tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation

    Cloud Object Storage

    Last updated: 2024-05-02 09:05:11

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      COS cos Supported Supported Resource level Supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      AbortMultipartUpload Abort multipart upload Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      DescribeBackupTask Describe backup task for lhcos Operation level * Supported
      DescribeJob Describe a specified COS Batch job information Operation level * Supported
      GetBucket List the objects in the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetBucketACL Get bucket ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketAccelerate Get bucket accelerate configuration. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketCORS Query the cross-origin resource sharing (CORS) access control configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketDomain Get bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketDomainCertificate get domain certificate status Resource level * Supported
      GetBucketEncryption Get Bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketIntelligentTiering Obtain storage bucket intelligent tiered storage configuration information Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketInventory Get bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketLifecycle Query the lifecycle configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketLocation Get bucket location information Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketLogging Query the logging configuration of the bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketNotification Query the notification configuration of the bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketObjectLock Get bucket object lock configuration Resource level qcs::cos:${region}:uid/${appid}:${bucket-appid}/* Supported
      GetBucketObjectVersions List historical versions of objects in the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketOrigin Get bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketPolicy Read the permission policy of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketReferer Get bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketReplication Query the cross-bucket replication configuration of a bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketTagging Query the existing bucket tags of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketVersionAcl Get bucket version Acl Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketVersioning Get the versioning information of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetBucketWebsite Query the configuration of static websites associated with a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetLiveChannel get the channel\'s param、status or histroy logs Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      GetObject Get object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetObject Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetObjectACL Get object ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetObjectLegalHold Get object legal hold status. Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
      GetObjectRetention Get object retention Operation level * Supported
      GetObjectTagging Get object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetObjectVersionAcl Get object version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetService List buckets Operation level * Supported
      GetSymlink Get Symlink Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      GetVodPlayList get the vod playlis in specified time Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      HeadBucket Get basic information about the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      HeadObject Get basic information about the object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      ListJobs List COS Batch jobs of CAM user Operation level * Supported
      ListMultipartUploads List multipart upload tasks Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      ListParts List uploaded parts Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      OptionsObject Preflight request for CORS Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      AppendObject Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      AppendObject append object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      CompleteMultipartUpload Complete multipart upload task Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      CreateJob Create a COS Batch job Operation level * Supported
      DeleteBucket Delete bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketCORS Delete the cross-origin resource sharing (CORS) access control configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketDomain Delete bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketDomainCertificate delete domain certificate Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketEncryption Delete bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketInventory Delete bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketLifecycle Delete the lifecycle configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketOrigin Delete bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketPolicy Delete a permission policy of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketReferer Delete bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketReplication Delete the cross-bucket replication configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketTagging Delete the existing bucket tags from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteBucketWebsite Delete the static website configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteJob Delete COS Batch Job configuration Operation level * Supported
      DeleteLiveChannel delete a specified channel Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteMultipleObjects Delete objects in bulk Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      DeleteObject Delete object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      DeleteObjectTagging Delete object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      InitiateMultipartUpload Initiate multipart upload task Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PostBucketInventory initiate instant inventory Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PostObject Post object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PostObjectRestore Restore an archive object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PostVodPlayList create a vod playlis in specified time and upload it into the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PushStream push audio/video streaming data into bucket by created channel Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucket Put bucket Operation level * Supported
      PutBucketACL Put bucket ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketAccelerate Put bucket accelerate configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketCORS Configure bucket cross-domain resource sharing Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketDomain Put bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketDomainCertificate bind domain certificate Resource level * Supported
      PutBucketEncryption Put bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketIntelligentTiering Enable intelligent tiered storage for buckets Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketInventory Put bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketLifecycle Put bucket lifecycle configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketLogging Put bucket logging configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketNotification Put bucket notification configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketObjectLock Put bucket object lock configuration Operation level * Supported
      PutBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketOrigin Put bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketPolicy Put bucket policy Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketReferer Put bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketReplication Put bucket replication configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketTagging Put bucket tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketVersionAcl Put bucket version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketVersioning Put bucket versioning configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutBucketWebsite Put bucket website configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutLiveChannel create a channel which can be used to push stream, modify a channel\'s switch Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      PutObject Put object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PutObjectACL Put object ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PutObjectCopy Copy object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PutObjectLegalHold Put object legal hold control Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
      PutObjectRetention Put object retention Resource level qcs::cos:${region}:uid/${appid}:bucket-appid/* Supported
      PutObjectTagging Put object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PutObjectVersionAcl Put object version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      PutSymlink Create Symlink Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      RenameObject rename object, supported by ofs only Resource level * Supported
      TruncateObject truncate object, supported by ofs only Resource level * Supported
      UpdateJobPriority Update a COS Batch job priority Operation level * Supported
      UpdateJobStatus Update a COS Batch job status Operation level * Supported
      UploadPart Upload part Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
      UploadPartCopy Copy upload parts Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      ListLiveChannels list the created channels in a bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy