tencent cloud

Feedback

Tencent Cloud Firewall

Last updated: 2024-05-26 09:22:44

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Cloud Firewall cfw Supported not supported Operation level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AddAclRule Add Internet Access Control Rules Operation level * Supported
    AddDnsAclRule Add Dns access control rules Operation level * Supported
    AddEnterpriseSecurityGroupRules Create New Enterprise Security Group Rules Operation level * Supported
    AddNatAcRule Operation level * Supported
    AddVpcAcRule Operation level * Supported
    AddZeroTrustWebService Add zero trust web service Operation level * Supported
    CreateAcRules Create ACL Rules Operation level * Supported
    CreateAlertCenterRule Alarm Center-Block, Release and Disposal Interface Operation level * Supported
    CreateAsyncTask CreateAsyncTask Operation level * Supported
    CreateBakRuleList Operation level * Supported
    CreateBlockIgnoreRuleNew Add intrusion prevention block list and allow list rules in batches (new) Operation level * Supported
    CreateIOAAccessGroup Override Edit IOA User Group Access Operation level * Supported
    CreateSecurityGroupRules Operation level * Supported
    CreateZeroTrustAclMulti Adding Zero Trust Remote Operation and Maintenance Rules in Batch - Identity Perspective Operation level * Supported
    CreateZeroTrustDomain CreateZeroTrustDomain Operation level * Supported
    DeleteAcRule Delete ACL Rule Operation level * Supported
    DeleteAllAccessControlRule DeleteAllAccessControlRule Operation level * Supported
    DeleteBlockIgnoreRuleNew Deleting Intrusion Prevention Block List and Allow List Rules in Batch (New) Operation level * Supported
    DeleteIOAAccessGroup Delete iOA user group access Operation level * Supported
    DeleteSecurityGroupRule Operation level * Supported
    DeleteZeroTrustDomain DeleteZeroTrustDomain Operation level * Supported
    DeleteZeroTrustWebService delete zero trust web service Operation level * Supported
    DeleteZeroTrustWebServiceAccess delete zero trust web service access info Operation level * Supported
    ExpandCfwVertical ExpandCfwVertical Operation level * Supported
    IgnoreZeroTrustError Ignore Zero Trust Remote Operations error banner Operation level * Supported
    ImportCFWFile Import common methods Operation level * Supported
    ModifyAcRule Modify ACL Rule Operation level * Supported
    ModifyAclApiDispatch ACL write interface request transfer Operation level * Supported
    ModifyAclRule Modify Internet Border Access Control Rules Operation level * Supported
    ModifyActionShowStatus ModifyActionShowStatus Operation level * Supported
    ModifyAllRuleStatus ModifyAllRuleStatus Operation level * Supported
    ModifyBlockIgnoreRuleNew Edit individual intrusion prevention block list and pass list rules (new) Operation level * Supported
    ModifyDnsAclRule Modify DNS access control rules Operation level * Supported
    ModifyDnsAclRuleSwitch Enable or disable DNS rule switches in batches Operation level * Supported
    ModifyEWRuleStatus Operation level * Supported
    ModifyEnterpriseSecurityDispatchStatus Operation level * Supported
    ModifyEnterpriseSecurityGroupRule Operation level * Supported
    ModifyEnterpriseSecurityGroupRuleLst Operation level * Supported
    ModifyEnterpriseSecurityGroupSequenceRules Operation level * Supported
    ModifyIgnoreAsyncTaskErr Ignore exception task information Operation level * Supported
    ModifyNatAcRule Operation level * Supported
    ModifyNatSequenceRules Operation level * Supported
    ModifyNetflowRuleStatus Operation level * Supported
    ModifySecurityGroupItemRuleStatus Operation level * Supported
    ModifySecurityGroupRule Operation level * Supported
    ModifySecurityGroupSequenceRules Operation level * Supported
    ModifySecurityGroupTableStatus Modify Security Group List Status Operation level * Supported
    ModifySequenceAclRules Internet Rules Quick Sort Operation level * Supported
    ModifySequenceRules modify rule sequence Operation level * Supported
    ModifySwitchStatus ModifySwitchStatus Operation level * Supported
    ModifyTableStatus ModifyTableStatus Operation level * Supported
    ModifyVpcAcRule Operation level * Supported
    ModifyVpcAcRuleSwitch Operation level * Supported
    ModifyVpcCfwWidth Vertical expansion of firewall between vpc Operation level * Supported
    ModifyVpcFwSequenceRules Operation level * Supported
    ModifyZeroTrustAssetAcl Edit Zero Trust Remote Operation and Maintenance Asset Permission Details Operation level * Supported
    ModifyZeroTrustBlockStatus Zero Trust Unauthorized Block Button Operation level * Supported
    ModifyZeroTrustDomain ModifyZeroTrustDomain Operation level * Supported
    ModifyZeroTrustEip Edit Zero Trust Regional Public IP Operation level * Supported
    ModifyZeroTrustRegionSwitch Modify Zero Trust Operation and Maintenance Region Switch Operation level * Supported
    ModifyZeroTrustRule ModifyZeroTrustRule Operation level * Supported
    ModifyZeroTrustRuleSwitch Modify IOA permission rule switches in batches Operation level * Supported
    ModifyZeroTrustUserAcl Edit Zero Trust Remote Operation and Maintenance User Permissions Details Operation level * Supported
    ModifyZeroTrustVpcSwitch Modify Zero Trust VPC Switch Operation level * Supported
    ModifyZeroTrustVpcSwitchAll Batch Modify Zero Trust VPC Switches Operation level * Supported
    ModifyZeroTrustWebService modify zero web service base info Operation level * Supported
    RemoveAclRule Delete Internet Access Control Rules Operation level * Supported
    RemoveDnsAclRule Delete Dns Access Control Rules Operation level * Supported
    RemoveEnterpriseSecurityGroupRule Operation level * Supported
    RemoveEnterpriseSecurityGroupRuleLst Operation level * Supported
    RemoveNatAcRule Operation level * Supported
    RemoveVpcAcRule Operation level * Supported
    ResetDnsRuleHitTimes Reset hit count for DNS firewall rules Operation level * Supported
    ResetNatRuleHitTimes Operation level * Supported
    ResetVpcRuleHitTimes Operation level * Supported
    SaveAutoBackUpSetting Operation level * Supported
    SetNatFwDnatRule SetNatFwDnatRule Operation level * Supported
    StopSecurityGroupRuleDispatch Operation level * Supported
    SyncIOAUserAccess Synchronize iOA user access data Operation level * Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CreateZeroTrustRule CreateZeroTrustRule Operation level * Supported
    DeleteZeroTrustRule DeleteZeroTrustRule Operation level * Supported
    DescribeAccessDomainInfoList Operation level * Supported
    DescribeAclApiDispatch Operation level * Supported
    DescribeAclRuleExportStatus Query the export status of Acl rules Operation level * Supported
    DescribeAclTag Access control tag query Operation level * Supported
    DescribeAddressTemplateList Query address template list Operation level * Supported
    DescribeAllRegionList Query region configuration information Operation level * Supported
    DescribeAllZoneList Availability zone information Operation level * Supported
    DescribeApiDispatch DescribeApiDispatch Operation level * Supported
    DescribeAreaStatus DescribeAreaStatus Operation level * Supported
    DescribeAssetScanStatus DescribeAssetScanStatus Operation level * Supported
    DescribeAssociatedInstanceList Operation level * Supported
    DescribeAsyncTask Query asynchronous task information Operation level * Supported
    DescribeAsyncTaskErr Asynchronous task exception information Operation level * Supported
    DescribeAutoBackUpSettingList Operation level * Supported
    DescribeBandWidthBanner Bandwidth Exceeded Banner Operation level * Supported
    DescribeBlackWhiteQuota Operation level * Supported
    DescribeBlockIgnoreList Operation level * Supported
    DescribeBorderACLList Operation level * Supported
    DescribeCdcIds Operation level * Supported
    DescribeCfwEips DescribeCfwEips Operation level * Supported
    DescribeCfwInsStatus Operation level * Supported
    DescribeCfwUpdateStatus Operation level * Supported
    DescribeChangeGroupRuleNotice Query whether it is necessary to display the rule changes of the security group Operation level * Supported
    DescribeChangeGroupRules Operation level * Supported
    DescribeChangeSecurityGroupAssociateInstances Operation level * Supported
    DescribeChangeSecurityGroupNum Operation level * Supported
    DescribeCheckCLSStatus Check if the current user has subscribed to CLS service Operation level * Supported
    DescribeCidrRelatedInstances Operation level * Supported
    DescribeConfig Operation level * Supported
    DescribeDNSFWStatus Get DNS Firewall Status Bar Operation level * Supported
    DescribeDnsAclRule Query the DNS access control list Operation level * Supported
    DescribeDnsRuleStatus Query the quota and usage of DNS rules Operation level * Supported
    DescribeElasticBandWidth Tenant elastic bandwidth interval query Operation level * Supported
    DescribeEnterpriseSGRuleProgress Operation level * Supported
    DescribeEnterpriseSecurityDispatchStatus Operation level * Supported
    DescribeEnterpriseSecurityNotDispatchCount Operation level * Supported
    DescribeFwGroupIdNames Operation level * Supported
    DescribeGlobalSetting Operation level * Supported
    DescribeIOAAccessDirectoryList Query the IOA access directory list Operation level * Supported
    DescribeIOAAccountGroups Query IOA account directory list Operation level * Supported
    DescribeIOALocalAccounts Query iOA account list Operation level * Supported
    DescribeIPStatusList DescribeIPStatusList Operation level * Supported
    DescribeImportCredential Get temporary records of imported file uploads Operation level * Supported
    DescribeLogs Operation level * Supported
    DescribeModuleConfig Operation level * Supported
    DescribeNatAcRule Operation level * Supported
    DescribeNatExistRegions DescribeNatExistRegions Operation level * Supported
    DescribeNatFwInstance Operation level * Supported
    DescribeNatFwInstancesInfo Operation level * Supported
    DescribeNewAuthInfo Operation level * Supported
    DescribeNewNatCheckInfo DescribeNewNatCheckInfo Operation level * Supported
    DescribeNoInsOfSecurityGroup Operation level * Supported
    DescribeOperateLogSelect Obtain operation log filter box data Operation level * Supported
    DescribeQueryNotEmptyRuleListInfo Operation level * Supported
    DescribeResourceGroupNew Operation level * Supported
    DescribeRuleOverview describe rule overview Operation level * Supported
    DescribeSGRuleProgress Operation level * Supported
    DescribeSecurityGroupAssociateInstances Operation level * Supported
    DescribeSecurityGroupList Operation level * Supported
    DescribeSecurityGroupVersionInfo Security group rule change version information Operation level * Supported
    DescribeSelectAssetGroup Asset information query under asset group Operation level * Supported
    DescribeSelectedAssetsByUserId Query the detailed list of allocation permissions Operation level * Supported
    DescribeShowBakRuleList Operation level * Supported
    DescribeSwitchStatus DescribeSwitchStatus Operation level * Supported
    DescribeSyncIOAUserAccessStatus Get synchronization iOA user synchronization status Operation level * Supported
    DescribeTableStatus DescribeTableStatus Operation level * Supported
    DescribeTagIpList Operation level * Supported
    DescribeUserListByAssetId Query asset permission overview Operation level * Supported
    DescribeVpcAcRule Operation level * Supported
    DescribeVpcAclEdgeRange Operation level * Supported
    DescribeVpcDetail Operation level * Supported
    DescribeVpcEdgeList Operation level * Supported
    DescribeVpcLogEdge Operation level * Supported
    DescribeVpcLogStatus Operation level * Supported
    DescribeVpcRuleStatus Operation level * Supported
    DescribeWeComStatus Operation level * not supported
    DescribeWebCosUrl Operation level * Supported
    DescribeWebServices Asset Center web service query list Operation level * Supported
    DescribeYwUserList Operation and maintenance user list Operation level * Supported
    DescribeZeroTrustAccessList Query the list of zero trust remote operation and maintenance identity access cards Operation level * Supported
    DescribeZeroTrustAccessOverview DescribeZeroTrustAccessOverview Operation level * Supported
    DescribeZeroTrustAccessSpecifications DescribeZeroTrustAccessSpecifications Operation level * Supported
    DescribeZeroTrustAllAccessLog zero trust asset access log Operation level * Supported
    DescribeZeroTrustAssetOverView Zero Trust Assets Overview Operation level * Supported
    DescribeZeroTrustAuthorityOverview Query Zero Trust Permissions Overview Operation level * Supported
    DescribeZeroTrustBlockStatus Query zero trust unauthorized access ban status Operation level * Supported
    DescribeZeroTrustConfig Query zero trust remote operation and maintenance configuration Operation level * Supported
    DescribeZeroTrustDb zero trust database asset list Operation level * Supported
    DescribeZeroTrustDomainInfo DescribeZeroTrustDomainInfo Operation level * Supported
    DescribeZeroTrustDomainList DescribeZeroTrustDomainList Operation level * Supported
    DescribeZeroTrustError Query Zero Trust Remote Operation and Maintenance Error Banner Operation level * Supported
    DescribeZeroTrustRegionItem DescribeZeroTrustRegionItem Operation level * Supported
    DescribeZeroTrustVpcList Zero trust asset access VPC list Operation level * Supported
    ExportAclRules Export ACL rule file Operation level * Supported
    ExportLogsOffline Log audit log offline export Operation level * Supported
    ExportZeroTrustDb export zero trust databases asset Operation level * Supported
    ModifyZeroTrustWebServiceAccess modify zero trust web service access Operation level * Supported
    OpenZeroTrustWebServiceAccess open zero trust web service access Operation level * Supported
    ResetAclRuleHitTimes Reset hit count for internet rules Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAcLists Query Access Control List Operation level * Supported
    DescribeAclRule Query the Internet Access Control List Operation level * Supported
    DescribeSwitchLists Query FireWall Switch list Operation level * Supported
    DescribeZeroTrustRule DescribeZeroTrustRule Operation level * Supported
    DescribeZeroTrustRuleHitDetail DescribeZeroTrustRuleHitDetail Operation level * Supported

    Other Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    ModifyLoginTime Update login time Operation level * Supported
    ModifyPolicyAuthority Report Policy Permissions Operation level * Supported
    ModifyUserAuthCheckStatus Asset Sync Authorization Status Change Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support