Tencent Cloud Automation Tools
Last updated:2026-02-10 09:21:39
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| TencentCloud Automation Tools | tat | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CancelInvocation | CancelInvocation | Resource level | qcs::cvm:${region}:uin/${uin}:instance/${instanceId} | Supported |
| CloneCommands | clone commands | Operation level | * | Supported |
| CreateCommand | CreateCommand | Operation level | * | Supported |
| CreateInvoker | CreateInvoker | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| CreateRegisterCode | Interface for creating registration codes. | Operation level | * | Supported |
| DeleteCommand | DeleteCommand | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| DeleteCommands | The parameter interface is used to delete commands in batches. | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| DeleteInvoker | DeleteInvoker | Resource level | qcs::tat:${region}:uin/${uin}:invoker/${invokerId} | Supported |
| DeleteInvokers | batch delete invoker. | Operation level | * | Supported |
| DeleteRegisterCode | The interface is used to delete the registration key. | Resource level | qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} | Supported |
| DeleteRegisterCodes | The parameter interface is used to delete registration codes in batches. | Resource level | qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} | Supported |
| DeleteRegisterInstance | Interface for deleting managed instances. | Resource level | qcs::tat:${region}:uin/${uin}:register-instance/${registerInstanceId} | Supported |
| Deletecommands | The parameter interface is used to delete commands in batches. | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| DisableInvoker | DisableInvoker | Resource level | qcs::tat:${region}:uin/${uin}:invoker/${invokerId} | Supported |
| DisableRegisterCode | This interface is used to disable registration code. | Resource level | qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} | Supported |
| DisableRegisterCodes | The parameter interface is used to disable registration codes in batches. | Resource level | qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} | Supported |
| EnableInvoker | EnableInvoker | Resource level | qcs::tat:${region}:uin/${uin}:invoker/${invokerId} | Supported |
| InvokeCommand | InvokeCommand | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} qcs::cvm:${region}:uin/${uin}:instance/${instanceId} |
Supported |
| ModifyCommand | ModifyCommand | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| ModifyInstancesFeatureStatus | Modify feature status of instance | Resource level | qcs::tat:${region}:uin/${uin}:instance/${instanceId} | Supported |
| ModifyInvoker | ModifyInvoker | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} qcs::tat:${region}:uin/${uin}:invoker/${invokerId} |
Supported |
| ModifyQuota | Operate User Quota Information | Resource level | qcs::tat:${region}:uin/${uin}:instance/${instance} | not supported |
| ModifyRegisterInstance | Interface for modifying managed instance information. | Resource level | qcs::tat:${region}:uin/${uin}:register-instance/${registerInstanceId} | Supported |
| PreviewReplacedCommandContent | PreviewReplacedCommandContent | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| RunCommand | RunCommand | Resource level | qcs::cvm:${region}:uin/${uin}:instance/${instanceId} | Supported |
| StartSession | Start a session | Resource level | qcs::tat:${region}:uin/${uin}:instance/${instanceId} | Supported |
| StartSessionWithMFA | Start Session With MFA | Resource level | qcs::tat:${region}:uin/${uin}:instance/${instance} | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAllResourcesCount | DescribeAllResourcesCount | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| DescribeInstancesFeatureStatus | Describe features status of instances | Resource level | qcs::tat:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeInvokerRecords | DescribeInvokerRecords | Resource level | qcs::tat:${region}:uin/${uin}:invoker/${invokerId} | Supported |
| DescribeInvokers | DescribeInvokers | Resource level | qcs::tat:${region}:uin/${uin}:invoker/${invokerId} | Supported |
| DescribeQuotas | Query user quota information | Resource level | qcs::tat:${region}:uin/${uin}:instance/${instance} | Supported |
| DescribeRegisterCodes | The interface is used to query the registration code information. | Resource level | qcs::tat:${region}:uin/${uin}:register-code/${registerCodeId} | Supported |
| DescribeRegisterInstances | The interface is used to query registered instance information. | Resource level | qcs::tat:${region}:uin/${uin}:register-instance/${registerInstanceId} | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAutomationAgentStatus | DescribeAutomationAgentStatus | Resource level | qcs::cvm:${region}:uin/${uin}:instance/${instanceId} | Supported |
| DescribeCommands | DescribeCommands | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| DescribeInvocationTasks | DescribeInvocationTasks | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} qcs::cvm:${region}:uin/${uin}:instance/${instanceId} |
Supported |
| DescribeInvocations | DescribeInvocations | Resource level | qcs::tat:${region}:uin/${uin}:command/${commandId} | Supported |
| DescribeScenes | DescribeScenes | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback