operation level * Supported
AddQywxSubAccount add enterprise WeChat sub users Operation level * Supported
AddSubAccount Console Create Message Recipient Operation level * Supported
AddSubAccountCheckingMFA create sub account Resource level qcs::cam::uin/${uin}:uin/${subUin} Supported
AddSubAccountsToGroup Add user to group Operation level * Supported
AddUser addUser Operation level * Supported
AddUserToGroup User joins user group Operation level * Supported
AttachGroupPolicies Attach policies to group Operation level * Supported
AttachGroupPolicy Attach group policy Operation level * Supported
AttachGroupsPolicy Attach policy to groups Operation level * Supported
AttachRolePolicies Attach policies to role Resource level qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:policy/${PolicyId}		 not supported
AttachRolePolicy Attach policy to role Resource level qcs::cam::uin/${uin}:role/${AttachRoleId}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
AttachRolesPolicy Attach policy to roles Resource level qcs::cam::uin/${uin}:policy/${PolicyId}
qcs::cam::uin/${uin}:role/${RoleId}		 Supported
AttachUserPolicies Attach policies to user Operation level * Supported
AttachUserPolicy Attach policy to user. Operation level * Supported
AttachUsersPolicy Attach policy to users Operation level * Supported
BanSensitiveOperation ban sensitive operations for risky uin Operation level * Supported
BatchOperateCamStrategy Batch attach-dettach cam policy Resource level qcs::cam::uin/:uin/${RelateUin}
qcs::cam::uin/${uin}:policy/${StrategyId}		 Supported
BindToken Operation level * Supported
BindTokenPasskey BindTokenPasskey Operation level * Supported
BindWechatUserId bind enterprise WeChat users Operation level * Supported
CreateAccessKey create access key Resource level qcs::cam::uin/${uin}:uin/${uin} Supported
CreateApiKey CreateApiKey Resource level qcs::cam::uin/:uin/${ApiUin} Supported
CreateAssistApprover CreateAssistApprover Operation level * Supported
CreateCICUserSAMLConfig Create CIC User SAML Identity Provider Operation level * Supported
CreateCollApiKey CreateCollApiKey Operation level * Supported
CreateGroup Operation level * Supported
CreateMessageReceiver Create message receiver Operation level * Supported
CreateOIDCConfig CreateOIDCConfig Operation level * Supported
CreateOIDCIdentityProviderApp Create an OIDC identity provider application Operation level * Supported
CreatePolicy Create CAM policy Resource level qcs::cam::uin/:policyName/${PolicyName} Supported
CreatePolicyVersion Create new policy version Resource level qcs::cam::uin/:policy/${PolicyId} Supported
CreateProjectKey CreateProjectKey Resource level qcs::cam::uin/:uin/${uin} Supported
CreateRole Create Role Operation level * Supported
CreateRoleByConsole Console creation role Operation level * Supported
CreateSAMLProvider Operation level * Supported
CreateServiceLinkedRole Create service linked role Operation level * Supported
CreateSimulationPolicy Create Simulation Policy Data Operation level * Supported
CreateSubAccountBindPolicy Operation level * Supported
CreateSubAccountLoginIpPolicy Operation level * Supported
CreateSubAccounts Create WeComUser Operation level * Supported
CreateSubUserInviteQRCode create sub account invitation QR code Operation level * Supported
CreateUserOIDCConfig CreateUserOIDCConfig Operation level * Supported
CreateUserSAMLConfig Create user SAML configuration Operation level * Supported
DeleteAccessKey delete access key Resource level qcs::cam::uin/${uin}:uin/${uin} Supported
DeleteApiKey DeleteApiKey Resource level qcs::cam::uin/:uin/${ApiUin} Supported
DeleteCollApiKey DeleteCollApiKey Operation level * Supported
DeleteEntitiesPermissionsBoundary DeleteEntitiesPermissionsBoundary Operation level * Supported
DeleteGroup Resource level qcs::cam::uin/:groupid/${GroupId} Supported
DeleteMessageReceiver Delete message recipient Operation level * Supported
DeleteOIDCConfig DeleteOIDCConfig Operation level * Supported
DeleteOIDCIdentityProviderApp Deleting an OIDC identity provider application Operation level * Supported
DeletePolicy Delete CAM policy Resource level qcs::cam::uin/:policy/${PolicyId} Supported
DeletePolicyVersion Resource level qcs::cam::uin/:policy/${PolicyId} Supported
DeleteProjectKey DeleteProjectKey Resource level qcs::cam::uin/:uin/${uin} Supported
DeleteQywxSubAccount delete enterprise WeChat sub users Resource level qcs::cam::uin/:uin/${SubUserUin} Supported
DeleteRole Delete role. Resource level qcs::cam::uin/${uin}:roleName/${RoleName}
qcs::cam::uin/${uin}:role/{$RoleId}		 Supported
DeleteRolePermissionsBoundary DeleteRolePermissionsBoundary Operation level * Supported
DeleteSAMLProvider Operation level * Supported
DeleteServiceLinkedRole Delete service linked role Resource level qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/{$RoleId}		 Supported
DeleteSubAccount delete sub account Operation level * Supported
DeleteUser delete sub user Operation level * Supported
DeleteUserPasskey DeleteUserPasskey Operation level * Supported
DeleteUserPermissionsBoundary DeleteUserPermissionsBoundary Operation level * Supported
DetachGroupPolicies Detach group policies Resource level qcs::cam::uin/:groupid/${GroupId}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
DetachGroupPolicy Detach group policy Resource level qcs::cam::uin/:groupid/${DetachGroupId}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
DetachGroupsPolicy Detach groups policy Resource level qcs::cam::uin/:groupid/${GroupId}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
DetachRolePolicies DetachRolePolicies Resource level qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
DetachRolePolicy DetachRolePolicy Resource level qcs::cam::uin/${uin}:policy/${PolicyId}
qcs::cam::uin/${uin}:role/${DetachRoleId}		 Supported
DetachRolesPolicy DetachRolesPolicy Resource level qcs::cam::uin/${uin}:policy/${PolicyId}
qcs::cam::uin/${uin}:role/${RoleId}		 Supported
DetachUserPolicies Detach user policies Resource level qcs::cam::uin/:uin/${TargetUin}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
DetachUserPolicy Detach user policy Resource level qcs::cam::uin/:uin/${DetachUin}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
DetachUsersPolicy Detach users policy Resource level qcs::cam::uin/:uin/${TargetUin}
qcs::cam::uin/${uin}:policy/${PolicyId}		 Supported
DisableUserSSO DisableUserSSO Operation level * Supported
EnableApiKey EnableApiKey Resource level qcs::cam::uin/:uin/${ApiUin} Supported
EnableCollApiKey EnableCollApiKey Operation level * Supported
EnableProjectKey EnableProjectKey Resource level qcs::cam::uin/:uin/${uin} Supported
GenerateSafetyAnalysisReport - Operation level * Supported
LogoutRoleSessions Log out of role Operation level * Supported
ModifyMessageReceiver modify message receiver Operation level * Supported
ModifyPasskeyName ModifyPasskeyName Operation level * Supported
ModifySubContactEmailWithVerifyCode sub-account modification contact email Operation level * Supported
ModifySubContactPhoneWithVerifyCode sub-user modify contact phone Operation level * Supported
ModifyUserContactInfo ModifyUserContactInfo Operation level * Supported
PassRole Pass role for assume role. Resource level qcs::cam::uin/${uin}:roleName/${RoleName}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId}
qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName}		 Supported
PutEntitiesPermissionsBoundary PutEntitiesPermissionsBoundary Operation level * Supported
PutRolePermissionsBoundary PutRolePermissionsBoundary Operation level * Supported
PutUserPermissionsBoundary PutUserPermissionsBoundary Operation level * Supported
RemoveUserFromGroup Remove users from the user group Operation level * Supported
SetAccountAlias Set main account alias Operation level * Supported
SetDefaultPolicyVersion Resource level qcs::cam::uin/:policy/${PolicyId} Supported
SetFlag set the user\\\'s login protection and sensitive operation verification method Resource level qcs::cam::uin/:uin/${OpUin} Supported
SetLoginSessionDuration - Operation level * Supported
SetMaxIdleDaysForUsers Set the maximum idle time for users Operation level * Supported
SetMfaFlag set the user\\\\\\\'s login protection and sensitive operation verification method Resource level qcs::cam::uin/:uin/${OpUin} Supported
SetRoleHighRiskOperationLimit Set high-risk operation restrictions for roles Operation level * Supported
SetSafeAuthFlag Resource level qcs::cam::uin/:uin/${OpUin} Supported
SetSubAccountDefaultMFASettingV2 set mfa setting v2 Operation level * Supported
SetSubAccountSessionLifetime - Operation level * Supported
SetUserHighRiskOperationLimit Set high-risk operation restrictions for users Operation level * Supported
SyncAuthInfo - Operation level * Supported
TagPolicy Tag policy. Resource level qcs::cam::uin/${uin}:policy/{$policyId} Supported
TagRole Tag role. Resource level qcs::cam::uin/${uin}:role/${roleId} Supported
UnbanSensitiveOperation unban sensitive operations for risky uin Operation level * Supported
UnbindContactInfo Unbind contact information Resource level qcs::cam::uin/${uin}:uin/${uin}
qcs::cam::uin/${uin}:userName/${userName}		 Supported
UnbindStoken unbind soft token Operation level * Supported
UnbindSubAccount Unbind sub-user login method Resource level qcs::cam::uin/:uin/${SubUin} Supported
UnbindSubAccountStoken - Operation level * Supported
UnbindSubAccountToken - Operation level * Supported
UnbindSubAccountU2FToken unbind subaccount U2F Token Operation level * Supported
UnbindToken Resource level qcs::cam::uin/:uin/${OpUin} Supported
UnbindU2FToken unbind account U2F Token Operation level * Supported
UntagPolicy Untag policy. Resource level qcs::cam::uin/${uin}:policy/{$policyId} Supported
UntagRole Untag role. Resource level qcs::cam::uin/${uin}:roleName/${RoleName}role/${RoleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId}
qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName}		 Supported
UpdateAccessKey update access key Resource level qcs::cam::uin/${uin}:uin/${uin} Supported
UpdateAccessKeyAttribue UpdateAccessKeyAttribue Resource level qcs::cam::uin/${uin}:uin/${uin} not supported
UpdateAccessKeyAttribute UpdateAccessKeyAttribute Resource level qcs::cam::uin/${uin}:uin/${uin} Supported
UpdateAssumeRolePolicy Update assume role policy. Resource level qcs::cam::uin/${uin}:roleName/${roleName}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${roleId}
qcs::cam::uin/${uin}:role/${roleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${roleName}		 Supported
UpdateCollPassword - Operation level * Supported
UpdateGroup UpdateGroup Resource level qcs::cam::uin/:groupid/${GroupId} Supported
UpdateOIDCConfig UpdateOIDCConfig Operation level * Supported
UpdateOIDCIdentityProviderApp Update the OIDC identity provider application Operation level * Supported
UpdatePasswordRules Operation level * Supported
UpdatePolicy Update Policy Operation level * Supported
UpdateRoleConsoleLogin Update role console login Resource level qcs::cam::uin/${uin}:roleName/${RoleName}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId}
qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName}		 Supported
UpdateRoleDescription Update role description. Resource level qcs::cam::uin/${uin}:roleName/${RoleName}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId}
qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName}		 Supported
UpdateRoleSessionDuration UpdateRoleSessionDuration Operation level * Supported
UpdateSAMLProvider Update SAML Provider Info Operation level * Supported
UpdateSubAccount update sub account Operation level * Supported
UpdateSubAccountAttr - Operation level * Supported
UpdateUser update user Operation level * Supported
UpdateUserOIDCConfig UpdateUserOIDCConfig Operation level * Supported
UpdateUserSAMLConfig Modify user SAML configuration Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckGroupNameIsValid check whether the user group name is legal Operation level * Supported
CheckSubAccountName Operation level * Supported
CheckUserPolicyAttachment Operation level * Supported
ConsumeCustomMFAToken Operation level * Supported
DescribeAccountAlias Get the main account alias settings Operation level * Supported
DescribeAssistApprover Operation level * Supported
DescribeBanRecord Query ban record Operation level * Supported
DescribeCICUserSAMLConfig DescribeCICUserSAMLConfig Operation level * Supported
DescribeCamStrategyDetail DescribeCamStrategyDetail Resource level qcs::cam::uin/:policy/${StrategyId} Supported
DescribeContactInfoModifyStatus - Operation level * Supported
DescribeMFADeviceColl Query MFA devices Resource level qcs::cam::uin/:uin/${SubUin} Supported
DescribeMaxIdleDaysForUsers Query the maximum idle time of the user Operation level * Supported
DescribeMessageReceiverList Message recipient list Operation level * not supported
DescribeMfaStatus query mfa status Operation level * Supported
DescribeOIDCConfig DescribeOIDCConfig Operation level * Supported
DescribeOIDCIdentityProviderApp Query OIDC identity provider application Operation level * Supported
DescribeOIDCJWKs Query the OIDC identity provider public key Operation level * Supported
DescribePermProject - Operation level * Supported
DescribeRoleHighRiskOperationLimit Get high-risk operation restriction settings for the role Operation level * Supported
DescribeRoleList DescribeRoleList Operation level * Supported
DescribeSafeAuthFlagColl DescribeSafeAuthFlagColl Resource level qcs::cam::uin/:uin/${SubUin} Supported
DescribeSafeAuthInfo DescribeSafeAuthInfo Operation level * Supported
DescribeSecretProjectId - Operation level * Supported
DescribeSensitiveInfoHashValue - Operation level * Supported
DescribeServiceLinkedRole Describe service linked role Operation level * Supported
DescribeSubAccountBindPolicy Operation level * Supported
DescribeSubAccountContacts DescribeSubAccountContacts Operation level * Supported
DescribeSubAccountDefaultMFASetting get MFA default settings of sub account Operation level * Supported
DescribeSubAccountLoginIpPolicy Operation level * Supported
DescribeSubAccountSessionSettings - Operation level * Supported
DescribeSubAccounts Describe SubAccounts Operation level * Supported
DescribeSubLoginUinList - Operation level * Supported
DescribeSubUsers Sub account details Operation level * not supported
DescribeUserAnalysisReport DescribeUserAnalysisReport Operation level * Supported
DescribeUserAnalysisReportCheck - Operation level * Supported
DescribeUserHighRiskOperationLimit Obtain high-risk operation restriction settings for users Operation level * Supported
DescribeUserOIDCConfig DescribeUserOIDCConfig Operation level * Supported
DescribeUserSAMLConfig Query user SAML configuration Operation level * Supported
DescribeUserWeChatInfo - Operation level * Supported
DescribeUsersPasswordAge Duration of sub-account password usage Operation level * Supported
DescribeWechatUnionId - Operation level * Supported
DisableApiKey DisableApiKey Resource level qcs::cam::uin/:uin/${ApiUin} Supported
DisableCollApiKey Operation level * Supported
DisableProjectKey DisableProjectKey Resource level qcs::cam::uin/:uin/${uin} Supported
GetAccountSummary Operation level * Supported
GetAllSubUser Operation level * Supported
GetApiKey GetApiKey Resource level qcs::cam::uin/:uin/${ApiUin} Supported
GetCustomMFATokenInfo Operation level * Supported
GetCustomMfaCallback - Operation level * Supported
GetGroup Resource level qcs::cam::uin/:groupid/${GroupId} Supported
GetMFADevice Query user\\\'s MFA device Operation level * Supported
GetMFADeviceColl - Resource level qcs::cam::uin/:uin/${SubUin} Supported
GetMfaStatusBySubUins Query the MFA status through the UIN of sub accounts Operation level * Supported
GetPasswordRules Operation level * Supported
GetPolicy Get Policy Detail Resource level qcs::cam::uin/:policy/${PolicyId} Supported
GetPolicyVersion Get policy version Resource level qcs::cam::uin/:policy/${PolicyId} Supported
GetReceiverInfo Operation level * Supported
GetRole Get Role Detail Resource level qcs::cam::uin/${uin}:roleName/${RoleName}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId}
qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName}		 Supported
GetRolePermissionBoundary GetRolePermissionBoundary Operation level * Supported
GetSAMLProvider Operation level * Supported
GetSafeAuthFlag Operation level * Supported
GetSafeAuthFlagColl - Resource level qcs::cam::uin/:uin/${SubUin} Supported
GetSafeAuthInfo Get an overview of security settings information Operation level * not supported
GetSecurityLastUsed GetSecurityLastUsed Operation level * Supported
GetServiceLinkedRoleDeletionStatus Get service linked role deletion status Operation level * Supported
GetStrategyNoticeFrequency Frequency of getting policy change notifications Operation level * Supported
GetSubAccountBindInfo Resource level qcs::cam::uin/:uin/${SubUin} Supported
GetUidByUin Operation level * Supported
GetUinInfoForPasskeyBind GetUinInfoForPasskeyBind Operation level * Supported
GetUser Get user info Operation level * Supported
GetUserAppId Get User AppId Operation level * not supported
GetUserPermissionBoundary GetUserPermissionBoundary Operation level * Supported
ListAccessKeys list access keys Resource level qcs::cam::uin/${uin}:uin/${uin} Supported
ListAllGroupsPolicies Operation level * Supported
ListAttachedGroupPolicies Resource level qcs::cam::uin/:groupid/${TargetGroupId} Supported
ListAttachedRolePolicies Lists all managed policies that are attached to the specified role Operation level * Supported
ListAttachedUserAllPolicies Operation level * Supported
ListAttachedUserPolicies Resource level qcs::cam::uin/:uin/${TargetUin} Supported
ListCollaborators List Collaborators Operation level * Supported
ListConsoleSubUsers Query sub-account information list Operation level * Supported
ListEntitiesForPolicy Resource level qcs::cam::uin/:policy/${PolicyId} Supported
ListGroups Operation level * Supported
ListGroupsForConsole List Groups For Console Operation level * Supported
ListGroupsForUser List the user groups associated with the user Operation level * Supported
ListGroupsPolicies Operation level * Supported
ListHighRiskActions Query the list of high-risk operations Operation level * Supported
ListIdentityProvider Operation level * Supported
ListLoginRoles Get subaccount user\'s role list for login. Operation level * Supported
ListMaskedSubAccounts - Operation level * Supported
ListMaskedUsers Pull the list of coding sub users Operation level * Supported
ListMenuBusiness ListMenuBusiness Operation level * not supported
ListOIDCIdentityProviderApps Query the OIDC identity provider application list Operation level * Supported
ListPolicies Operation level * Supported
ListPolicyTags query policy tags Resource level qcs::cam::uin/:policy/${PolicyId} not supported
ListPolicyVersions Resource level qcs::cam::uin/:policy/${PolicyId} Supported
ListReceiver get the message receiver list Operation level * Supported
ListRoleTags List role tags. Resource level qcs::cam::uin/${uin}:roleName/${RoleName}
qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId}
qcs::cam::uin/${uin}:role/${RoleId}
qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName}		 Supported
ListSAMLProviders Operation level * Supported
ListSimulationAuth ListSimulationAuth Operation level * Supported
ListSubAccounts Operation level * Supported
ListSubUsers Sub Account List Operation level * Supported
ListUserTags List user tags Resource level qcs::cam::uin/${uin}:userName/${userName} Supported
ListUsers Operation level * Supported
ListUsersForGroup List Users For Group Resource level qcs::cam::uin/:groupid/${GroupId} Supported
ListUsersForPolicy Operation level * Supported
ListWeChatWorkSubAccounts - Operation level * Supported
LookupRecentlyLogin Operation level * Supported
QueryApiKey QueryApiKey Resource level qcs::cam::uin/:uin/${TargetUin} Supported
QueryApiKeyRecord Query key access records Operation level * Supported
QueryCollApiKey QueryCollApiKey Operation level * Supported
QueryKeyBySecretId - Operation level * Supported
QueryProjectKeyList QueryProjectKeyList Resource level qcs::cam::uin/:uin/${uin} Supported
SignOutAllSubAccounts All sub-accounts logged in offline Operation level * Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeAttachedEntityPolicies List users, groups, and roles that a specified managed policy is attached to. Operation level * Supported
DescribeOrganizationSubAccountPolicies Describe Organization SubAccount Policies List Operation level * Supported
GetAllMaskedSubUser - Operation level * Supported
ListAccessKeysByOwnerUin ListAccessKeysByOwnerUin Operation level * not supported
ListEntitiesForPermissionsBoundary ListEntitiesForPermissionsBoundary Operation level * Supported
ListPoliciesForPermissionsBoundary ListPoliciesForPermissionsBoundary Operation level * Supported
ListPoliciesGrantingServiceAccess List policies granting service access. Operation level * Supported
ListRoleHighRiskOperationLimits Get the list of high-risk operation restriction settings for the role Operation level * Supported
ListUserHighRiskOperationLimits Obtain a list of high-risk operation restriction settings for users Operation level * Supported
QueryUserPasskeyList QueryUserPasskeyList Operation level * Supported
Previous Topic: Tencent Smart Advisor-Chaotic Fault GeneratorNext Topic: CloudAudit

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback