Customer Identity and Access Management
Last updated:2026-01-27 09:47:47
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Customer Identity Access Management | ciam | Supported | not supported | Operation level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddUsersToUserGroup | Add Users To User Group | Operation level | * | Supported |
| ControlApplication | Control Application | Operation level | * | Supported |
| ControlAuthSource | Control Auth Source | Operation level | * | Supported |
| ControlLogPushConfig | Control LogPush Config | Operation level | * | Supported |
| CreateApiImportUserJob | create api import user job | Operation level | * | Supported |
| CreateApplication | Create Application | Operation level | * | Supported |
| CreateBillingResources | Create Billing Resources | Operation level | * | Supported |
| CreateFileExportUserJob | Create File Export User Job | Operation level | * | Supported |
| CreateFileImportUserJob | Create FileImport User Job | Operation level | * | Supported |
| CreateLogPushConfig | Create LogPush Config | Operation level | * | Supported |
| CreateSocialAuthSource | Create Social Auth Source | Operation level | * | Supported |
| CreateSyncConfig | Create Sync Config | Operation level | * | Supported |
| CreateUniversalAuthSource | Create Universal Auth Source | Operation level | * | Supported |
| CreateUser | Create User | Operation level | * | Supported |
| CreateUserGroup | Create User Group | Operation level | * | Supported |
| CreateUserProperty | Create User Property | Operation level | * | Supported |
| CreateUserStore | Create User Store | Operation level | * | Supported |
| CreateUserStoreAndDemoData | Create User Store And Demo Data | Operation level | * | Supported |
| DeleteApplications | Delete Applications | Operation level | * | Supported |
| DeleteAuthSource | Delete Auth Source | Operation level | * | Supported |
| DeleteLogPushConfig | Delete LogPush Config | Operation level | * | Supported |
| DeleteSyncConfigs | Delete Sync Configs | Operation level | * | Supported |
| DeleteUserGroups | Delete User Groups | Operation level | * | Supported |
| DeleteUserProperty | Delete User Property | Operation level | * | Supported |
| DeleteUserStore | Delete User Store | Operation level | * | Supported |
| DeleteUsers | Delete Users | Operation level | * | Supported |
| ExecuteAction | Execute Action | Operation level | * | Supported |
| ExecuteActionProcessor | Execute Action Processor | Operation level | * | Supported |
| LinkAccount | Link Account | Operation level | * | Supported |
| RemoveUsersFromUserGroup | Remove Users From User Group | Operation level | * | Supported |
| ResetPassword | Reset Password | Operation level | * | Supported |
| SendTestEmail | Send Test Email | Operation level | * | Supported |
| SendTestSms | Send Test Sms | Operation level | * | Supported |
| SetPassword | Set Password | Operation level | * | Supported |
| SetUserStore | Set User Store | Operation level | * | Supported |
| SwitchUserStore | Switch User Store | Operation level | * | Supported |
| UpdateAppFlow | Update App Flow | Operation level | * | Supported |
| UpdateApplicationAgreementFlow | Update Application Agreement Flow | Operation level | * | Supported |
| UpdateApplicationBaseConfig | Update Application Base Config | Operation level | * | Supported |
| UpdateApplicationForgetPwdFlow | Update Application Forget Password Flow | Operation level | * | Supported |
| UpdateApplicationForgetUsernameFlow | Update Application Forget Username Flow | Operation level | * | Supported |
| UpdateApplicationLoginFlow | Update Application Login Flow | Operation level | * | Supported |
| UpdateApplicationMfaFlow | Update Application Mfa Flow | Operation level | * | Supported |
| UpdateApplicationParamConfig | Update Application Param Config | Operation level | * | Supported |
| UpdateApplicationSecurityDomain | Update Application Security Domain | Operation level | * | Supported |
| UpdateApplicationSignupFlow | Update Application Signup Flow | Operation level | * | Supported |
| UpdateApplicationWxAppletLoginFlow | Update Application Weixin Applet Login Flow | Operation level | * | Supported |
| UpdateBillingResources | Update Billing Resources | Operation level | * | Supported |
| UpdateCaptureTemplateConfig | update capture template config | Operation level | * | Supported |
| UpdateEmailTemplateConfig | update email template config | Operation level | * | Supported |
| UpdateHostConfig | Update Host Config | Operation level | * | Supported |
| UpdateLogPushConfig | Update LogPush Config | Operation level | * | Supported |
| UpdatePolicy | Update Policy | Operation level | * | Supported |
| UpdateRealNameTemplateConfig | update real name template config | Operation level | * | Supported |
| UpdateScimSyncConfig | Update Scim Sync Config | Operation level | * | Supported |
| UpdateSmsTemplateConfig | uodate sms template config | Operation level | * | Supported |
| UpdateSocialAuthSource | Update Social Auth Source | Operation level | * | Supported |
| UpdateSyncConfigStatus | Update Sync Config Status | Operation level | * | Supported |
| UpdateTemplateConfig | Update Template Config | Operation level | * | Supported |
| UpdateUniversalAuthSource | Update Universal Auth Source | Operation level | * | Supported |
| UpdateUser | Update User | Operation level | * | Supported |
| UpdateUserGroup | Update User Group | Operation level | * | Supported |
| UpdateUserProperty | Update User Property | Operation level | * | Supported |
| UpdateUserStatus | Update User Status | Operation level | * | Supported |
| UpdateUserStore | Update User Store | Operation level | * | Supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckEmailTemplateConfig | check email templateConfig | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckLogin | Check Login | Operation level | * | Supported |
| CheckSmsTemplateConfig | check sms template config | Operation level | * | Supported |
| CheckUserStoreAsync | Check User Store Async | Operation level | * | Supported |
| DescribeActionByIds | Describe Action By Ids | Operation level | * | Supported |
| DescribeActionManagerView | Describe Action Manager View | Operation level | * | Supported |
| DescribeAllActionConfig | Describe All Action Config | Operation level | * | Supported |
| DescribeAllAdminViewConfig | Describe All Admin View Config | Operation level | * | Supported |
| DescribeAllFormConfig | Describe All Form Config | Operation level | * | Supported |
| DescribeAppFlowById | Describe App Flow By Id | Operation level | * | Supported |
| DescribeApplicationById | Describe Application By Id | Operation level | * | Supported |
| DescribeBillingResources | Describe Billing Resources | Operation level | * | Supported |
| DescribeDashboardCounts | Describe Dashboard Counts | Operation level | * | Supported |
| DescribeDataByContains | Describe Data By Contains | Operation level | * | Supported |
| DescribeDataByEquals | Describe Data By Equals | Operation level | * | Supported |
| DescribeDataByFinder | Describe Data By Finder | Operation level | * | Supported |
| DescribeDataByIds | Describe Data By Ids | Operation level | * | Supported |
| DescribeForm | Describe Form | Operation level | * | Supported |
| DescribeHostConfig | Describe Host Config | Operation level | * | Supported |
| DescribeLogPushConfigById | Describe LogPush Config By Id | Operation level | * | Supported |
| DescribeManageViewConfiguration | Describe Manage View Configuration | Operation level | * | Supported |
| DescribeManageViewData | Describe Manage View Data | Operation level | * | Supported |
| DescribeMenuTree | Describe Menu Tree | Operation level | * | Supported |
| DescribeMetaTypeDetail | Describe Meta Type Detail | Operation level | * | Supported |
| DescribeRecentLoginUsers | Describe Recent Login Users | Operation level | * | Supported |
| DescribeRecentRegisterUsers | Describe Recent Register Users | Operation level | * | Supported |
| DescribeRegionalDistribution | Describe Regional Distribution | Operation level | * | Supported |
| DescribeRsaPublicKey | Describe Rsa Public Key | Operation level | * | Supported |
| DescribeSocialAuthSourceById | Describe Social Auth Source By Id | Operation level | * | Supported |
| DescribeSyncConfigById | Describe Sync Config By Id | Operation level | * | Supported |
| DescribeTemplateConfig | Describe Template Config | Operation level | * | Supported |
| DescribeTreeDataByEquals | Describe Tree Data By Equals | Operation level | * | Supported |
| DescribeUniversalAuthSourceById | Describe Universal Auth Source By Id | Operation level | * | Supported |
| DescribeUser | Describe User | Operation level | * | Supported |
| DescribeUserById | Describe User By Id | Operation level | * | Supported |
| DescribeUserDetailById | Describe User Detail By Id | Operation level | * | Supported |
| DescribeUserGroupById | Describe User Group By Id | Operation level | * | Supported |
| DescribeUserGrowthTrend | Describe User Growth Trend | Operation level | * | Supported |
| DescribeUserPropertyById | Describe User Property By Id | Operation level | * | Supported |
| ListAttributeWithDefault | List Attribute With Default | Operation level | * | Supported |
| ListAuthSource | List Auth Source | Operation level | * | Supported |
| ListComponentType | List Component Type | Operation level | * | Supported |
| ListCustomUserAttr | List Custom Use rAttr | Operation level | * | Supported |
| ListInheritAttributes | List Inherit Attributes | Operation level | * | Supported |
| ListPartyThirdUserProperties | List Party Third User Properties | Operation level | * | Supported |
| ListSyncConfigs | List Sync Configs | Operation level | * | Supported |
| ListUserGroup | List User Group | Operation level | * | Supported |
| VerifyHostConfig | Verify Host Config | Operation level | * | Supported |
| VerifyTemplateConfig | Verify Template Config | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| ListApplicationByCondition | List Application By Condition | Operation level | * | Supported |
| ListJobs | List Jobs | Operation level | * | Supported |
| ListLogMessageByCondition | List Log Message By Condition | Operation level | * | Supported |
| ListLogPushConfig | List LogPush Config | Operation level | * | Supported |
| ListLogs | List Logs | Operation level | * | Supported |
| ListSocialAuthSourceByCondition | List Social Auth Source By Condition | Operation level | * | Supported |
| ListUniversalAuthSourceByCondition | List Universal Auth Source By Condition | Operation level | * | Supported |
| ListUser | List User | Operation level | * | Supported |
| ListUserAddEditPage | List User Add Edit Page | Operation level | * | Supported |
| ListUserByProperty | List User By Property | Operation level | * | Supported |
| ListUserGroups | List User Groups | Operation level | * | Supported |
| ListUserPropertyByCondition | List User Property By Condition | Operation level | * | Supported |
| ListUserStore | List User Store | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback