tencent cloud

Serverless Cloud Function
Download PDF
Last updated: 2025-12-04 09:13:01
Serverless Cloud Function
Last updated: 2025-12-04 09:13:01
Download PDF

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
Serverless Cloud Function scf Supported Supported Resource level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
BatchResumeService resume service Operation level * Supported
BatchSuspendService suspend service Operation level * Supported
BindPackageResource BindPackageResource Resource level qcs::scf::uin/${uin}:package/${PackageId} not supported
BindTrigger scf bind trigger Operation level * Supported
BuildDebugConnection Build the connection of debug Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
ChangeTcbBackendClsType ChangeTcbBackendClsType Operation level * Supported
ConvertPayMode ConvertPayMode Operation level * Supported
CopyFunction copy function Operation level * Supported
CreateAlias create a function\\\\\\\\\\\\\\\'s alias Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func Supported
CreateCustomDomain Users create custom domain to route to functions Resource level qcs::scf:${region}:uin/${uin}:domain/* Supported
CreateDebugVersion create debug version Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func not supported
CreateFunctionDestination create function destination delivery configuration Operation level * Supported
CreateFunctionTemplate create function template Operation level * Supported
CreateNamespace create a namespace Operation level * Supported
CreatePlugin CreatePlugin Operation level * Supported
CreateResource CreateResource Operation level * Supported
CreateTrigger CreateTrigger Operation level * Supported
CreateWorkflow create workflow cluster Operation level * Supported
CreateWorkflowNamespace create workflow namespace Operation level * Supported
CreateWorkflowSecret create workflow secret Operation level * Supported
CreateWorkflowStorage create workflow storage Operation level * Supported
CreateWorkflowUser create workfow user info Operation level * not supported
DeleteAlias delete function alias Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
DeleteCustomDomain delete custom domain Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
DeleteFunction delete function Operation level * Supported
DeleteFunctionDestination Delete Function Destination configurations Operation level * Supported
DeleteFunctionVersion delete function input version Operation level * Supported
DeleteLayerVersion Delete the specified version of the specified layer. but it will not affect the function that is referencing this layer. Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
DeleteNamespace delete the namespace Operation level * Supported
DeletePlugin DeletePlugin Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
DeletePluginVersion DeleteFunctionVersion Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
DeleteProvisionedConcurrencyConfig Delete provisioned concurrency config of specified function or function version Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
DeleteReservedConcurrencyConfig Delete reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
DeleteTrigger DeleteTrigger Operation level * Supported
DeleteWorkflow delete workflow cluster Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} Supported
DeleteWorkflowNamespace delete workflow namespace Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId}/${Namespace} Supported
DeleteWorkflowSecret delete workflow secret Operation level * Supported
DeleteWorkflowStorage delete workflow storage Operation level * Supported
DeleteWorkflowUser delete workflow user Operation level * not supported
Invoke Invoke Funciton Operation level * Supported
InvokeFunction invokefunction Operation level * Supported
InvokeFunctionUrl Function URL Invoke Interface Resource level qcs::scf:${region}:uin/${uin}:namespace/${Namespace}/function/${FunctionName} Supported
ManageArgoController manager argo controller Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} not supported
ManageWorkflowLogging mangaer workflow logging Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} not supported
ModifyPreCheck Modify pkg Pre Check Operation level * Supported
ModifyUserPermissions modify user permissions Operation level * not supported
ModifyWorkflowSecret modify workflow secret Operation level * not supported
ModifyWorkflowTenant modify workflow tenant info Operation level * not supported
PublishLayerVersion Creates a new version of a layer using the given zip file or cos object. Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
PublishPluginVersion PublishPluginVersion Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
PutProvisionedConcurrencyConfig Set provisioned concurrency config of specified functonvresion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
PutReservedConcurrencyConfig Set reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
SetTrigger Operation level * not supported
StartDebugMode Open debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
StartDebugging Open debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
StopDebugMode Stop debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
StopDebugging Stop debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
TerminateAsyncEvent terminate async event Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
UnbindTrigger scf unbind trigger Operation level * Supported
UpdateAlias update alias\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'s config Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
UpdateCustomDomain update custom domain config Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
UpdateDebugInsContainTime udpate debug instance contain time Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func not supported
UpdateFunction Operation level * not supported
UpdateFunctionCode update function code Operation level * Supported
UpdateFunctionDestination Update function destination configuration Operation level * Supported
UpdateFunctionEventInvokeConfig UpdateFunctionEventInvokeConfig Resource level qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} Supported
UpdateFunctionIncrementalCode Update Function IncrementalCode Resource level qcs::scf:${region}:uin/${uin}:namespace/${namespace}/function/${functionName} Supported
UpdateNamespace Operation level * Supported
UpdateTrigger UpdateTrigger Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckCreate checkcreate Operation level * Supported
CheckModify CheckModify Operation level * Supported
CheckMonthResource Check Resource Operation level * not supported
CheckSearchLogs CheckSearchLogs Operation level * Supported
CreateFunction create function Operation level * Supported
DescribeImageAccelerateInfo get imageAccelerate info Operation level * Supported
DescribeUserResources describe user resource info Operation level * Supported
GetAccountSettings Operation level * not supported
GetAlias get alias info Operation level * Supported
GetAsyncEventOverview get async event overview Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetAsyncEventStatus get async event status Operation level * Supported
GetBatchUserInfo get user global info Operation level * Supported
GetBeianResource get beian resource Operation level * not supported
GetCloudStudioAccessInfo get coud studio access info Operation level * Supported
GetCloudStudioTicket get cloud stdio tmpToken Operation level * Supported
GetContainerLoginToken GetContainerLoginToken Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func Supported
GetCustomDomain describe custom domain info Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
GetDebuggingInfo Get info of debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetDemoAddress get function demo download address Operation level * Supported
GetDemoDetail get demo detail Operation level * Supported
GetFunction get function detail Operation level * Supported
GetFunctionEventInvokeConfig GetFunctionEventInvokeConfig Operation level * Supported
GetFunctionLogs Get function log Operation level * Supported
GetFunctionSAM Operation level * Supported
GetFunctionTemplate get function template detail Operation level * Supported
GetFunctionsByPlugin GetFunctionsByPlugin Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
GetLayerVersion Get layer version details, including links to download files in layers. Operation level * Supported
GetPackageTotalNum get all region package num Operation level * not supported
GetPkgsInfo Get prepaid resource pack details Operation level * Supported
GetPluginInfo GetPluginInfo Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
GetPostAmount GetPostAmount Operation level * Supported
GetProvisionedConcurrencyConfig Get provisioned concurrency config of specified function or functionversion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetRequestStatus get request status Operation level * Supported
GetReservedConcurrencyConfig Get reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
GetUserEipQuota get user eip quota Operation level * Supported
GetUserInfo GetUserInfo Operation level * Supported
GetUserResourceAmount Get User Resource Amount Operation level * Supported
GetWorkflow get workflow detail Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} Supported
GetWorkflowProgress get workflow progress Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} not supported
GetWorkflowUserAccessToken get workflow user token Operation level * not supported
GetWorkflowUserInfo get workflow user info Operation level * not supported
ListAliases ListAliases Operation level * Supported
ListAsyncEvents list async events Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
ListDemo list function demos Operation level * Supported
ListFunctionDestinations List Function Destination Configurations Operation level * Supported
ListFunctionInstances list function instances Operation level * Supported
ListFunctionTestModels Operation level * Supported
ListFunctionVersions list function versions Resource level qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} Supported
ListFunctions ListFunctions Operation level * Supported
ListGoods ListGoods Operation level * Supported
ListHelpDoc list help doc Operation level * Supported
ListIntranetAddress list intranet address Operation level * Supported
ListIntranetAddressInternal ListIntranetAddressInternal Operation level * Supported
ListNamespaces list namespace info Operation level * Supported
ListPluginVersions ListPluginVersions Resource level qcs::scf::uin/${uin}:plugin/{PluginName} Supported
ListPlugins get plugins list Resource level qcs::scf:${region}:uin/${uin}:plugin/${pluginName} Supported
ListTriggers list triggers Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
ListVersion Operation level * not supported
ListVersionByFunction list function versions Operation level * Supported
UpdateFunctionConfiguration update function configuration Operation level * Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeMonthResources describe month pkg infos Operation level * Supported
ListCustomDomains list custom domain info Resource level qcs::scf::uin/${uin}:domain/${Domain} Supported
ListLayerVersions Returns information about all versions of the specified layer Operation level * Supported
ListLayers Returns a list of all layers, which contains information about the latest version of each layer, which can be filtered by the adaptation runtime. Resource level qcs::scf:${region}:uin/${uin}:layer/${layerName} Supported
ListWorkflowSecret ListWorkflowSecret Operation level * not supported
ListWorkflowStorage ListWorkflowStorage Operation level * not supported
ListWorkflowTenants list workflow tenants Operation level * not supported
ListWorkflowUsers ListWorkflowUsers Operation level * not supported
ListWorkflows list workflows Resource level qcs::scf:${region}:uin/${uin}:workflow/${WorkflowId} Supported

Other Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
UpdateSessionStatus update session status Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func not supported
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback