tencent cloud

Private DNS
Download PDF
Last updated:2026-01-27 09:51:55
Private DNS
Last updated: 2026-01-27 09:51:55
Download PDF

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
Private DNS privatedns Supported Supported Resource level Supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AddSpecifyPrivateZoneVpc Add Specify Private Zone Vpc Operation level * Supported
CreateDefaultCLSLog Create a default CLS log set, log subject, and index, and enable log push for the current private domain. Operation level * Supported
CreateEndPoint Create a end point Operation level * Supported
CreateEndPointAndEndPointService Simultaneously create an endpoint service and an endpoint. Operation level * Supported
CreateExtendEndpoint Create Extend Endpoint Operation level * Supported
CreateForwardRule Create a custom forwarding rule Operation level * Supported
CreateInboundEndpoint create inbound endpoint Operation level * Supported
CreatePrivateDNSAccount Create PrivateDNS account Operation level * Supported
CreatePrivateZone Create Private Zone Resource level qcs::privatedns::uin/${uin}:zone/${zoneId} Supported
CreatePrivateZoneList Batch add PrivateDNS. Operation level * Supported
CreatePrivateZoneRecord Create Private Zone Record Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
CreatePrivateZoneRecordList Batch add PrivateDNS resolution records. Operation level * Supported
DeleteEndPoint Delete end point Operation level * Supported
DeleteForwardRule Delete forwarding rule Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DeleteInboundEndpoint delete inbound endpoint Operation level * Supported
DeletePrivateDNSAccount delete PrivateDNS bound account Operation level * Supported
DeletePrivateZone Delete Private Zone Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DeletePrivateZoneRecord Delete Private Zone Record Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DeleteSpecifyPrivateZoneVpc Delete Specify Private Zone Vpc Operation level * Supported
ModifyForwardRule Modify forwarding rules Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
ModifyInboundEndpoint modify inbound endpoint Operation level * Supported
ModifyPrivateZone Modify Private Zone Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
ModifyPrivateZoneRecord Modify Private Zone Record Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
ModifyPrivateZoneVpc Modify Private Zone Binded VPC Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
ModifyRecordsStatus Modify resolution record status Operation level * Supported
ModifyResourcePackage Modify Resource Package Status Resource level qcs::privatedns::uin/${uin}:resource/${resourceId} Supported
ModifyUserConfig Modify User Config Operation level * Supported
ModifyZoneCLSLog Modify the log set of the private dns binding. Operation level * Supported
SubscribeForwardRuleService Subscribe Forward Rule Service Operation level * Supported
SubscribePrivateZoneService Subscribe Private Zone Service Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckDomainVpcConflict Check for conflicts between VPCs bound to private domains Operation level * Supported
CheckRoleAuthorize Query whether the role is authorized. Operation level * Supported
DescribeAccountVpcList Query the VPC list of PrivateDNS binded accounts Operation level * Supported
DescribeCCNID describe ccnid Operation level * Supported
DescribeCreateRecordListResult Query batch add private domain resolution records results. Operation level * Supported
DescribeCreateZoneListResult Query batch created private domains results. Operation level * Supported
DescribeDashboard Describe Product Dashboard Operation level * Supported
DescribeDefaultCLSLog Query the default CLS log set Operation level * Supported
DescribeEndPointRegion Query the enabled region of the terminal node Operation level * Supported
DescribeForwardRule Query forwarding rule details Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DescribeForwardRuleService Describe Forward Rule Service Status Operation level * Supported
DescribeImportRecordsResult Query file import parsing record results Operation level * Supported
DescribeImportTemplateUrl Query file import parsing record template Operation level * Supported
DescribeInboundEndpointList describe inbound endpoint list Operation level * Supported
DescribePrivateZone Describe Private Zone Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DescribePrivateZoneService Describe Private Zone Service Status Operation level * Supported
DescribeQuotaUsage Query quota usage (including TLD quota at present) Operation level * Supported
DescribeRecord Describe Record Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DescribeRecordsExportFileUrl Batch export of resolution records according to private domain ID Operation level * Supported
DescribeRegionList Describe Region List Operation level * Supported
DescribeRequestData Describe Record Request Statistics Data Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DescribeUploadUrl Query temporary upload URL Operation level * Supported
DescribeUserConfig Get User Current Config Operation level * Supported
DescribeZoneCLSLog Querying CLS log sets bound to private dns Operation level * Supported
QueryAsyncBindVpcStatus Query Async Bind Vpc Status Operation level * Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeAuditLog Describe User Audit Log List Operation level * Supported
DescribeEndPointList Query end point list Operation level * Supported
DescribeExtendEndpointList Describe Extend Endpoint List Operation level * Supported
DescribeForwardRuleList Query forwarding rule list Operation level * Supported
DescribePrivateDNSAccountList query the account list bound to the PrivateDNS Operation level * Supported
DescribePrivateZoneList Describe Private Zone List Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DescribePrivateZoneRecordList Describe Private Zone Record List Resource level qcs::privatedns::uin/${uin}:zone/${zone} Supported
DescribeResourcePackageList Describe Resource Package List Resource level qcs::privatedns::uin/${uin}:resource/${resourceId} Supported
DescribeVpcRegionList List of Supported VPC Regions Operation level * Supported
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback