tencent cloud

Cloud Access Management

Product Introduction
CAM Overview
Features
Scenarios
Basic Concepts
Use Limits
User Types
Purchase Guide
Getting Started
Creating Admin User
Creating and Authorizing Sub-account
Logging In to Console with Sub-account
User Guide
Overview
Users
Access Key
User Groups
Role
Identity Provider
Policies
Permissions Boundary
Troubleshooting
Downloading Security Analysis Report
CAM-Enabled Role
Overview
Compute
Container
Microservice
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Database SaaS Service
Networking
CDN and Acceleration
Network Security
Data Security
Application Security
Domains & Websites
Big Data
Middleware
Interactive Video Services
Real-Time Interaction
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
CAM-Enabled API
Overview
Compute
Edge Computing
Container
Distributed cloud
Microservice
Serverless
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Networking
CDN and Acceleration
Network Security
Endpoint Security
Data Security
Business Security
Application Security
Domains & Websites
Office Collaboration
Big Data
Voice Technology
Image Creation
Tencent Big Model
AI Platform Service
Natural Language Processing
Optical Character Recognition
Middleware
Communication
Interactive Video Services
Real-Time Interaction
Stream Services
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Education Sevices
Medical Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
Use Cases
Security Practical Tutorial
Multi-Identity Personnel Permission Management
Authorizing Certain Operations by Tag
Supporting Isolated Resource Access for Employees
Enterprise Multi-Account Permissions Management
Reviewing Employee Operation Records on Tencent Cloud
Implementing Attribute-Based Access Control for Employee Resource Permissions Management
During tag-based authentication, only tag key matching is supported
Business Use Cases
TencentDB for MySQL
CLB
CMQ
COS
CVM
VPC
VOD
Others
API Documentation
History
Introduction
API Category
Making API Requests
User APIs
Policy APIs
Role APIs
Identity Provider APIs
Data Types
Error Codes
FAQs
Role
Key
Others
CAM Users and Permissions
Glossary
DocumentationCloud Access ManagementCAM-Enabled APIServerlessServerless Cloud Function

Serverless Cloud Function

PDF
Focus Mode
Font Size
Last updated: 2026-03-28 09:24:54

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
Serverless Cloud Function scf Supported Supported Resource level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
BatchResumeService resume service Operation level * Supported
BatchSuspendService suspend service Operation level * Supported
BindPackageResource BindPackageResource Resource level qcs::scf::uin/${uin}:package/${PackageId} not supported
BindTrigger scf bind trigger Operation level * Supported
BuildDebugConnection Build the connection of debug Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
ChangeTcbBackendClsType ChangeTcbBackendClsType Operation level * Supported
ConvertPayMode ConvertPayMode Operation level * Supported
CopyFunction copy function Operation level * Supported
CreateAlias create a function\\\\\\\\\\\\\\\'s alias Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func Supported
CreateCustomDomain Users create custom domain to route to functions Resource level qcs::scf:${region}:uin/${uin}:domain/* Supported
CreateDataJob CreateDataJob Operation level * not supported
CreateDataTask Create Data Task Operation level * not supported
CreateDebugVersion create debug version Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
CreateFunctionDestination create function destination delivery configuration Operation level * Supported
CreateFunctionTemplate create function template Operation level * Supported
CreateNamespace create a namespace Operation level * Supported
CreatePlugin CreatePlugin Operation level * Supported
CreateResource CreateResource Operation level * Supported
CreateTrigger CreateTrigger Operation level * Supported
CreateWorkflow create workflow cluster Operation level * Supported
CreateWorkflowNamespace create workflow namespace Operation level * Supported
CreateWorkflowSecret create workflow secret Operation level * Supported
CreateWorkflowStorage create workflow storage Operation level * Supported
CreateWorkflowUser create workfow user info Operation level * not supported
DeleteAlias delete function alias Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
DeleteCustomDomain delete custom domain Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
DeleteDataJob DeleteDataJob Operation level * not supported
DeleteDataTask Delete Data Task Operation level * not supported
DeleteFunction delete function Operation level * Supported
DeleteFunctionDestination Delete Function Destination configurations Operation level * Supported
DeleteFunctionVersion delete function input version Operation level * Supported
DeleteLayerVersion Delete the specified version of the specified layer. but it will not affect the function that is referencing this layer. Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
DeleteNamespace delete the namespace Operation level * Supported
DeletePlugin DeletePlugin Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
DeletePluginVersion DeleteFunctionVersion Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
DeleteProvisionedConcurrencyConfig Delete provisioned concurrency config of specified function or function version Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
DeleteReservedConcurrencyConfig Delete reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
DeleteTrigger DeleteTrigger Operation level * Supported
DeleteWorkflow delete workflow cluster Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} Supported
DeleteWorkflowNamespace delete workflow namespace Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId}/${Namespace} Supported
DeleteWorkflowSecret delete workflow secret Operation level * Supported
DeleteWorkflowStorage delete workflow storage Operation level * Supported
DeleteWorkflowUser delete workflow user Operation level * not supported
Invoke Invoke Funciton Operation level * Supported
InvokeFunction invokefunction Operation level * Supported
InvokeFunctionUrl Function URL Invoke Interface Resource level qcs::scf:${region}:uin/${uin}:namespace/${Namespace}/function/${FunctionName} Supported
ManageArgoController manager argo controller Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} not supported
ManageWorkflowLogging mangaer workflow logging Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} not supported
ModifyPreCheck Modify pkg Pre Check Operation level * Supported
ModifyUserPermissions modify user permissions Operation level * not supported
ModifyWorkflowSecret modify workflow secret Operation level * not supported
ModifyWorkflowTenant modify workflow tenant info Operation level * not supported
PublishLayerVersion Creates a new version of a layer using the given zip file or cos object. Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
PublishPluginVersion PublishPluginVersion Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
PutProvisionedConcurrencyConfig Set provisioned concurrency config of specified functonvresion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
PutReservedConcurrencyConfig Set reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
SetTrigger Operation level * not supported
StartDebugMode Open debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
StartDebugging Open debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
StopDebugMode Stop debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
StopDebugging Stop debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
TerminateAsyncEvent terminate async event Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
UnbindTrigger scf unbind trigger Operation level * Supported
UpdateAlias update alias\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'s config Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
UpdateAppConfig update app config Operation level * Supported
UpdateCustomDomain update custom domain config Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
UpdateDataJob UpdateDataJob Operation level * not supported
UpdateDataTask Update Data Task Operation level * not supported
UpdateDebugInsContainTime udpate debug instance contain time Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func not supported
UpdateFunction Operation level * not supported
UpdateFunctionCode update function code Operation level * Supported
UpdateFunctionDestination Update function destination configuration Operation level * Supported
UpdateFunctionEventInvokeConfig UpdateFunctionEventInvokeConfig Resource level qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} Supported
UpdateFunctionIncrementalCode Update Function IncrementalCode Resource level qcs::scf:${region}:uin/${uin}:namespace/${namespace}/function/${functionName} Supported
UpdateNamespace Operation level * Supported
UpdateTrigger UpdateTrigger Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckCreate checkcreate Operation level * Supported
CheckModify CheckModify Operation level * Supported
CheckMonthResource Check Resource Operation level * not supported
CheckSearchLogs CheckSearchLogs Operation level * Supported
CreateFunction create function Operation level * Supported
DescribeImageAccelerateInfo get imageAccelerate info Operation level * Supported
DescribeUserResources describe user resource info Operation level * Supported
GetAccount get account info Operation level * Supported
GetAccountSettings Operation level * not supported
GetAlias get alias info Operation level * Supported
GetAsyncEventOverview get async event overview Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetAsyncEventStatus get async event status Operation level * Supported
GetBatchUserInfo get user global info Operation level * Supported
GetBeianResource get beian resource Operation level * not supported
GetCloudStudioAccessInfo get coud studio access info Operation level * Supported
GetCloudStudioTicket get cloud stdio tmpToken Operation level * Supported
GetContainerLoginToken GetContainerLoginToken Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func Supported
GetCustomDomain describe custom domain info Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
GetDebuggingInfo Get info of debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetDemoAddress get function demo download address Operation level * Supported
GetDemoDetail get demo detail Operation level * Supported
GetFunction get function detail Operation level * Supported
GetFunctionEventInvokeConfig GetFunctionEventInvokeConfig Operation level * Supported
GetFunctionLogs Get function log Operation level * Supported
GetFunctionSAM Operation level * Supported
GetFunctionTemplate get function template detail Operation level * Supported
GetFunctionsByPlugin GetFunctionsByPlugin Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
GetLayerVersion Get layer version details, including links to download files in layers. Operation level * Supported
GetPackageTotalNum get all region package num Operation level * not supported
GetPkgsInfo Get prepaid resource pack details Operation level * Supported
GetPluginInfo GetPluginInfo Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
GetPostAmount GetPostAmount Operation level * Supported
GetProvisionedConcurrencyConfig Get provisioned concurrency config of specified function or functionversion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetRequestStatus get request status Operation level * Supported
GetReservedConcurrencyConfig Get reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetUserEipQuota get user eip quota Operation level * Supported
GetUserInfo GetUserInfo Operation level * Supported
GetUserResourceAmount Get User Resource Amount Operation level * Supported
GetWorkflow get workflow detail Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} Supported
GetWorkflowProgress get workflow progress Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} not supported
GetWorkflowUserAccessToken get workflow user token Operation level * not supported
GetWorkflowUserInfo get workflow user info Operation level * not supported
ListAliases ListAliases Operation level * Supported
ListAsyncEvents list async events Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
ListDemo list function demos Operation level * Supported
ListFunctionDestinations List Function Destination Configurations Operation level * Supported
ListFunctionInstances list function instances Operation level * Supported
ListFunctionTestModels Operation level * Supported
ListFunctionVersions list function versions Resource level qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} Supported
ListFunctions ListFunctions Operation level * Supported
ListGoods ListGoods Operation level * Supported
ListHelpDoc list help doc Operation level * Supported
ListIntranetAddress list intranet address Operation level * Supported
ListIntranetAddressInternal ListIntranetAddressInternal Operation level * Supported
ListNamespaces list namespace info Operation level * Supported
ListPluginVersions ListPluginVersions Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
ListPlugins get plugins list Resource level qcs::scf:${region}:uin/${uin}:plugin/${pluginName} Supported
ListResourceInventory ListResourceInventory Operation level * not supported
ListTriggers list triggers Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
ListVersion Operation level * not supported
ListVersionByFunction list function versions Operation level * Supported
UpdateFunctionConfiguration update function configuration Operation level * Supported

Other Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CreateSession create session Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func not supported
UpdateSessionStatus update session status Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func not supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeMonthResources describe month pkg infos Operation level * Supported
ListCustomDomains list custom domain info Resource level qcs::scf::uin/${uin}:domain/${Domain} Supported
ListDataJobs ListDataJobs Operation level * not supported
ListDataTasks List Data Tasks Operation level * not supported
ListLayerVersions Returns information about all versions of the specified layer Operation level * Supported
ListLayers Returns a list of all layers, which contains information about the latest version of each layer, which can be filtered by the adaptation runtime. Resource level qcs::scf:${region}:uin/${uin}:layer/${layerName} Supported
ListWorkflowSecret ListWorkflowSecret Operation level * not supported
ListWorkflowStorage ListWorkflowStorage Operation level * not supported
ListWorkflowTenants list workflow tenants Operation level * not supported
ListWorkflowUsers ListWorkflowUsers Operation level * not supported
ListWorkflows list workflows Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} Supported
Previous Topic: Tencent Cloud Elastic MicroserviceNext Topic: Event Bridge

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback