Cloud Access Management
Last updated: 2025-12-04 09:07:39
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Cloud Access Management | cam | Supported | not supported | Operation level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AcceptOrganizationInvitationTest | Test | Operation level | * | not supported |
| BuildDataFlowAuthToken | BuildDataFlowAuthToken | Resource level | qcs::cam:${ResourceRegion}:uin/:resourceUser/${ResourceId}/${ResourceAccount} | Supported |
| GenerateOIDCAccessToken | Generate access token | Operation level | * | Supported |
| UpdateCICUserSAMLConfig | Update CIC SAML Identity Provider | Operation level | * | Supported |
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddCollaborator | AddCollaborator | Operation level | * | Supported |
| AddQywxSubAccount | add enterprise WeChat sub users | Operation level | * | not supported |
| AddSubAccount | Console Create Message Recipient | Operation level | * | Supported |
| AddSubAccountCheckingMFA | create sub account | Resource level | qcs::cam::uin/${uin}:uin/${subUin} | Supported |
| AddSubAccountsToGroup | Add user to group | Operation level | * | Supported |
| AddUser | addUser | Operation level | * | Supported |
| AddUserToGroup | User joins user group | Operation level | * | Supported |
| AttachGroupPolicies | Attach policies to group | Operation level | * | Supported |
| AttachGroupPolicy | Attach group policy | Operation level | * | Supported |
| AttachGroupsPolicy | Attach policy to groups | Operation level | * | Supported |
| AttachRolePolicies | Attach policies to role | Operation level | * | not supported |
| AttachRolePolicy | Attach policy to role | Operation level | * | Supported |
| AttachRolesPolicy | Attach policy to roles | Operation level | * | Supported |
| AttachUserPolicies | Attach policies to user | Operation level | * | Supported |
| AttachUserPolicy | Attach policy to user. | Operation level | * | Supported |
| AttachUserPolicyByName | Bind the policy to the sub account through the policy name | Operation level | * | not supported |
| AttachUsersPolicy | Attach policy to users | Operation level | * | Supported |
| BanSensitiveOperation | ban sensitive operations for risky uin | Operation level | * | Supported |
| BatchOperateCamStrategy | The binding strategy is for user details page | Resource level | qcs::cam::uin/:uin/${RelateUin} | Supported |
| BindToken | Operation level | * | Supported | |
| BindTokenPasskey | BindTokenPasskey | Operation level | * | Supported |
| BindWechatUserId | bind enterprise WeChat users | Operation level | * | Supported |
| CreateAccessKey | create access key | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
| CreateApiKey | CreateApiKey | Resource level | qcs::cam::uin/${uin}:uin/${ApiUin} | Supported |
| CreateAssistApprover | CreateAssistApprover | Operation level | * | Supported |
| CreateCICUserSAMLConfig | Create CIC User SAML Identity Provider | Operation level | * | Supported |
| CreateCollApiKey | Create sub-account key | Operation level | * | Supported |
| CreateGroup | Operation level | * | Supported | |
| CreateMessageReceiver | Create message receiver | Operation level | * | Supported |
| CreateOIDCConfig | CreateOIDCConfig | Operation level | * | Supported |
| CreateOIDCIdentityProviderApp | Create an OIDC identity provider application | Operation level | * | Supported |
| CreatePolicyVersion | Create new policy version | Resource level | qcs::cam::uin/:policy/${PolicyId} | Supported |
| CreateRole | Create Role | Operation level | * | Supported |
| CreateRoleByConsole | Console creation role | Operation level | * | Supported |
| CreateSAMLProvider | Operation level | * | Supported | |
| CreateServiceLinkedRole | Create service linked role | Operation level | * | Supported |
| CreateSimulationPolicy | Create Simulation Policy Data | Operation level | * | Supported |
| CreateSubAccountBindPolicy | Operation level | * | Supported | |
| CreateSubAccountLoginIpPolicy | Operation level | * | Supported | |
| CreateSubAccounts | Create WeComUser | Operation level | * | Supported |
| CreateSubUserInviteQRCode | create sub account invitation QR code | Operation level | * | Supported |
| CreateUserOIDCConfig | CreateUserOIDCConfig | Operation level | * | Supported |
| CreateUserSAMLConfig | Create user SAML configuration | Operation level | * | Supported |
| DeleteAccessKey | delete access key | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
| DeleteApiKey | Resource level | qcs::cam::uin/:uin/${ApiUin} | Supported | |
| DeleteCollApiKey | Delete sub-account key | Operation level | * | Supported |
| DeleteEntitiesPermissionsBoundary | DeleteEntitiesPermissionsBoundary | Operation level | * | Supported |
| DeleteGroup | Resource level | qcs::cam::uin/:groupid/${GroupId} | Supported | |
| DeleteMessageReceiver | Delete message recipient | Operation level | * | Supported |
| DeleteOIDCConfig | DeleteOIDCConfig | Operation level | * | Supported |
| DeleteOIDCIdentityProviderApp | Deleting an OIDC identity provider application | Operation level | * | Supported |
| DeletePolicyVersion | Resource level | qcs::cam::uin/:policy/${PolicyId} | Supported | |
| DeleteQywxSubAccount | delete enterprise WeChat sub users | Resource level | qcs::cam::uin/:uin/${SubUserUin} | Supported |
| DeleteRole | Delete role. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/{$RoleId} |
Supported |
| DeleteRolePermissionsBoundary | DeleteRolePermissionsBoundary | Operation level | * | Supported |
| DeleteSAMLProvider | Operation level | * | Supported | |
| DeleteServiceLinkedRole | Delete service linked role | Resource level | qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/{$RoleId} |
Supported |
| DeleteSubAccount | delete sub account | Operation level | * | Supported |
| DeleteUser | delete sub user | Operation level | * | Supported |
| DeleteUserPasskey | DeleteUserPasskey | Operation level | * | Supported |
| DeleteUserPermissionsBoundary | DeleteUserPermissionsBoundary | Operation level | * | Supported |
| DetachGroupPolicies | DetachGroupPolicies | Resource level | qcs::cam::uin/:groupid/${GroupId} | Supported |
| DetachGroupPolicy | Resource level | qcs::cam::uin/:groupid/${DetachGroupId} | Supported | |
| DetachGroupsPolicy | DetachGroupsPolicy | Resource level | qcs::cam::uin/:groupid/${GroupId} | Supported |
| DetachRolePolicies | Detach Role Policies | Operation level | * | Supported |
| DetachRolePolicy | Operation level | * | Supported | |
| DetachRolesPolicy | DetachRolesPolicy | Operation level | * | Supported |
| DetachUserPolicies | Unbinding strategy for details page | Resource level | qcs::cam::uin/:uin/${TargetUin} | Supported |
| DetachUserPolicy | Resource level | qcs::cam::uin/:uin/${DetachUin} | Supported | |
| DetachUsersPolicy | DetachUsersPolicy | Resource level | qcs::cam::uin/:uin/${TargetUin} | Supported |
| DisableApiKey | Resource level | qcs::cam::uin/:uin/${ApiUin} | Supported | |
| DisableCollApiKey | Disable sub-account key | Operation level | * | Supported |
| DisableUserSSO | DisableUserSSO | Operation level | * | Supported |
| EnableApiKey | Resource level | qcs::cam::uin/:uin/${ApiUin} | Supported | |
| EnableCollApiKey | Enable sub-account key | Operation level | * | Supported |
| GenerateSafetyAnalysisReport | - | Operation level | * | Supported |
| LogoutRoleSessions | Log out of role | Operation level | * | Supported |
| ModifyMessageReceiver | modify message receiver | Operation level | * | Supported |
| ModifyPasskeyName | ModifyPasskeyName | Operation level | * | Supported |
| ModifySubContactEmailWithVerifyCode | sub-account modification contact email | Operation level | * | Supported |
| ModifySubContactPhoneWithVerifyCode | sub-user modify contact phone | Operation level | * | Supported |
| ModifyUserContactInfo | ModifyUserContactInfo | Operation level | * | Supported |
| PassRole | Pass role for assume role. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
| PutEntitiesPermissionsBoundary | PutEntitiesPermissionsBoundary | Operation level | * | Supported |
| PutRolePermissionsBoundary | PutRolePermissionsBoundary | Operation level | * | Supported |
| PutUserPermissionsBoundary | PutUserPermissionsBoundary | Operation level | * | Supported |
| RemoveUserFromGroup | Remove users from the user group | Operation level | * | Supported |
| SetAccountAlias | Set main account alias | Operation level | * | Supported |
| SetDefaultPolicyVersion | Resource level | qcs::cam::uin/:policy/${PolicyId} | Supported | |
| SetFlag | set the user\\\'s login protection and sensitive operation verification method | Resource level | qcs::cam::uin/:uin/${OpUin} | Supported |
| SetLoginSessionDuration | - | Operation level | * | Supported |
| SetMaxIdleDaysForUsers | Set the maximum idle time for users | Operation level | * | Supported |
| SetMfaFlag | set the user\\\\\\\'s login protection and sensitive operation verification method | Resource level | qcs::cam::uin/:uin/${OpUin} | Supported |
| SetRoleHighRiskOperationLimit | Set high-risk operation restrictions for roles | Operation level | * | Supported |
| SetSafeAuthFlag | Resource level | qcs::cam::uin/:uin/${OpUin} | Supported | |
| SetSubAccountDefaultMFASettingV2 | set mfa setting v2 | Operation level | * | Supported |
| SetSubAccountSessionLifetime | - | Operation level | * | Supported |
| SetUserHighRiskOperationLimit | Set high-risk operation restrictions for users | Operation level | * | Supported |
| SyncAuthInfo | - | Operation level | * | Supported |
| TagRole | Tag role. | Resource level | qcs::cam::uin/${uin}:role/${roleId} | Supported |
| UnbanSensitiveOperation | unban sensitive operations for risky uin | Operation level | * | Supported |
| UnbindContactInfo | Unbind contact information | Resource level | qcs::cam::uin/${uin}:uin/${uin} qcs::cam::uin/${uin}:userName/${userName} |
Supported |
| UnbindStoken | unbind soft token | Operation level | * | Supported |
| UnbindSubAccount | Unbind sub-user login method | Resource level | qcs::cam::uin/:uin/${SubUin} | Supported |
| UnbindSubAccountStoken | - | Operation level | * | Supported |
| UnbindSubAccountToken | - | Operation level | * | Supported |
| UnbindSubAccountU2FToken | unbind subaccount U2F Token | Operation level | * | Supported |
| UnbindToken | Resource level | qcs::cam::uin/:uin/${OpUin} | Supported | |
| UnbindU2FToken | unbind account U2F Token | Operation level | * | Supported |
| UntagRole | Untag role. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName}role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
| UpdateAccessKey | update access key | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
| UpdateAccessKeyAttribue | UpdateAccessKeyAttribue | Resource level | qcs::cam::uin/${uin}:uin/${uin} | not supported |
| UpdateAccessKeyAttribute | UpdateAccessKeyAttribute | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
| UpdateAssumeRolePolicy | Update assume role policy. | Resource level | qcs::cam::uin/${uin}:roleName/${roleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${roleId} qcs::cam::uin/${uin}:role/${roleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${roleName} |
Supported |
| UpdateCollPassword | - | Operation level | * | Supported |
| UpdateGroup | UpdateGroup | Resource level | qcs::cam::uin/:groupid/${GroupId} | Supported |
| UpdateOIDCConfig | UpdateOIDCConfig | Operation level | * | Supported |
| UpdateOIDCIdentityProviderApp | Update the OIDC identity provider application | Operation level | * | Supported |
| UpdatePasswordRules | Operation level | * | Supported | |
| UpdateRoleConsoleLogin | Update role console login | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
| UpdateRoleDescription | Update role description. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
| UpdateRoleSessionDuration | UpdateRoleSessionDuration | Operation level | * | Supported |
| UpdateSAMLProvider | Update SAML Provider Info | Operation level | * | Supported |
| UpdateSubAccount | update sub account | Operation level | * | Supported |
| UpdateSubAccountAttr | - | Operation level | * | Supported |
| UpdateUser | update user | Operation level | * | Supported |
| UpdateUserOIDCConfig | UpdateUserOIDCConfig | Operation level | * | Supported |
| UpdateUserSAMLConfig | Modify user SAML configuration | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckGroupNameIsValid | check whether the user group name is legal | Operation level | * | Supported |
| CheckSubAccountName | Operation level | * | Supported | |
| CheckUserPolicyAttachment | Operation level | * | Supported | |
| ConsumeCustomMFAToken | Operation level | * | Supported | |
| DescribeAccountAlias | Get the main account alias settings | Operation level | * | Supported |
| DescribeAssistApprover | Operation level | * | Supported | |
| DescribeBanRecord | Query ban record | Operation level | * | Supported |
| DescribeCICUserSAMLConfig | DescribeCICUserSAMLConfig | Operation level | * | Supported |
| DescribeCamStrategyDetail | DescribeCamStrategyDetail | Resource level | qcs::cam::uin/:policy/${StrategyId} | Supported |
| DescribeContactInfoModifyStatus | - | Operation level | * | Supported |
| DescribeMFADeviceColl | Query MFA devices | Resource level | qcs::cam::uin/:uin/${SubUin} | Supported |
| DescribeMaxIdleDaysForUsers | Query the maximum idle time of the user | Operation level | * | Supported |
| DescribeMessageReceiverList | Message recipient list | Operation level | * | not supported |
| DescribeMfaStatus | query mfa status | Operation level | * | Supported |
| DescribeOIDCConfig | DescribeOIDCConfig | Operation level | * | Supported |
| DescribeOIDCIdentityProviderApp | Query OIDC identity provider application | Operation level | * | Supported |
| DescribeOIDCJWKs | Query the OIDC identity provider public key | Operation level | * | Supported |
| DescribePermProject | - | Operation level | * | Supported |
| DescribeRoleHighRiskOperationLimit | Get high-risk operation restriction settings for the role | Operation level | * | Supported |
| DescribeRoleList | DescribeRoleList | Operation level | * | Supported |
| DescribeSafeAuthFlagColl | DescribeSafeAuthFlagColl | Resource level | qcs::cam::uin/:uin/${SubUin} | Supported |
| DescribeSafeAuthInfo | DescribeSafeAuthInfo | Operation level | * | Supported |
| DescribeSecretProjectId | - | Operation level | * | Supported |
| DescribeSensitiveInfoHashValue | - | Operation level | * | Supported |
| DescribeServiceLinkedRole | Describe service linked role | Operation level | * | Supported |
| DescribeSubAccountBindPolicy | Operation level | * | Supported | |
| DescribeSubAccountContacts | DescribeSubAccountContacts | Operation level | * | Supported |
| DescribeSubAccountDefaultMFASetting | get MFA default settings of sub account | Operation level | * | Supported |
| DescribeSubAccountLoginIpPolicy | Operation level | * | Supported | |
| DescribeSubAccountSessionSettings | - | Operation level | * | Supported |
| DescribeSubAccounts | Describe SubAccounts | Operation level | * | Supported |
| DescribeSubLoginUinList | - | Operation level | * | Supported |
| DescribeSubUsers | Sub account details | Operation level | * | not supported |
| DescribeUserAnalysisReport | DescribeUserAnalysisReport | Operation level | * | Supported |
| DescribeUserAnalysisReportCheck | - | Operation level | * | Supported |
| DescribeUserHighRiskOperationLimit | Obtain high-risk operation restriction settings for users | Operation level | * | Supported |
| DescribeUserOIDCConfig | DescribeUserOIDCConfig | Operation level | * | Supported |
| DescribeUserSAMLConfig | Query user SAML configuration | Operation level | * | Supported |
| DescribeUserWeChatInfo | - | Operation level | * | Supported |
| DescribeWechatUnionId | - | Operation level | * | Supported |
| GetAccountSummary | Operation level | * | Supported | |
| GetAllSubUser | Operation level | * | Supported | |
| GetCustomMFATokenInfo | Operation level | * | Supported | |
| GetCustomMfaCallback | - | Operation level | * | Supported |
| GetGroup | Resource level | qcs::cam::uin/:groupid/${GroupId} | Supported | |
| GetMFADevice | Query user\\\'s MFA device | Operation level | * | Supported |
| GetMFADeviceColl | - | Resource level | qcs::cam::uin/:uin/${SubUin} | Supported |
| GetMfaStatusBySubUins | Query the MFA status through the UIN of sub accounts | Operation level | * | Supported |
| GetPasswordRules | Operation level | * | Supported | |
| GetPolicy | Resource level | qcs::cam::uin/:policy/${PolicyId} | Supported | |
| GetPolicyVersion | Get policy version | Resource level | qcs::cam::uin/:policy/${PolicyId} | Supported |
| GetReceiverInfo | Operation level | * | Supported | |
| GetRole | Get Role Detail | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
| GetRolePermissionBoundary | GetRolePermissionBoundary | Operation level | * | Supported |
| GetSAMLProvider | Operation level | * | Supported | |
| GetSafeAuthFlag | Operation level | * | Supported | |
| GetSafeAuthFlagColl | - | Resource level | qcs::cam::uin/:uin/${SubUin} | Supported |
| GetSafeAuthInfo | Get an overview of security settings information | Operation level | * | not supported |
| GetSecurityLastUsed | GetSecurityLastUsed | Operation level | * | Supported |
| GetServiceLinkedRoleDeletionStatus | Get service linked role deletion status | Operation level | * | Supported |
| GetStrategyNoticeFrequency | Frequency of getting policy change notifications | Operation level | * | Supported |
| GetSubAccountBindInfo | Resource level | qcs::cam::uin/:uin/${SubUin} | Supported | |
| GetUidByUin | Operation level | * | Supported | |
| GetUinInfoForPasskeyBind | GetUinInfoForPasskeyBind | Operation level | * | Supported |
| GetUser | Get user info | Operation level | * | Supported |
| GetUserAppId | Get User AppId | Operation level | * | not supported |
| GetUserPermissionBoundary | GetUserPermissionBoundary | Operation level | * | Supported |
| ListAccessKeys | list access keys | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
| ListAllGroupsPolicies | Operation level | * | Supported | |
| ListAttachedGroupPolicies | Resource level | qcs::cam::uin/:groupid/${TargetGroupId} | Supported | |
| ListAttachedRolePolicies | Lists all managed policies that are attached to the specified role | Operation level | * | Supported |
| ListAttachedUserAllPolicies | Operation level | * | Supported | |
| ListAttachedUserPolicies | Resource level | qcs::cam::uin/:uin/${TargetUin} | Supported | |
| ListCollaborators | List Collaborators | Operation level | * | Supported |
| ListConsoleSubUsers | Query sub-account information list | Operation level | * | Supported |
| ListEntitiesForPolicy | Resource level | qcs::cam::uin/:policy/${PolicyId} | Supported | |
| ListGroups | Operation level | * | Supported | |
| ListGroupsForConsole | List Groups For Console | Operation level | * | Supported |
| ListGroupsForUser | List the user groups associated with the user | Operation level | * | Supported |
| ListGroupsPolicies | Operation level | * | Supported | |
| ListHighRiskActions | Query the list of high-risk operations | Operation level | * | Supported |
| ListIdentityProvider | Operation level | * | Supported | |
| ListLoginRoles | Get subaccount user\'s role list for login. | Operation level | * | Supported |
| ListMaskedSubAccounts | - | Operation level | * | Supported |
| ListMaskedUsers | Pull the list of coding sub users | Operation level | * | Supported |
| ListMenuBusiness | ListMenuBusiness | Operation level | * | not supported |
| ListOIDCIdentityProviderApps | Query the OIDC identity provider application list | Operation level | * | Supported |
| ListPolicies | Operation level | * | Supported | |
| ListPolicyVersions | Resource level | qcs::cam::uin/:policy/${PolicyId} | Supported | |
| ListReceiver | get the message receiver list | Operation level | * | Supported |
| ListRoleTags | List role tags. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
| ListSAMLProviders | Operation level | * | Supported | |
| ListSimulationAuth | ListSimulationAuth | Operation level | * | Supported |
| ListSubAccounts | Operation level | * | Supported | |
| ListSubUsers | Sub Account List | Operation level | * | Supported |
| ListUserTags | List user tags | Resource level | qcs::cam::uin/${uin}:userName/${userName} | Supported |
| ListUsers | Operation level | * | Supported | |
| ListUsersForGroup | List Users For Group | Resource level | qcs::cam::uin/:groupid/${GroupId} | Supported |
| ListUsersForPolicy | Operation level | * | Supported | |
| ListWeChatWorkSubAccounts | - | Operation level | * | Supported |
| LookupRecentlyLogin | Operation level | * | Supported | |
| QueryApiKey | Resource level | qcs::cam::uin/:uin/${TargetUin} | Supported | |
| QueryApiKeyRecord | Query key access records | Operation level | * | Supported |
| QueryCollApiKey | Query for sub-account key list | Operation level | * | Supported |
| QueryKeyBySecretId | - | Operation level | * | Supported |
| SignOutAllSubAccounts | All sub-accounts logged in offline | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeOrganizationSubAccountPolicies | Describe Organization SubAccount Policies List | Operation level | * | Supported |
| GetAllMaskedSubUser | - | Operation level | * | Supported |
| ListEntitiesForPermissionsBoundary | ListEntitiesForPermissionsBoundary | Operation level | * | Supported |
| ListPoliciesForPermissionsBoundary | ListPoliciesForPermissionsBoundary | Operation level | * | Supported |
| ListPoliciesGrantingServiceAccess | List policies granting service access. | Operation level | * | Supported |
| ListRoleHighRiskOperationLimits | Get the list of high-risk operation restriction settings for the role | Operation level | * | Supported |
| ListUserHighRiskOperationLimits | Obtain a list of high-risk operation restriction settings for users | Operation level | * | Supported |
| QueryUserPasskeyList | QueryUserPasskeyList | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback