Cloud Virtual Desktop
Last updated:2026-01-27 09:48:37
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Cloud Virtual Desktop | cvd | Supported | Supported | Resource level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| ActivateService | ActivateService | Operation level | * | Supported |
| ApplySnapshot | ApplySnapshot | Operation level | * | Supported |
| ApplySnapshots | ApplySnapshots | Operation level | * | Supported |
| AssociateSecurityGroup | AssociateSecurityGroup | Operation level | * | Supported |
| AuthorizeDesktopPool | AuthorizeDesktopPool | Operation level | * | Supported |
| AuthorizeDesktopPoolForMeituan | AuthorizeDesktopPoolForMeituan | Operation level | * | Supported |
| BindInstances | BindInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| CreateCommandTask | CreateCommandTask | Operation level | * | Supported |
| CreateDataDisk | CreateDataDisk | Operation level | * | Supported |
| CreateDesktopPool | CreateDesktopPool | Operation level | * | Supported |
| CreateDomainControlPolicy | CreateDomainControlPolicy | Operation level | * | Supported |
| CreateImage | CreateImage | Operation level | * | Supported |
| CreateInstances | CreateInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/* | Supported |
| CreatePolicy | CreatePolicy | Operation level | * | Supported |
| CreateScreenshotTask | CreateScreenshotTask | Operation level | * | Supported |
| CreateWaterMarkDecodeTask | CreateWaterMarkDecodeTask | Operation level | * | Supported |
| CreateWaterMarkPolicy | CreateWaterMarkPolicy | Operation level | * | Supported |
| DeleteDepartmentIds | DeleteDepartmentIds | Operation level | * | Supported |
| DeleteDesktopPool | DeleteDesktopPool | Operation level | * | Supported |
| DeleteDomainControlPolicy | DeleteDomainControlPolicy | Operation level | * | Supported |
| DeleteImages | DeleteImages | Operation level | * | Supported |
| DeleteScreenshotTask | DeleteScreenshotTask | Operation level | * | Supported |
| DeleteSnapshots | DeleteSnapshots | Operation level | * | Supported |
| DeleteUserIds | DeleteUserIds | Operation level | * | Supported |
| DeleteWaterMarkDecodeTask | DeleteWaterMarkDecodeTask | Operation level | * | Supported |
| DeleteWaterMarkPolicy | DeleteWaterMarkPolicy | Operation level | * | Supported |
| DisassociateSecurityGroup | DisassociateSecurityGroup | Operation level | * | Supported |
| ExitDesktopInPool | ExitDesktopInPool | Operation level | * | Supported |
| ExitDesktopInPoolForMeituan | ExitDesktopInPoolForMeituan | Operation level | * | Supported |
| ImportDepartmentIds | ImportDepartmentIds | Operation level | * | Supported |
| ImportUserIds | ImportUserIds | Operation level | * | Supported |
| ModifyDiskConfiguration | ModifyDiskConfiguration | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyImageAttrs | ModifyImageAttrs | Operation level | * | Supported |
| ModifyInstanceBasicAttribute | ModifyInstanceBasicAttribute | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyInstanceSecurityGroup | ModifyInstanceSecurityGroup | Operation level | * | Supported |
| ModifyInstancesChargeType | ModifyInstancesChargeType | Operation level | * | Supported |
| ModifyInstancesType | ModifyInstancesType | Operation level | * | Supported |
| ModifyWaterMarkPolicy | ModifyWaterMarkPolicy | Operation level | * | Supported |
| OfferRemoteAssistance | OfferRemoteAssistance | Operation level | * | Supported |
| RebootDesktopPool | RebootDesktopPool | Operation level | * | Supported |
| RebootInstances | RebootInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| RemoveDataDisks | RemoveDataDisks | Operation level | * | Supported |
| RemovePolicy | RemovePolicy | Operation level | * | Supported |
| RenewInstances | RenewInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ResetInstances | ResetInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| RevokeAuthorizedDesktopPool | RevokeAuthorizedDesktopPool | Operation level | * | Supported |
| RevokeAuthorizedDesktopPoolForMeituan | RevokeAuthorizedDesktopPoolForMeituan | Operation level | * | Supported |
| RunCommand | RunCommand | Operation level | * | Supported |
| StartDesktopPool | StartDesktopPool | Operation level | * | Supported |
| StartInstances | StartInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| StopCommandTasks | StopCommandTasks | Operation level | * | Supported |
| StopDesktopPool | StopDesktopPool | Operation level | * | Supported |
| StopInstances | StopInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| StopInvocation | StopInvocation | Operation level | * | Supported |
| StopSession | StopSession | Operation level | * | Supported |
| TerminateInstances | TerminateInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| UnbindInstances | UnbindInstances | Operation level | * | Supported |
| UpdateDomainControlPolicy | UpdateDomainControlPolicy | Operation level | * | Supported |
| UpdatePolicy | UpdatePolicy | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CreateCosCredentials | CreateCosCredentials | Operation level | * | Supported |
| DeleteCommandTasks | DeleteCommandTasks | Operation level | * | Supported |
| DescribeAdminConsoleURL | DescribeAdminConsoleURL | Operation level | * | Supported |
| DescribeCommandTasks | DescribeCommandTasks | Operation level | * | Supported |
| DescribeDepartments | DescribeDepartments | Operation level | * | Supported |
| DescribeDesktopPool | DescribeDesktopPool | Operation level | * | Supported |
| DescribeDesktopPoolOverview | DescribeDesktopPoolOverview | Operation level | * | Supported |
| DescribeDesktopsInPool | DescribeDesktopsInPool | Operation level | * | Supported |
| DescribeDomainControlPolicies | DescribeDomainControlPolicies | Operation level | * | Supported |
| DescribeFetchMsg | DescribeFetchMsg | Operation level | * | Supported |
| DescribeImages | DescribeImages | Operation level | * | Supported |
| DescribeInstanceFetchMsg | DescribeInstanceFetchMsg | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeInstanceGraphData | DescribeInstanceGraphData | Operation level | * | Supported |
| DescribeInstanceLoginMsg | DescribeInstanceLoginMsg | Resource level | qcs::cvd:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeInstanceMonitorData | DescribeInstanceMonitorData | Operation level | * | Supported |
| DescribeInstanceRegionDistribution | DescribeInstanceRegionDistribution | Operation level | * | Supported |
| DescribeInstanceTypeConfigs | DescribeInstanceTypeConfigs | Operation level | * | Supported |
| DescribeInstances | DescribeInstances | Resource level | qcs::cvd:${region}:uin/${uin}:instance/* | Supported |
| DescribeInstancesBindStatus | DescribeInstancesBindStatus | Operation level | * | Supported |
| DescribeInstancesStatus | DescribeInstancesStatus | Operation level | * | Supported |
| DescribeInvocationDetail | DescribeInvocationDetail | Operation level | * | Supported |
| DescribeInvocations | DescribeInvocations | Operation level | * | Supported |
| DescribeLoginMsg | DescribeLoginMsg | Operation level | * | Supported |
| DescribeLoginURL | DescribeLoginURL | Operation level | * | Supported |
| DescribeOverview | DescribeOverview | Operation level | * | Supported |
| DescribePolicyDetail | DescribePolicyDetail | Operation level | * | Supported |
| DescribePublicIpForMeituan | DescribePublicIpForMeituan | Operation level | * | Supported |
| DescribeScreenshotTasks | DescribeScreenshotTasks | Operation level | * | Supported |
| DescribeSecurityGroups | DescribeSecurityGroups | Operation level | * | Supported |
| DescribeSessions | DescribeSessions | Operation level | * | Supported |
| DescribeSnapshots | DescribeSnapshots | Operation level | * | Supported |
| DescribeTenantFunctionBlackWhiteList | DescribeTenantFunctionBlackWhiteList | Operation level | * | Supported |
| DescribeUsage | DescribeUsage | Operation level | * | Supported |
| DescribeUserResource | DescribeUserResource | Operation level | * | Supported |
| DescribeUserSessionInPool | DescribeUserSessionInPool | Operation level | * | Supported |
| DescribeUserSessionInPoolForMeituan | DescribeUserSessionInPoolForMeituan | Operation level | * | Supported |
| DescribeUsers | DescribeUsers | Operation level | * | Supported |
| DescribeUsersDetail | DescribeUsersDetail | Operation level | * | Supported |
| DescribeWaterMarkDecodeTask | DescribeWaterMarkDecodeTask | Operation level | * | Supported |
| DescribeWaterMarkPolicies | DescribeWaterMarkPolicies | Operation level | * | Supported |
| QueryADAccounts | QueryADAccounts | Operation level | * | Supported |
| QueryByADAccounts | QueryByADAccounts | Operation level | * | Supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| ModifyInstancesVpc | ModifyInstancesVpc | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback