tencent cloud

Feedback

Tencent Cloud Automation Tools

Last updated: 2024-06-13 09:19:55

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    TencentCloud Automation Tools tat Supported not supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CancelInvocation CancelInvocation Resource level qcs::cvm:${region}:uin/${uin}:instance/${instanceId} Supported
    CreateCommand CreateCommand Operation level * Supported
    CreateInvoker CreateInvoker Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    CreateRegisterCode Interface for creating registration codes. Operation level * Supported
    DeleteCommand DeleteCommand Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    DeleteCommands The parameter interface is used to delete commands in batches. Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    DeleteInvoker DeleteInvoker Resource level qcs::tat:${region}:uin/${uin}:invoker/${invokerId} Supported
    DeleteRegisterCode The interface is used to delete the registration key. Resource level qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} Supported
    DeleteRegisterCodes The parameter interface is used to delete registration codes in batches. Resource level qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} Supported
    DeleteRegisterInstance Interface for deleting managed instances. Resource level qcs::tat:${region}:uin/${uin}:register-instance/${registerInstanceId} Supported
    Deletecommands The parameter interface is used to delete commands in batches. Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    DisableInvoker DisableInvoker Resource level qcs::tat:${region}:uin/${uin}:invoker/${invokerId} Supported
    DisableRegisterCode This interface is used to disable registration code. Resource level qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} Supported
    DisableRegisterCodes The parameter interface is used to disable registration codes in batches. Resource level qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} Supported
    EnableInvoker EnableInvoker Resource level qcs::tat:${region}:uin/${uin}:invoker/${invokerId} Supported
    InvokeCommand InvokeCommand Resource level qcs::tat:${region}:uin/${uin}:command/${commandId}
    qcs::cvm:${region}:uin/${uin}:instance/${instanceId}
    Supported
    ModifyCommand ModifyCommand Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    ModifyInstancesFeatureStatus Modify feature status of instance Resource level qcs::tat:${region}:uin/${uin}:instance/${instanceId} Supported
    ModifyInvoker ModifyInvoker Resource level qcs::tat:${region}:uin/${uin}:command/${commandId}
    qcs::tat:${region}:uin/${uin}:invoker/${invokerId}
    Supported
    ModifyQuota Operate User Quota Information Resource level qcs::tat:${region}:uin/${uin}:instance/${instance} not supported
    ModifyRegisterInstance Interface for modifying managed instance information. Resource level qcs::tat:${region}:uin/${uin}:register-instance/${registerInstanceId} Supported
    PreviewReplacedCommandContent PreviewReplacedCommandContent Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    RunCommand RunCommand Resource level qcs::tat:${region}:uin/${uin}:command/${commandId}
    qcs::cvm:${region}:uin/${uin}:instance/${instanceId}
    Supported
    StartSession Start a session Resource level qcs::tat:${region}:uin/${uin}:instance/${instanceId} not supported
    StartSessionWithMFA Start Session With MFA Resource level qcs::tat:${region}:uin/${uin}:instance/${instance} Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAllResourcesCount DescribeAllResourcesCount Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} not supported
    DescribeInstancesFeatureStatus Describe features status of instances Resource level qcs::tat:${region}:uin/${uin}:instance/${instance} Supported
    DescribeInvokerRecords DescribeInvokerRecords Resource level qcs::tat:${region}:uin/${uin}:invoker/${invokerId} Supported
    DescribeInvokers DescribeInvokers Resource level qcs::tat:${region}:uin/${uin}:invoker/${invokerId} Supported
    DescribeQuotas Query user quota information Resource level qcs::tat:${region}:uin/${uin}:instance/${instance} not supported
    DescribeRegisterCodes The interface is used to query the registration code information. Resource level qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} Supported
    DescribeRegisterInstances The interface is used to query registered instance information. Resource level qcs::tat:${region}:uin/${uin}:register-instance/${registerInstanceId} Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAutomationAgentStatus DescribeAutomationAgentStatus Resource level qcs::cvm:${region}:uin/${uin}:instance/${instanceId} not supported
    DescribeCommands DescribeCommands Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    DescribeInvocationTasks DescribeInvocationTasks Resource level qcs::tat:${region}:uin/${uin}:command/${commandId}
    qcs::cvm:${region}:uin/${uin}:instance/${instanceId}
    Supported
    DescribeInvocations DescribeInvocations Resource level qcs::tat:${region}:uin/${uin}:command/${commandId} Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support