Cloud Object Storage
Last updated: 2025-12-04 09:09:03
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| COS | cos | Supported | Supported | Resource level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AbortMultipartUpload | Abort multipart upload | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| AppendObject | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported | |
| AppendObject | append object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| CompleteMultipartUpload | Complete multipart upload task | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| CreateAutoBackup | Create auto backup for lhcos | Operation level | * | Supported |
| CreateInstantBackup | Create instant backup for lhcos. | Operation level | * | Supported |
| CreateJob | Create a COS Batch job | Operation level | * | Supported |
| CreateMigrateUser | create user | Operation level | * | Supported |
| CreateMigrateVoucherTask | craete task | Operation level | * | Supported |
| CreateMounting | Create LH-COS mounting point. | Operation level | * | Supported |
| DeleteBucket | Delete bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketCORS | Delete the cross-origin resource sharing (CORS) access control configuration from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketDomain | Delete bucket domain configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketDomainCertificate | delete domain certificate | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketEncryption | Delete bucket encryption configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketInventory | Delete bucket inventory configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketLifecycle | Delete the lifecycle configuration of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| DeleteBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| DeleteBucketOrigin | Delete bucket origin configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketPolicy | Delete a permission policy of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketReferer | Delete bucket referer | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketReplication | Delete the cross-bucket replication configuration from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketTagging | Delete the existing bucket tags from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketWebsite | Delete the static website configuration from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteJob | Delete COS Batch Job configuration | Operation level | * | Supported |
| DeleteMigrateUser | del migrate user | Operation level | * | Supported |
| DeleteMultipleObjects | Delete objects in bulk | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteObject | Delete object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| DeleteObjectTagging | Delete object tagging | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| InitiateMultipartUpload | Initiate multipart upload task | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PostBucketInventory | initiate instant inventory | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PostObject | Post object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PostObjectRestore | Restore an archive object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutBucket | Put bucket | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutBucketACL | Put bucket ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketAccelerate | Put bucket accelerate configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketAccessMonitor | put bucket access monitor | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutBucketBandwidthQuota | PUT Bucket Bandwidth Quota | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutBucketCORS | Configure bucket cross-domain resource sharing | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketDomain | Put bucket domain configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketDomainCertificate | bind domain certificate | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutBucketEncryption | Put bucket encryption configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketIntelligentTiering | Enable intelligent tiered storage for buckets | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketInventory | Put bucket inventory configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketLifecycle | Put bucket lifecycle configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketLogging | Put bucket logging configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketLoggingAnalysis | Put bucket logging analysis configuration | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* qcs::cls: |
Supported |
| PutBucketNotification | Put bucket notification configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketObjectLock | Put bucket object lock configuration | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| PutBucketOrigin | Put bucket origin configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketPolicy | Put bucket policy | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketReferer | Put bucket referer | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketReplication | Put bucket replication configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketResponseControl | Put bucket response control | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutBucketTagging | Put bucket tagging | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketVersioning | Put bucket versioning configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketWebsite | Put bucket website configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutObject | Put object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutObjectCopy | Copy object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutObjectLegalHold | Put object legal hold control | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutObjectRetention | Put object retention | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutObjectTagging | Put object tagging | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| PutSymlink | Create Symlink | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| RenameObject | rename object, supported by ofs only | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| TruncateObject | truncate object, supported by ofs only | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| UpdateJobPriority | Update a COS Batch job priority | Operation level | * | Supported |
| UpdateJobStatus | Update a COS Batch job status | Operation level | * | Supported |
| UpgradeBucketBandwidthQuota | UPGRADE Bucket Bandwidth Quota | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| UploadPart | Upload part | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| UploadPartCopy | Copy upload parts | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAutoBackup | Describe auto backup for lhcos. | Operation level | * | Supported |
| DescribeBackupTask | Describe backup task for lhcos | Operation level | * | Supported |
| DescribeCosPackages | DescribeCosPackages | Operation level | * | Supported |
| DescribeGetOneYuanPackages | get one yuan pkg list | Resource level | qcs::cos:${Region}:uin/:TopicName/${TopicName} | Supported |
| DescribeGsPkgConfig | get gs config | Operation level | * | Supported |
| DescribeGsUinOverview | DescribeGsUinOverview | Operation level | * | Supported |
| DescribeGsUser | get user regist ingo | Operation level | * | Supported |
| DescribeJob | Describe a specified COS Batch job information | Operation level | * | Supported |
| DescribeLHPackages | Get lighthouse cos packages | Resource level | qcs::cos:${Region}:uin/:TopicName/${TopicName} | Supported |
| DescribeMigrateInfo | get user info | Operation level | * | Supported |
| DescribePkgUsedDetail | get pkg deduct info | Operation level | * | Supported |
| DescribeQueryUsedDetail | get pkg used detail | Resource level | qcs::cos:${Region}:uin/:TopicName/${TopicName} | Supported |
| GetBucketACL | Get bucket ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketAccelerate | Get bucket accelerate configuration. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketAccessMonitor | Get bucket access monitor | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketBandwidthQuota | GET Bucket Bandwidth Quota | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketCORS | Query the cross-origin resource sharing (CORS) access control configuration of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketDomain | Get bucket domain configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketDomainCertificate | get domain certificate status | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketEncryption | Get Bucket encryption configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketIntelligentTiering | Obtain storage bucket intelligent tiered storage configuration information | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketInventory | Get bucket inventory configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketInventoryJob | List bucket instant inventory job and get progress of instant inventory jobs. | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketLifecycle | Query the lifecycle configuration of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketLocation | Get bucket location information | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketLogging | Query the logging configuration of the bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketLoggingAnalysis | Get bucket logging analysis configuration | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketNotification | Query the notification configuration of the bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketObjectLock | Get bucket object lock configuration | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketObjectVersions | List historical versions of objects in the bucket | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| GetBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| GetBucketOrigin | Get bucket origin configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketPolicy | Read the permission policy of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketReferer | Get bucket referer | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketReplication | Query the cross-bucket replication configuration of a bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketResponseControl | Get bucket response control | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketTagging | Query the existing bucket tags of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketVersioning | Get the versioning information of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketWebsite | Query the configuration of static websites associated with a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetObject | Get object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetObject | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported | |
| GetObjectACL | Get object ACL | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetObjectLegalHold | Get object legal hold status. | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetObjectRetention | Get object retention | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetObjectTagging | Get object tagging | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetSymlink | Get Symlink | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| HeadBucket | Get basic information about the bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| HeadObject | Get basic information about the object | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| InquirePriceCreateLHPackageByConfigIds | get price by configIds | Resource level | qcs::cos:${Region}:uin/:TopicName/${TopicName} | Supported |
| ListJobs | List COS Batch jobs of CAM user | Operation level | * | Supported |
| ListMultipartUploads | List multipart upload tasks | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| ListParts | List uploaded parts | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| OptionsObject | Preflight request for CORS | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribePkgList | get pkg list for console | Operation level | * | Supported |
| DescribeStatCosPackage | get user\\\'s package ingo | Operation level | * | Supported |
| DescribeUinDayAmountByTime | DescribeUinDayAmountByTime | Operation level | * | Supported |
| GetBucket | List the objects in the bucket | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetService | List buckets | Operation level | * | Supported |
| ListAutoBackups | List auto backups | Operation level | * | Supported |
| ListBackupTasks | List backup tasks for lhcos | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback