tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation

    Tencent Cloud Elastic Microservice

    Last updated: 2024-05-02 09:10:04

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Tencent Cloud Elastic Microservice tem Supported Supported Resource level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      CopyLogConfig CopyLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateApplication create application Operation level * not supported
      CreateApplicationAutoscaler CreateApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateApplicationCronHorizontalAutoscaler create cron scale policy Operation level * Supported
      CreateApplicationHorizontalAutoscaler create scale policy Operation level * Supported
      CreateApplicationService CreateApplicationService Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateApplicationServiceMonitor CreateApplicationServiceMonitor Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateConfigData create configuration Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateCosToken generate the Cos temporary secret key Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateEnvironment create environment Operation level * not supported
      CreateGateway CreateGateway Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateLogConfig CreateLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateNamespace create namespace Operation level * Supported
      CreateResource create resource by binding Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateSecretData CreateSecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      CreateService create service Operation level * Supported
      CreateServiceVersion create service version Operation level * Supported
      DeleteApplication delete application Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeleteApplicationAutoscaler delete scale policy Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeleteApplicationDeploymentHistory delete deployment history Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
      DeleteApplicationPackageHistory DeleteApplicationPackageHistory Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeleteApplicationService DeleteApplicationService Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeleteApplicationServiceMonitor DeleteApplicationServiceMonitor Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeleteIngress delete ingress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeleteResource delete resource by unbinding Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeleteService delete service Operation level * Supported
      DeleteServiceVersion delete service version Operation level * Supported
      DeployApplication deploy application Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DeployServiceVersion deploy ervice version Operation level * Supported
      DestroyConfigData destroy configuration Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DestroyEnvironment destroy environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DestroyGateway DestroyGateway Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DestroyLogConfig DestroyLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DestroyMultiLogConfigs DestroyMultiLogConfigs Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DestroyNamespace delete namespace Operation level * Supported
      DestroySecretData DestroySecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DisableApplicationAutoscaler DisableApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      EnableApplicationAutoscaler EnableApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ForwardToApiServer ForwardToApiServer Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      GenerateApplicationPackageDownloadUrl generate download URL Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationAutoscaler ModifyApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationCronHorizontalAutoscaler modify cron scale policy Operation level * Supported
      ModifyApplicationHorizontalAutoscaler modify scale policy Operation level * Supported
      ModifyApplicationInfo modify application info Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationInstance modify instance specification Operation level * Supported
      ModifyApplicationPortMapping modify port mapping Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationPortMappingList ModifyApplicationPortMappingList Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationReplicas modify instance numbers Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationService ModifyApplicationService Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationServiceMonitor ModifyApplicationServiceMonitor Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyApplicationTraits Modify application traits Operation level * not supported
      ModifyCloudBaseGWAPI Turn on or off public network access Operation level * Supported
      ModifyConfigData modify configuration Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyEnvironment modify environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyGatewayIngress ModifyGatewayIngress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyIngress modify ingress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyInstanceSpec modify instance spec Operation level * Supported
      ModifyLogConfig ModifyLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyNamespace modify namespace Operation level * Supported
      ModifyResourceConfig ModifyResourceConfig Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
      ModifySecretData ModifySecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ModifyServiceRouteConf modify service route config Operation level * Supported
      ModifyServiceVersion modify service version spec Operation level * Supported
      ModifyVersionEsConf modify service version elastic config Operation level * Supported
      RestartApplication Restart the application Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      RestartApplicationPod restart instance Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      ResumeDeployApplication resume deployment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      RevertDeployApplication revert deployment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      RollingUpdateApplicationByVersion RollingUpdateApplicationByVersion Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      SpeedUpApplication SpeedUpApplication Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      StartEnvironment start the environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      StopApplication stop application Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      StopEnvironment stop the environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      StopServiceVersion stop service version Operation level * Supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeAlertApplications DescribeAlertApplications Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeAlertEnvironments get user alert environments Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
      DescribeAllEnvironments get all environments list Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationAutoscalerList DescribeApplicationAutoscalerList Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeDeployApplicationHistory describe the history of the deployment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeEnvironments describe environments Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeGatewayList DescribeGatewayList Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeIngresses describe ingresses Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeLogConfigList DescribeLogConfigList Operation level * not supported
      DescribePagedLogConfigList DescribePagedLogConfigList Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeSecretDataList describe the list of the secrets Resource level qcs::tem::uin/${uin}:role/${roleId} Supported

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeApplicationActiveNamespaces describe active environments for the application Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationContainerSpec describe instance specification Operation level * not supported
      DescribeApplicationDemoInfos describe demo infos Operation level * not supported
      DescribeApplicationDeploymentHistory describe deployment history Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationException describe exception Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationExceptionRecords describe list of the abnormal interfaces Operation level * Supported
      DescribeApplicationImageRepo describe image repository Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationImages describe images Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationInfo describe base application info Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationInterfaceRecords describe the list of monitored interfaces Operation level * Supported
      DescribeApplicationInvolvedResources DescribeApplicationInvolvedResources Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationLogs describe logs Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationMonitorData describe monitor data Operation level * not supported
      DescribeApplicationMonitorStatistics describe monitor statistics data Operation level * Supported
      DescribeApplicationPackageHistory describe package history Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationPods describe instances Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationPresetEnv DescribeApplicationPresetEnv Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
      DescribeApplicationServiceList DescribeApplicationServiceList Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationServiceMonitors DescribeApplicationServiceMonitors Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationSpeedUpStatus DescribeApplicationSpeedUpStatus Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
      DescribeApplications describe applications Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeApplicationsStatus describe the status of applications Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeBaseService obtain basic service information Operation level * Supported
      DescribeBaseServiceVersion Obtain basic service version information Operation level * Supported
      DescribeChangeRecordDetail Obtain change record detail Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeChangeRecordTypes describe record types Operation level * not supported
      DescribeChangeRecords Obtain change records Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeCloudBaseRunPodList get the list of running Pods below the service version Operation level * Supported
      DescribeConfigData describe configuration Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeConfigDataList describe configurations Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeCurveData obtaining monitoring data Operation level * Supported
      DescribeDemoInfos get demo info Operation level * Supported
      DescribeDeployApplicationDetail describe deployment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeDestroyLimit get the number of namespace deletes remaining Operation level * Supported
      DescribeEnvStatus get env status Operation level * Supported
      DescribeEnvironment describe environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeEnvironmentStatistics describe statistics data of the environment Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
      DescribeEnvironmentStats query environment stats Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeEnvironmentStatus describe status of the environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeEventLogs DescribeEventLogs Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeEventObjects gets the event object Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeGateway DescribeGateway Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeGatewayIngress DescribeGatewayIngress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeImages query image information Operation level * Supported
      DescribeIngress DescribeIngress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeLogConfig DescribeLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeLogs search logs Operation level * Supported
      DescribeNamespaces gets the list of tenant namespaces Operation level * Supported
      DescribeRegistryResourceEnv describe instance environments for registry Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeRelatedIngresses describe application-related ingresses Operation level * Supported
      DescribeResourceCategories describe resource categories Operation level * Supported
      DescribeResourceInUseApplications DescribeResourceInUseApplications Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeResources describe resources Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeSecretData DescribeSecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeService describe EKS service Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeServiceImageRepoGuide query push guidance of image repository Operation level * Supported
      DescribeServiceList describe EKS services Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
      DescribeServiceVersions get the service version list Operation level * Supported
      DescribeServices gets a list of running services Operation level * Supported
      DescribeTopApplicationUsage list top usage application list Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
      DescribeVersionContainerSpec uery the image specification information Operation level * Supported
      DescribeVersionException query version exception details Operation level * Supported
      DescribeVersionName get service version drop down list Operation level * Supported
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy