tencent cloud

Feedback

Cloud Object Storage

Last updated: 2024-05-26 09:23:21

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    COS cos Supported Supported Resource level Supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AbortMultipartUpload Abort multipart upload Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    DescribeBackupTask Describe backup task for lhcos Operation level * Supported
    DescribeJob Describe a specified COS Batch job information Operation level * Supported
    GetBucket List the objects in the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetBucketACL Get bucket ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketAccelerate Get bucket accelerate configuration. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketCORS Query the cross-origin resource sharing (CORS) access control configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketDomain Get bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketDomainCertificate get domain certificate status Resource level * Supported
    GetBucketEncryption Get Bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketIntelligentTiering Obtain storage bucket intelligent tiered storage configuration information Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketInventory Get bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketLifecycle Query the lifecycle configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketLocation Get bucket location information Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketLogging Query the logging configuration of the bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketNotification Query the notification configuration of the bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketObjectLock Get bucket object lock configuration Resource level qcs::cos:${region}:uid/${appid}:${bucket-appid}/* Supported
    GetBucketObjectVersions List historical versions of objects in the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketOrigin Get bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketPolicy Read the permission policy of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketReferer Get bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketReplication Query the cross-bucket replication configuration of a bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketTagging Query the existing bucket tags of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketVersionAcl Get bucket version Acl Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketVersioning Get the versioning information of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetBucketWebsite Query the configuration of static websites associated with a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetLiveChannel get the channel\'s param、status or histroy logs Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    GetObject Get object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetObject Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetObjectACL Get object ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetObjectLegalHold Get object legal hold status. Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
    GetObjectRetention Get object retention Operation level * Supported
    GetObjectTagging Get object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetObjectVersionAcl Get object version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetService List buckets Operation level * Supported
    GetSymlink Get Symlink Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    GetVodPlayList get the vod playlis in specified time Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    HeadBucket Get basic information about the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    HeadObject Get basic information about the object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    ListJobs List COS Batch jobs of CAM user Operation level * Supported
    ListMultipartUploads List multipart upload tasks Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    ListParts List uploaded parts Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    OptionsObject Preflight request for CORS Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AppendObject Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    AppendObject append object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    CompleteMultipartUpload Complete multipart upload task Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    CreateJob Create a COS Batch job Operation level * Supported
    DeleteBucket Delete bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketCORS Delete the cross-origin resource sharing (CORS) access control configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketDomain Delete bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketDomainCertificate delete domain certificate Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketEncryption Delete bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketInventory Delete bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketLifecycle Delete the lifecycle configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketOrigin Delete bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketPolicy Delete a permission policy of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketReferer Delete bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketReplication Delete the cross-bucket replication configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketTagging Delete the existing bucket tags from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteBucketWebsite Delete the static website configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteJob Delete COS Batch Job configuration Operation level * Supported
    DeleteLiveChannel delete a specified channel Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteMultipleObjects Delete objects in bulk Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    DeleteObject Delete object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    DeleteObjectTagging Delete object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    InitiateMultipartUpload Initiate multipart upload task Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PostBucketInventory initiate instant inventory Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PostObject Post object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PostObjectRestore Restore an archive object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PostVodPlayList create a vod playlis in specified time and upload it into the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PushStream push audio/video streaming data into bucket by created channel Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucket Put bucket Operation level * Supported
    PutBucketACL Put bucket ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketAccelerate Put bucket accelerate configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketCORS Configure bucket cross-domain resource sharing Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketDomain Put bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketDomainCertificate bind domain certificate Resource level * Supported
    PutBucketEncryption Put bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketIntelligentTiering Enable intelligent tiered storage for buckets Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketInventory Put bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketLifecycle Put bucket lifecycle configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketLogging Put bucket logging configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketNotification Put bucket notification configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketObjectLock Put bucket object lock configuration Operation level * Supported
    PutBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketOrigin Put bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketPolicy Put bucket policy Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketReferer Put bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketReplication Put bucket replication configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketTagging Put bucket tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketVersionAcl Put bucket version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketVersioning Put bucket versioning configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutBucketWebsite Put bucket website configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutLiveChannel create a channel which can be used to push stream, modify a channel\'s switch Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    PutObject Put object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PutObjectACL Put object ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PutObjectCopy Copy object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PutObjectLegalHold Put object legal hold control Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
    PutObjectRetention Put object retention Resource level qcs::cos:${region}:uid/${appid}:bucket-appid/* Supported
    PutObjectTagging Put object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PutObjectVersionAcl Put object version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    PutSymlink Create Symlink Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    RenameObject rename object, supported by ofs only Resource level * Supported
    TruncateObject truncate object, supported by ofs only Resource level * Supported
    UpdateJobPriority Update a COS Batch job priority Operation level * Supported
    UpdateJobStatus Update a COS Batch job status Operation level * Supported
    UploadPart Upload part Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
    UploadPartCopy Copy upload parts Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    ListLiveChannels list the created channels in a bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support