tencent cloud

Feedback

Serverless Cloud Function

Last updated: 2024-05-26 09:26:40

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Serverless Cloud Function scf Supported Supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    BatchResumeService resume service Operation level * Supported
    BatchSuspendService suspend service Operation level * Supported
    BindTrigger scf bind trigger Operation level * Supported
    BuildDebugConnection Build the connection of debug Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    CopyFunction CopyFunction Operation level * Supported
    CreateAlias Operation level * Supported
    CreateNamespace Operation level * Supported
    DeleteAlias Operation level * Supported
    DeleteFunction Operation level * Supported
    DeleteLayerVersion - Operation level * Supported
    DeleteNamespace Operation level * Supported
    DeleteProvisionedConcurrencyConfig Delete provisioned concurrency config of specified function or function version Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    DeleteReservedConcurrencyConfig Delete reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    DeleteTrigger Operation level * Supported
    InvokeFunction Operation level * not supported
    InvokeFunctionUrl Function URL Invoke Interface Resource level qcs::scf:${region}:uin/${uin}:namespace/${Namespace}/function/${FunctionName} Supported
    PublishLayerVersion - Operation level * Supported
    PublishVersion Publish version Operation level * Supported
    PutProvisionedConcurrencyConfig Set provisioned concurrency config of specified functonvresion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    PutReservedConcurrencyConfig Set reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    PutTotalConcurrencyConfig Set user concurrency memory limit. Operation level * not supported
    SetTrigger Operation level * not supported
    StartDebugMode Open debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    StartDebugging Open debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    StopDebugMode Stop debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    StopDebugging Stop debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    TerminateAsyncEvent terminate async event Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    UnbindTrigger scf unbind trigger Operation level * not supported
    UpdateAlias Operation level * Supported
    UpdateFunction Operation level * not supported
    UpdateFunctionCode update function code Operation level * Supported
    UpdateFunctionEventInvokeConfig UpdateFunctionEventInvokeConfig Operation level * Supported
    UpdateFunctionIncrementalCode Operation level * Supported
    UpdateNamespace Operation level * Supported
    UpdateTrigger Operation level * Supported
    UpdateTriggerStatus Update Trigger Status Operation level * Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CreateFunction create function Operation level * Supported
    GetAccount Operation level * Supported
    GetAccountSettings Operation level * not supported
    GetAlias Operation level * Supported
    GetAsyncEventOverview get async event overview Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    GetAsyncEventStatus get async event status Operation level * not supported
    GetBatchUserInfo get user global info Operation level * Supported
    GetBeianResource get beian resource Operation level * not supported
    GetCloudStudioAccessInfo get coud studio access info Operation level * Supported
    GetDebuggingInfo Get info of debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    GetDemoAddress Operation level * not supported
    GetDemoDetail Operation level * not supported
    GetFunction get function detail Operation level * Supported
    GetFunctionAddress Operation level * Supported
    GetFunctionEventInvokeConfig GetFunctionEventInvokeConfig Operation level * Supported
    GetFunctionLogs Operation level * not supported
    GetFunctionSAM Operation level * Supported
    GetFunctionUsageTriggerCount Operation level * not supported
    GetLayerVersion - Operation level * Supported
    GetProvisionedConcurrencyConfig Get provisioned concurrency config of specified function or functionversion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    GetRequestStatus get request status Operation level * not supported
    GetReservedConcurrencyConfig Get reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    GetUserEipQuota get user eip quota Operation level * Supported
    ListAliases Operation level * Supported
    ListAsyncEvents list async events Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
    ListFunctionTestModels Operation level * Supported
    ListFunctions Operation level * not supported
    ListIntranetAddress list intranet address Operation level * not supported
    ListNamespaces Operation level * Supported
    ListTriggers list triggers Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func not supported
    ListVersion Operation level * not supported
    ListVersionByFunction Operation level * Supported
    UpdateFunctionConfiguration update function configuration Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    ListLayerVersions - Operation level * Supported
    ListLayers - Operation level * not supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support