tencent cloud

Feedback

Private DNS

Last updated: 2024-04-22 09:19:43

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Private DNS privatedns Supported not supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CheckDomainVpcConflict Check for conflicts between VPCs bound to private domains Operation level * Supported
    CheckRoleAuthorize Query whether the role is authorized. Operation level * Supported
    DescribeAccountVpcList Query the VPC list of PrivateDNS binded accounts Operation level * Supported
    DescribeCreateRecordListResult Query batch add private domain resolution records results. Operation level * Supported
    DescribeCreateZoneListResult Query batch created private domains results. Operation level * Supported
    DescribeDashboard Describe Product Dashboard Operation level * Supported
    DescribeDefaultCLSLog Query the default CLS log set Operation level * Supported
    DescribeEndPointRegion Query the enabled region of the terminal node Operation level * Supported
    DescribeForwardRule Query forwarding rule details Operation level * Supported
    DescribeImportTemplateUrl Query file import parsing record template Operation level * Supported
    DescribePrivateZone Describe Private Zone Resource level qcs::privatedns::zone/1036 Supported
    DescribePrivateZoneService Describe Private Zone Service Status Operation level * Supported
    DescribeQuotaUsage Query quota usage (including TLD quota at present) Operation level * Supported
    DescribeRecordsExportFileUrl Batch export of resolution records according to private domain ID Operation level * Supported
    DescribeRequestData Describe Record Request Statistics Data Operation level * not supported
    DescribeUserConfig Get User Current Config Operation level * not supported
    DescribeZoneCLSLog Querying CLS log sets bound to private dns Operation level * Supported

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CreateDefaultCLSLog Create a default CLS log set, log subject, and index, and enable log push for the current private domain. Operation level * Supported
    CreateEndPoint Create a end point Operation level * Supported
    CreateEndPointAndEndPointService Simultaneously create an endpoint service and an endpoint. Operation level * Supported
    CreateForwardRule Create a custom forwarding rule Operation level * Supported
    CreatePrivateDNSAccount Create PrivateDNS account Operation level * Supported
    CreatePrivateZone Create Private Zone Operation level * Supported
    CreatePrivateZoneList Batch add PrivateDNS. Operation level * Supported
    CreatePrivateZoneRecord Create Private Zone Record Resource level qcs::privatedns::zone/1036 Supported
    CreatePrivateZoneRecordList Batch add PrivateDNS resolution records. Operation level * Supported
    DeleteEndPoint Delete end point Operation level * Supported
    DeleteForwardRule Delete forwarding rule Operation level * Supported
    DeletePrivateDNSAccount delete PrivateDNS bound account Operation level * Supported
    DeletePrivateZone Delete Private Zone Resource level qcs::privatedns::zone/${ZoneId} Supported
    DeletePrivateZoneRecord Delete Private Zone Record Resource level qcs::privatedns::zone/${ZoneId} Supported
    ModifyForwardRule Modify forwarding rules Operation level * Supported
    ModifyPrivateZone Modify Private Zone Resource level qcs::privatedns::zone/1036 Supported
    ModifyPrivateZoneRecord Modify Private Zone Record Resource level qcs::privatedns::zone/${ZoneId} Supported
    ModifyPrivateZoneVpc Modify Private Zone Binded VPC Resource level qcs::privatedns::zone/${ZoneId} Supported
    ModifyRecordsStatus Modify resolution record status Operation level * Supported
    ModifyResourcePackage Modify Resource Package Status Resource level qcs::privatedns::uin/${uin}:resource/${resourceId} not supported
    ModifyUserConfig Modify User Config Operation level * not supported
    ModifyZoneCLSLog Modify the log set of the private dns binding. Operation level * Supported
    SubscribePrivateZoneService Subscribe Private Zone Service Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAuditLog Describe User Audit Log List Operation level * not supported
    DescribeEndPointList Query end point list Operation level * Supported
    DescribeForwardRuleList Query forwarding rule list Operation level * Supported
    DescribePrivateDNSAccountList query the account list bound to the PrivateDNS Operation level * not supported
    DescribePrivateZoneList Describe Private Zone List Resource level qcs::privatedns::zone/${ZoneId} not supported
    DescribePrivateZoneRecordList Describe Private Zone Record List Resource level qcs::privatedns::zone/1036 Supported
    DescribeResourcePackageList Describe Resource Package List Resource level qcs::privatedns::uin/${uin}:resource/${resourceId} Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support