Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
---|---|---|---|---|---|
Cloud Access Management | cam | Supported | not supported | Operation level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
Two authorization granularity levels of API are supported: resource level, and operation level.
API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
---|---|---|---|---|
AddCollaborator | AddCollaborator | Operation level | * | not supported |
AddSubAccount | Console Create Message Recipient | Operation level | * | Supported |
AddSubAccountCheckingMFA | Console Create Sub-user and Collaborator | Operation level | * | Supported |
AddSubAccountsToGroup | Add user to group | Operation level | * | Supported |
AddUser | Add Sub-user | Operation level | * | Supported |
AddUserToGroup | Operation level | * | Supported | |
AttachGroupPolicies | Bind multiple policies to user groups | Operation level | * | Supported |
AttachGroupPolicy | Operation level | * | Supported | |
AttachGroupsPolicy | Bind a policy to multiple user groups | Operation level | * | Supported |
AttachRolePolicy | Operation level | * | Supported | |
AttachUserPolicies | Attach some policies to sub-user | Operation level | * | Supported |
AttachUserPolicy | Operation level | * | Supported | |
AttachUsersPolicy | Bind the policy to multiple users | Operation level | * | Supported |
BatchOperateCamStrategy | The binding strategy is for user details page | Operation level | * | Supported |
BindToken | Operation level | * | Supported | |
CreateApiKey | CreateApiKey | Resource level | qcs::cam::uin/${uin}:uin/${ApiUin} | Supported |
CreateAssistApprover | CreateAssistApprover | Operation level | * | Supported |
CreateCICUserSAMLConfig | Create CIC User SAML Identity Provider | Operation level | * | Supported |
CreateCollApiKey | Create sub-account key | Operation level | * | Supported |
CreateGroup | Operation level | * | Supported | |
CreateMessageReceiver | Create message receiver | Operation level | * | Supported |
CreateOIDCConfig | CreateOIDCConfig | Operation level | * | Supported |
CreatePolicy | Operation level | * | Supported | |
CreatePolicyVersion | Operation level | * | Supported | |
CreateRole | Create Role | Operation level | * | Supported |
CreateRoleByConsole | Console creation role | Operation level | * | Supported |
CreateSAMLProvider | Operation level | * | Supported | |
CreateServiceLinkedRole | Create service linked role | Operation level | * | Supported |
CreateSimulationPolicy | Create Simulation Policy Data | Operation level | * | Supported |
CreateSubAccountBindPolicy | Operation level | * | Supported | |
CreateSubAccountLoginIpPolicy | Operation level | * | Supported | |
CreateSubAccounts | Create WeComUser | Operation level | * | Supported |
CreateUserOIDCConfig | CreateUserOIDCConfig | Operation level | * | Supported |
CreateUserSAMLConfig | Create user SAML configuration | Operation level | * | Supported |
DeleteAccessKey | delete access key | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
DeleteApiKey | Operation level | * | Supported | |
DeleteCollApiKey | Delete sub-account key | Operation level | * | Supported |
DeleteEntitiesPermissionsBoundary | DeleteEntitiesPermissionsBoundary | Operation level | * | Supported |
DeleteGroup | Operation level | * | Supported | |
DeleteMessageReceiver | Delete message recipient | Operation level | * | Supported |
DeleteOIDCConfig | DeleteOIDCConfig | Operation level | * | Supported |
DeletePolicy | Delete Policy | Operation level | * | Supported |
DeletePolicyVersion | Operation level | * | Supported | |
DeleteRole | Delete role. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/{$RoleId} |
Supported |
DeleteRolePermissionsBoundary | DeleteRolePermissionsBoundary | Operation level | * | Supported |
DeleteSAMLProvider | Operation level | * | Supported | |
DeleteServiceLinkedRole | Delete service linked role | Resource level | qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/{$RoleId} |
Supported |
DeleteSubAccount | delete sub account | Operation level | * | Supported |
DeleteUser | delete sub user | Operation level | * | Supported |
DeleteUserPermissionsBoundary | DeleteUserPermissionsBoundary | Operation level | * | Supported |
DetachGroupPolicy | Operation level | * | Supported | |
DetachRolePolicy | Operation level | * | Supported | |
DetachUserPolicies | Unbinding strategy for details page | Operation level | * | Supported |
DetachUserPolicy | Operation level | * | Supported | |
DisableApiKey | Operation level | * | Supported | |
DisableCollApiKey | Disable sub-account key | Operation level | * | Supported |
DisableUserSSO | DisableUserSSO | Operation level | * | Supported |
EnableApiKey | Operation level | * | Supported | |
EnableCollApiKey | Enable sub-account key | Operation level | * | Supported |
GenerateSafetyAnalysisReport | - | Operation level | * | Supported |
LogoutRoleSessions | Log out of role | Operation level | * | Supported |
ModifySubContactEmailWithVerifyCode | sub-account modification contact email | Operation level | * | Supported |
ModifySubContactPhoneWithVerifyCode | sub-user modify contact phone | Operation level | * | Supported |
ModifyUserContactInfo | ModifyUserContactInfo | Operation level | * | Supported |
PassRole | Pass role for assume role. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
PutEntitiesPermissionsBoundary | PutEntitiesPermissionsBoundary | Operation level | * | Supported |
PutRolePermissionsBoundary | PutRolePermissionsBoundary | Operation level | * | Supported |
PutUserPermissionsBoundary | PutUserPermissionsBoundary | Operation level | * | Supported |
RemoveUserFromGroup | Operation level | * | Supported | |
SetDefaultPolicyVersion | Operation level | * | Supported | |
SetLoginSessionDuration | - | Operation level | * | Supported |
SetMfaFlag | set the user\\\\\\\'s login protection and sensitive operation verification method | Operation level | * | Supported |
SetSafeAuthFlag | Operation level | * | Supported | |
SetSubAccountSessionLifetime | - | Operation level | * | Supported |
SyncAuthInfo | - | Operation level | * | Supported |
TagRole | Tag role. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
UnbindContactInfo | Unbind contact information | Resource level | qcs::cam::uin/${uin}:uin/${uin} qcs::cam::uin/${uin}:userName/${userName} |
Supported |
UnbindSubAccount | Unbind sub-user login method | Operation level | * | Supported |
UnbindSubAccountStoken | - | Operation level | * | Supported |
UnbindSubAccountToken | - | Operation level | * | Supported |
UnbindSubAccountU2FToken | unbind subaccount U2F Token | Operation level | * | Supported |
UnbindToken | Operation level | * | Supported | |
UnbindU2FToken | unbind account U2F Token | Operation level | * | Supported |
UntagRole | Untag role. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName}role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
UpdateAccessKey | update access key | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
UpdateAccessKeyAttribute | UpdateAccessKeyAttribute | Resource level | qcs::cam::uin/${uin}:uin/${uin} | Supported |
UpdateAssumeRolePolicy | Update assume role policy. | Resource level | qcs::cam::uin/${uin}:roleName/${roleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${roleId} qcs::cam::uin/${uin}:role/${roleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${roleName} |
Supported |
UpdateCollPassword | - | Operation level | * | Supported |
UpdateGroup | Operation level | * | Supported | |
UpdateOIDCConfig | UpdateOIDCConfig | Operation level | * | Supported |
UpdatePasswordRules | Operation level | * | Supported | |
UpdatePolicy | Operation level | * | Supported | |
UpdateRoleConsoleLogin | Update role console login | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
UpdateRoleDescription | Update role description. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
UpdateSAMLProvider | Operation level | * | Supported | |
UpdateSubAccount | update sub account | Operation level | * | Supported |
UpdateSubAccountAttr | - | Operation level | * | Supported |
UpdateUser | update user | Operation level | * | Supported |
UpdateUserOIDCConfig | UpdateUserOIDCConfig | Operation level | * | Supported |
UpdateUserSAMLConfig | Modify user SAML configuration | Operation level | * | Supported |
API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
---|---|---|---|---|
BuildDataFlowAuthToken | BuildDataFlowAuthToken | Resource level | qcs::cam:${ResourceRegion}:uin/:resourceUser/${ResourceId}/${ResourceAccount} | Supported |
API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
---|---|---|---|---|
CheckGroupNameIsValid | check whether the user group name is legal | Operation level | * | Supported |
CheckSubAccountName | Operation level | * | Supported | |
CheckUserPolicyAttachment | Operation level | * | Supported | |
ConsumeCustomMFAToken | Operation level | * | Supported | |
DescribeAssistApprover | Operation level | * | Supported | |
DescribeContactInfoModifyStatus | - | Operation level | * | Supported |
DescribeMFADeviceColl | 查询mfa设备 | Operation level | * | Supported |
DescribeMessageReceiverList | Message recipient list | Operation level | * | not supported |
DescribeMfaStatus | query mfa status | Operation level | * | Supported |
DescribeOIDCConfig | DescribeOIDCConfig | Operation level | * | Supported |
DescribePermProject | - | Operation level | * | Supported |
DescribeRoleList | Describe role list. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
DescribeSafeAuthFlagColl | DescribeSafeAuthFlagColl | Operation level | * | Supported |
DescribeSafeAuthInfo | DescribeSafeAuthInfo | Operation level | * | Supported |
DescribeSecretProjectId | - | Operation level | * | Supported |
DescribeSensitiveInfoHashValue | - | Operation level | * | Supported |
DescribeServiceLinkedRole | Describe service linked role | Operation level | * | Supported |
DescribeSubAccountBindPolicy | Operation level | * | Supported | |
DescribeSubAccountContacts | DescribeSubAccountContacts | Operation level | * | Supported |
DescribeSubAccountLoginIpPolicy | Operation level | * | Supported | |
DescribeSubAccountSessionSettings | - | Operation level | * | Supported |
DescribeSubAccounts | Describe SubAccounts | Operation level | * | Supported |
DescribeSubLoginUinList | - | Operation level | * | Supported |
DescribeSubUsers | Sub account details | Operation level | * | not supported |
DescribeUserAnalysisReport | DescribeUserAnalysisReport | Operation level | * | Supported |
DescribeUserAnalysisReportCheck | - | Operation level | * | Supported |
DescribeUserOIDCConfig | DescribeUserOIDCConfig | Operation level | * | Supported |
DescribeUserSAMLConfig | Query user SAML configuration | Operation level | * | Supported |
DescribeUserWeChatInfo | - | Operation level | * | Supported |
DescribeWechatUnionId | - | Operation level | * | Supported |
GetAccountSummary | Operation level | * | Supported | |
GetAllSubUser | Operation level | * | Supported | |
GetCustomMFATokenInfo | Operation level | * | Supported | |
GetCustomMfaCallback | - | Operation level | * | Supported |
GetGroup | Operation level | * | Supported | |
GetMFADevice | Operation level | * | Supported | |
GetMFADeviceColl | - | Operation level | * | Supported |
GetMfaStatusBySubUins | Query the MFA status through the UIN of sub accounts | Operation level | * | not supported |
GetPasswordRules | Operation level | * | Supported | |
GetPolicy | Operation level | * | Supported | |
GetPolicyVersion | Operation level | * | Supported | |
GetReceiverInfo | Operation level | * | Supported | |
GetRole | Get role detail. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
GetRolePermissionBoundary | GetRolePermissionBoundary | Operation level | * | Supported |
GetSAMLProvider | Operation level | * | Supported | |
GetSafeAuthFlag | Operation level | * | Supported | |
GetSafeAuthFlagColl | - | Operation level | * | Supported |
GetSecurityLastUsed | GetSecurityLastUsed | Operation level | * | Supported |
GetServiceLinkedRoleDeletionStatus | Get service linked role deletion status | Operation level | * | Supported |
GetStrategyNoticeFrequency | Frequency of getting policy change notifications | Operation level | * | Supported |
GetSubAccountBindInfo | Operation level | * | Supported | |
GetUidByUin | Operation level | * | Supported | |
GetUser | Operation level | * | Supported | |
GetUserAppId | Get User AppId | Operation level | * | not supported |
GetUserPermissionBoundary | GetUserPermissionBoundary | Operation level | * | Supported |
ListAccessKeys | list access keys | Resource level | qcs::cam::uin/${uin}:userName/${userName} | Supported |
ListAllGroupsPolicies | Operation level | * | Supported | |
ListAttachedGroupPolicies | Operation level | * | Supported | |
ListAttachedRolePolicies | Operation level | * | Supported | |
ListAttachedUserAllPolicies | Operation level | * | Supported | |
ListAttachedUserPolicies | Operation level | * | Supported | |
ListCollaborators | List Collaborators | Operation level | * | Supported |
ListEntitiesForPolicy | Operation level | * | Supported | |
ListGroups | Operation level | * | Supported | |
ListGroupsForConsole | List Groups For Console | Operation level | * | Supported |
ListGroupsForUser | Operation level | * | Supported | |
ListGroupsPolicies | Operation level | * | Supported | |
ListIdentityProvider | Operation level | * | Supported | |
ListLoginRoles | Get subaccount user\'s role list for login. | Operation level | * | Supported |
ListMaskedSubAccounts | - | Operation level | * | Supported |
ListPolicies | Operation level | * | Supported | |
ListPolicyVersions | Operation level | * | Supported | |
ListRoleTags | List role tags. | Resource level | qcs::cam::uin/${uin}:roleName/${RoleName} qcs::cam::uin/${uin}:role/tencentcloudServiceRole/${RoleId} qcs::cam::uin/${uin}:role/${RoleId} qcs::cam::uin/${uin}:role/tencentcloudServiceRoleName/${RoleName} |
Supported |
ListSAMLProviders | Operation level | * | Supported | |
ListSimulationAuth | ListSimulationAuth | Operation level | * | Supported |
ListSubAccounts | Operation level | * | Supported | |
ListSubUsers | Sub Account List | Operation level | * | Supported |
ListUserTags | List user tags | Resource level | qcs::cam::uin/${uin}:userName/${userName} | Supported |
ListUsers | Operation level | * | Supported | |
ListUsersForGroup | List Users For Group | Operation level | * | Supported |
ListUsersForPolicy | Operation level | * | Supported | |
ListWeChatWorkSubAccounts | - | Operation level | * | Supported |
LookupRecentlyLogin | Operation level | * | Supported | |
QueryApiKey | Operation level | * | Supported | |
QueryApiKeyRecord | Query key access records | Operation level | * | Supported |
QueryCollApiKey | Query for sub-account key list | Operation level | * | Supported |
QueryKeyBySecretId | - | Operation level | * | Supported |
API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
---|---|---|---|---|
DescribeOrganizationSubAccountPolicies | Describe Organization SubAccount Policies List | Operation level | * | Supported |
GetAllMaskedSubUser | - | Operation level | * | Supported |
ListEntitiesForPermissionsBoundary | ListEntitiesForPermissionsBoundary | Operation level | * | Supported |
ListPoliciesForPermissionsBoundary | ListPoliciesForPermissionsBoundary | Operation level | * | Supported |
ListPoliciesGrantingServiceAccess | List policies granting service access. | Operation level | * | Supported |
Was this page helpful?