tencent cloud

PrevNext

フィードバック

キーワードで検索してください

Recent Pages

ドキュメント
Cloud Access Management
    ドキュメント

    Tencent Cloud Organization

    最終更新日:2024-05-02 09:08:07

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Tencent Cloud Organization organization Supported not supported Operation level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      AcceptMemberChangePermission AcceptMemberChangePermission Operation level * Supported
      AcceptOrganizationInvitation Accept Organization Invitation Operation level * Supported
      AddOrganizationMemberEmail AddOrganizationMemberEmail Operation level * Supported
      AddOrganizationNode Add Organization Node Operation level * Supported
      AddOrganizationNodeTags AddOrganizationNodeTags Operation level * Supported
      AddShareUnit AddShareUnit Operation level * Supported
      AddShareUnitMembers AddShareUnitMembers Operation level * Supported
      AddShareUnitResources AddShareUnitResources Operation level * Supported
      AttachPolicy Attach policy. Operation level * Supported
      BindOrganizationMemberAuthAccount BindOrganizationMemberAuthAccount Operation level * Supported
      BindOrganizationPolicyGroup BindOrganizationPolicyGroup Operation level * Supported
      BindOrganizationPolicySubAccount BindOrganizationPolicySubAccount Operation level * Supported
      CancelMemberChangePermission CancelMemberChangePermission Operation level * Supported
      CancelOrganizationInvitation Cancel Organization Invitation Operation level * Supported
      CancelOrganizationMemberAuthAccount CancelOrganizationMemberAuthAccount Operation level * Supported
      CancelOrganizationPolicyGroup CancelOrganizationPolicyGroup Operation level * Supported
      CreateMemberOperateProcess CreateMemberOperateProcess Operation level * Supported
      CreateOrgMemberProductServiceRole CreateOrgMemberProductServiceRole Operation level * Supported
      CreateOrgServiceAssign CreateOrgServiceAssign Operation level * Supported
      CreateOrganization CreateOrganization Operation level * Supported
      CreateOrganizationAuthRelationApply CreateOrganizationAuthRelationApply Operation level * Supported
      CreateOrganizationIdentity CreateOrganizationIdentity Operation level * Supported
      CreateOrganizationMember CreateOrganizationMember Operation level * Supported
      CreateOrganizationMemberAuthIdentity CreateOrganizationMemberAuthIdentity Operation level * Supported
      CreateOrganizationMemberPolicy CreateOrganizationMemberPolicy Operation level * Supported
      CreateOrganizationMembersPolicy CreateOrganizationMembersPolicy Operation level * Supported
      CreatePolicy Create policy. Operation level * Supported
      DeleteAccount DeleteAccount Operation level * Supported
      DeleteMemberOperateProcess DeleteMemberOperateProcess Operation level * Supported
      DeleteOrgServiceAssign DeleteOrgServiceAssign Operation level * Supported
      DeleteOrganization DeleteOrganization Operation level * Supported
      DeleteOrganizationAuthRelation DeleteOrganizationAuthRelation Operation level * Supported
      DeleteOrganizationIdentity DeleteOrganizationIdentity Operation level * Supported
      DeleteOrganizationMemberAuthIdentity DeleteOrganizationMemberAuthIdentity Operation level * Supported
      DeleteOrganizationMemberFromNode DeleteOrganizationMemberFromNode Operation level * Supported
      DeleteOrganizationMembers DeleteOrganizationMembers Operation level * Supported
      DeleteOrganizationMembersPolicy DeleteOrganizationMembersPolicy Operation level * Supported
      DeleteOrganizationNodeMembers DeleteOrganizationNodeMembers Operation level * Supported
      DeleteOrganizationNodeTags DeleteOrganizationNodeTags Operation level * Supported
      DeleteOrganizationNodes DeleteOrganizationNodes Operation level * Supported
      DeletePolicy Delete policy. Operation level * Supported
      DeleteShareUnit DeleteShareUnit Operation level * Supported
      DeleteShareUnitMembers DeleteShareUnitMembers Operation level * Supported
      DeleteShareUnitResources DeleteShareUnitResources Operation level * Supported
      DenyMemberChangePermission DenyMemberChangePermission Operation level * Supported
      DenyOrganizationCreateRecord DenyOrganizationCreateRecord Operation level * Supported
      DenyOrganizationInvitation DenyOrganizationInvitation Operation level * Supported
      DetachPolicy Detach policy. Operation level * Supported
      DisablePolicyType Disable policy type. Operation level * Supported
      EnablePolicyType Enable policy type. Operation level * Supported
      InviteOrganizationMember InviteOrganizationMember Operation level * Supported
      MoveOrganizationMembersToNode MoveOrganizationMembersToNode Operation level * Supported
      MoveOrganizationNode MoveOrganizationNode Operation level * Supported
      MoveOrganizationNodeMembers MoveOrganizationNodeMembers Operation level * Supported
      QuitOrganization QuitOrganization Operation level * Supported
      SendOrgMemberAccountBindEmail SendOrgMemberAccountBindEmail Operation level * Supported
      SendOrganizationInvitation SendOrganizationInvitation Operation level * Supported
      SetMemberDeletionPermission SetMemberDeletionPermission Operation level * Supported
      SetOrganizationAuthRelationManage SetOrganizationAuthRelationManage Operation level * Supported
      UpdateMemberOperateProcess UpdateMemberOperateProcess Operation level * Supported
      UpdateMemberOperateProcessStatus UpdateMemberOperateProcessStatus Operation level * Supported
      UpdateOrganizationIdentity UpdateOrganizationIdentity Operation level * Supported
      UpdateOrganizationMember UpdateOrganizationMember Operation level * Supported
      UpdateOrganizationMemberEmailBind UpdateOrganizationMemberEmailBind Operation level * Supported
      UpdateOrganizationMembersPolicy UpdateOrganizationMembersPolicy Operation level * Supported
      UpdateOrganizationNode UpdateOrganizationNode Operation level * Supported
      UpdateOrganizationNodeTag UpdateOrganizationNodeTag Operation level * Supported
      UpdatePolicy Update policy. Operation level * Supported
      UpdateShareUnit UpdateShareUnit Operation level * Supported

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      CheckAccountDelete CheckAccountDelete Operation level * Supported
      DescribeEventByProduct DescribeEventByProduct Operation level * Supported
      DescribeManagerShareMembers DescribeManagerShareMembers Operation level * Supported
      DescribeManagerShareResources DescribeManagerShareResources Operation level * Supported
      DescribeMemberChangePermissionRecords DescribeMemberChangePermissionRecords Operation level * Supported
      DescribeMemberDeletionPermission DescribeMemberDeletionPermission Operation level * Supported
      DescribeOrganization DescribeOrganization Operation level * Supported
      DescribeOrganizationAuthNode DescribeOrganizationAuthNode Operation level * Supported
      DescribeOrganizationAuthPolicies DescribeOrganizationAuthPolicies Operation level * Supported
      DescribeOrganizationAuthRelationApplies DescribeOrganizationAuthRelationApplies Operation level * Supported
      DescribeOrganizationAuthRelations DescribeOrganizationAuthRelations Operation level * Supported
      DescribeOrganizationBeInviteRecord DescribeOrganizationBeInviteRecord Operation level * Supported
      DescribeOrganizationCollPolicies get Organization Control Policies Operation level * Supported
      DescribeOrganizationCreateRecord DescribeOrganizationCreateRecord Operation level * Supported
      DescribeOrganizationFinancialByMember DescribeOrganizationFinancialByMember Operation level * Supported
      DescribeOrganizationFinancialByMonth DescribeOrganizationFinancialByMonth Operation level * Supported
      DescribeOrganizationFinancialByProduct DescribeOrganizationFinancialByProduct Operation level * Supported
      DescribeOrganizationFinancialMemberNum DescribeOrganizationFinancialMemberNum Operation level * Supported
      DescribeOrganizationIdentity DescribeOrganizationIdentity Operation level * Supported
      DescribeOrganizationInviteRecord DescribeOrganizationInviteRecord Operation level * Supported
      DescribeOrganizationMember DescribeOrganizationMember Operation level * Supported
      DescribeOrganizationMemberAuthAccounts DescribeOrganizationMemberAuthAccounts Operation level * Supported
      DescribeOrganizationMemberAuthIdentities DescribeOrganizationMemberAuthIdentities Operation level * Supported
      DescribeOrganizationMemberEmailBind DescribeOrganizationMemberEmailBind Operation level * Supported
      DescribeOrganizationMemberNodes DescribeOrganizationMemberNodes Operation level * Supported
      DescribeOrganizationMemberPolicies DescribeOrganizationMemberPolicies Operation level * Supported
      DescribeOrganizationMembers DescribeOrganizationMembers Operation level * Supported
      DescribeOrganizationMembersCanAuthIdentities DescribeOrganizationMembersCanAuthIdentities Operation level * Supported
      DescribeOrganizationNode DescribeOrganizationNode Operation level * Supported
      DescribeOrganizationNodeByName DescribeOrganizationNodeByName Operation level * Supported
      DescribeOrganizationNodeMemberRecords DescribeOrganizationNodeMemberRecords Operation level * Supported
      DescribeOrganizationNodeMembers DescribeOrganizationNodeMembers Operation level * Supported
      DescribeOrganizationNodeRecords DescribeOrganizationNodeRecords Operation level * Supported
      DescribeOrganizationNodeTags DescribeOrganizationNodeTags Operation level * Supported
      DescribeOrganizationNodes DescribeOrganizationNodes Operation level * Supported
      DescribeOrganizationNodesByParent DescribeOrganizationNodesByParent Operation level * Supported
      DescribeOrganizationOverView Get Organization OverView Operation level * Supported
      DescribeOrganizationPendingCreateRecord DescribeOrganizationPendingCreateRecord Operation level * Supported
      DescribeOrganizationPolicy DescribeOrganizationPolicy Operation level * Supported
      DescribeOrganizationRecords DescribeOrganizationRecords Operation level * Supported
      DescribeOrganizationServiceRole DescribeOrganizationServiceRole Operation level * Supported
      DescribeOrganizationSubAccountByDay DescribeOrganizationSubAccountByDay Operation level * Supported
      DescribeOrganizationSubAccountByMonth DescribeOrganizationSubAccountByMonth Operation level * Supported
      DescribePolicy DescribePolicy Operation level * Supported
      DescribePolicyConfig DescribePolicyConfig Operation level * Supported
      DescribeProductUsedInEvent DescribeProductUsedInEvent Operation level * Supported
      DescribeResourceToShareMember DescribeResourceToShareMember Operation level * Supported
      DescribeResourceToShareMemberByType DescribeResourceToShareMemberByType Operation level * Supported
      DescribeResourceTypes DescribeResourceTypes Operation level * Supported
      DescribeShareAreas DescribeShareAreas Operation level * Supported
      DescribeShareUnit DescribeShareUnit Operation level * Supported
      DescribeShareUnitMembers DescribeShareUnitMembers Operation level * Supported
      DescribeShareUnitResources DescribeShareUnitResources Operation level * Supported
      DescribeShareUnits DescribeShareUnits Operation level * Supported
      DescribeUnitToShareMember DescribeUnitToShareMember Operation level * Supported
      GetOrganization GetOrganization Operation level * Supported
      GetOrganizationMember GetOrganizationMember Operation level * Supported
      ListNonCompliantResource ListNonCompliantResource Operation level * Supported
      ListOrganizationInvitations ListOrganizationInvitations Operation level * Supported
      ListOrganizationMembers ListOrganizationMembers Operation level * Supported
      ListOrganizationNodeMembers ListOrganizationNodeMembers Operation level * Supported
      ListOrganizationNodes ListOrganizationNodes Operation level * Supported
      ListPoliciesForTarget ListPoliciesForTarget Operation level * Supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeMemberBeChangePermissionRecords DescribeMemberBeChangePermissionRecords Operation level * Supported
      DescribeOrganizationMembersAuthAccount DescribeOrganizationMembersAuthAccount Operation level * Supported
      DescribeOrganizationMembersAuthPolicy DescribeOrganizationMembersAuthPolicy Operation level * Supported
      DescribeShareResourceUsageRecords DescribeShareResourceUsageRecords Operation level * Supported
      DescribeShareResourcesByType DescribeShareResourcesByType Operation level * not supported
      ListMemberOperateProcess ListMemberOperateProcess Operation level * Supported
      ListOrgMemberSubAccount ListOrgMemberSubAccount Operation level * Supported
      ListOrgServiceAssignMember ListOrgServiceAssignMember Operation level * Supported
      ListOrganizationIdentity ListOrganizationIdentity Operation level * Supported
      ListOrganizationService ListOrganizationService Operation level * Supported
      ListPolicies ListPolicies Operation level * Supported
      ListTargetsForPolicy ListTargetsForPolicy Operation level * Supported
      お問い合わせ

      カスタマーサービスをご提供できるため、ぜひお気軽にお問い合わせくださいませ。

      お問い合わせ
      テクニカルサポート

      さらにサポートが必要な場合は、サポートチケットを送信して弊社サポートチームにお問い合わせください。24時間365日のサポートをご提供します。

      チケットを送信
      電話サポート(24 時間365日対応)
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      個人情報保護方針利用規約クッキーポリシー