tencent cloud

Feedback

Customer Identity and Access Management

Last updated: 2024-02-29 09:16:25

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Customer Identity and Access MAnagement ciam Supported not supported Operation level Supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AddUsersToUserGroup Add Users To User Group Operation level * Supported
    ControlApplication Control Application Operation level * Supported
    ControlAuthSource Control Auth Source Operation level * Supported
    ControlLogPushConfig Control LogPush Config Operation level * Supported
    CreateApplication Create Application Operation level * Supported
    CreateBillingResources Create Billing Resources Operation level * Supported
    CreateFileExportUserJob Create File Export User Job Operation level * Supported
    CreateFileImportUserJob Create FileImport User Job Operation level * Supported
    CreateLogPushConfig Create LogPush Config Operation level * Supported
    CreateSocialAuthSource Create Social Auth Source Operation level * Supported
    CreateSyncConfig Create Sync Config Operation level * Supported
    CreateUniversalAuthSource Create Universal Auth Source Operation level * Supported
    CreateUser Create User Operation level * Supported
    CreateUserGroup Create User Group Operation level * Supported
    CreateUserProperty Create User Property Operation level * Supported
    CreateUserStore Create User Store Operation level * Supported
    CreateUserStoreAndDemoData Create User Store And Demo Data Operation level * Supported
    DeleteApplications Delete Applications Operation level * Supported
    DeleteAuthSource Delete Auth Source Operation level * Supported
    DeleteLogPushConfig Delete LogPush Config Operation level * Supported
    DeleteSyncConfigs Delete Sync Configs Operation level * Supported
    DeleteUserGroups Delete User Groups Operation level * Supported
    DeleteUserProperty Delete User Property Operation level * Supported
    DeleteUserStore Delete User Store Operation level * Supported
    DeleteUsers Delete Users Operation level * Supported
    ExecuteAction Execute Action Operation level * Supported
    ExecuteActionProcessor Execute Action Processor Operation level * Supported
    LinkAccount Link Account Operation level * Supported
    RemoveUsersFromUserGroup Remove Users From User Group Operation level * Supported
    ResetPassword Reset Password Operation level * Supported
    SendTestEmail Send Test Email Operation level * Supported
    SendTestSms Send Test Sms Operation level * Supported
    SetPassword Set Password Operation level * Supported
    SetUserStore Set User Store Operation level * Supported
    SwitchUserStore Switch User Store Operation level * Supported
    UpdateAppFlow Update App Flow Operation level * Supported
    UpdateApplicationAgreementFlow Update Application Agreement Flow Operation level * Supported
    UpdateApplicationBaseConfig Update Application Base Config Operation level * Supported
    UpdateApplicationForgetPwdFlow Update Application Forget Password Flow Operation level * Supported
    UpdateApplicationForgetUsernameFlow Update Application Forget Username Flow Operation level * Supported
    UpdateApplicationLoginFlow Update Application Login Flow Operation level * Supported
    UpdateApplicationMfaFlow Update Application Mfa Flow Operation level * Supported
    UpdateApplicationParamConfig Update Application Param Config Operation level * Supported
    UpdateApplicationSecurityDomain Update Application Security Domain Operation level * Supported
    UpdateApplicationSignupFlow Update Application Signup Flow Operation level * Supported
    UpdateApplicationWxAppletLoginFlow Update Application Weixin Applet Login Flow Operation level * Supported
    UpdateBillingResources Update Billing Resources Operation level * Supported
    UpdateHostConfig Update Host Config Operation level * Supported
    UpdateLogPushConfig Update LogPush Config Operation level * Supported
    UpdatePolicy Update Policy Operation level * Supported
    UpdateScimSyncConfig Update Scim Sync Config Operation level * Supported
    UpdateSocialAuthSource Update Social Auth Source Operation level * Supported
    UpdateSyncConfigStatus Update Sync Config Status Operation level * Supported
    UpdateTemplateConfig Update Template Config Operation level * Supported
    UpdateUniversalAuthSource Update Universal Auth Source Operation level * Supported
    UpdateUser Update User Operation level * Supported
    UpdateUserGroup Update User Group Operation level * Supported
    UpdateUserProperty Update User Property Operation level * Supported
    UpdateUserStatus Update User Status Operation level * Supported
    UpdateUserStore Update User Store Operation level * Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CheckLogin Check Login Operation level * Supported
    CheckUserStoreAsync Check User Store Async Operation level * Supported
    DescribeActionByIds Describe Action By Ids Operation level * Supported
    DescribeActionManagerView Describe Action Manager View Operation level * Supported
    DescribeAllActionConfig Describe All Action Config Operation level * Supported
    DescribeAllAdminViewConfig Describe All Admin View Config Operation level * Supported
    DescribeAllFormConfig Describe All Form Config Operation level * Supported
    DescribeAppFlowById Describe App Flow By Id Operation level * Supported
    DescribeApplicationById Describe Application By Id Operation level * Supported
    DescribeBillingResources Describe Billing Resources Operation level * Supported
    DescribeDashboardCounts Describe Dashboard Counts Operation level * Supported
    DescribeDataByContains Describe Data By Contains Operation level * Supported
    DescribeDataByEquals Describe Data By Equals Operation level * Supported
    DescribeDataByFinder Describe Data By Finder Operation level * Supported
    DescribeDataByIds Describe Data By Ids Operation level * Supported
    DescribeForm Describe Form Operation level * Supported
    DescribeHostConfig Describe Host Config Operation level * Supported
    DescribeLogPushConfigById Describe LogPush Config By Id Operation level * Supported
    DescribeManageViewConfiguration Describe Manage View Configuration Operation level * Supported
    DescribeManageViewData Describe Manage View Data Operation level * Supported
    DescribeMenuTree Describe Menu Tree Operation level * Supported
    DescribeMetaTypeDetail Describe Meta Type Detail Operation level * Supported
    DescribeRecentLoginUsers Describe Recent Login Users Operation level * Supported
    DescribeRecentRegisterUsers Describe Recent Register Users Operation level * Supported
    DescribeRegionalDistribution Describe Regional Distribution Operation level * Supported
    DescribeRsaPublicKey Describe Rsa Public Key Operation level * Supported
    DescribeSocialAuthSourceById Describe Social Auth Source By Id Operation level * Supported
    DescribeSyncConfigById Describe Sync Config By Id Operation level * Supported
    DescribeTemplateConfig Describe Template Config Operation level * Supported
    DescribeTreeDataByEquals Describe Tree Data By Equals Operation level * Supported
    DescribeUniversalAuthSourceById Describe Universal Auth Source By Id Operation level * Supported
    DescribeUser Describe User Operation level * Supported
    DescribeUserById Describe User By Id Operation level * Supported
    DescribeUserDetailById Describe User Detail By Id Operation level * Supported
    DescribeUserGroupById Describe User Group By Id Operation level * Supported
    DescribeUserGrowthTrend Describe User Growth Trend Operation level * Supported
    DescribeUserPropertyById Describe User Property By Id Operation level * Supported
    ListAttributeWithDefault List Attribute With Default Operation level * Supported
    ListAuthSource List Auth Source Operation level * Supported
    ListComponentType List Component Type Operation level * Supported
    ListCustomUserAttr List Custom Use rAttr Operation level * Supported
    ListInheritAttributes List Inherit Attributes Operation level * Supported
    ListPartyThirdUserProperties List Party Third User Properties Operation level * Supported
    ListSyncConfigs List Sync Configs Operation level * Supported
    ListUserGroup List User Group Operation level * Supported
    VerifyHostConfig Verify Host Config Operation level * Supported
    VerifyTemplateConfig Verify Template Config Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    ListApplicationByCondition List Application By Condition Operation level * Supported
    ListJobs List Jobs Operation level * Supported
    ListLogMessageByCondition List Log Message By Condition Operation level * Supported
    ListLogPushConfig List LogPush Config Operation level * Supported
    ListLogs List Logs Operation level * Supported
    ListSocialAuthSourceByCondition List Social Auth Source By Condition Operation level * Supported
    ListUniversalAuthSourceByCondition List Universal Auth Source By Condition Operation level * Supported
    ListUser List User Operation level * Supported
    ListUserAddEditPage List User Add Edit Page Operation level * Supported
    ListUserByProperty List User By Property Operation level * Supported
    ListUserGroups List User Groups Operation level * Supported
    ListUserPropertyByCondition List User Property By Condition Operation level * Supported
    ListUserStore List User Store Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support