Tencent Cloud Mesh
Last updated: 2025-12-04 09:14:12
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Tencent Cloud Mesh | tcm | Supported | Supported | Resource level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckClusterList | CheckClusterList | Resource level | qcs::tcm::uin/${uin}:- | Supported |
| DescribeAccessLogConfig | Get AccessLog config | Resource level | qcs::tcm::uin/${uin}:mesh/${MeshId} | Supported |
| DescribeAutoInjectionNamespaceList | DescribeAutoInjectionNamespaceList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeConfig | DescribeConfig | Operation level | * | Supported |
| DescribeEgressGateway | get egressgateway workload | Resource level | qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} | Supported |
| DescribeGatewayWorkloadList | get gateway workload list | Resource level | qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} | Supported |
| DescribeIngressGateway | get ingressgateway workload | Resource level | qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} | Supported |
| DescribeIngressGatewayList | DescribeIngressGatewayList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeIstioResource | fetch istio resources | Resource level | qcs::tcm::uin/${uin}:mesh/${MeshId} | Supported |
| DescribeIstioResourceList | DescribeIstioResourceList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeMeshList | DescribeMeshList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/* | Supported |
| DescribeMeshOperation | DescribeMeshOperation | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeMeshStatistics | DescribeMeshStatistics | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeMetaClusterID | DescribeMetaClusterID | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeNamespaceList | DescribeNamespaceList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeNodeRegionList | DescribeNodeRegionList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeServiceDashboard | DescribeServiceDashboard | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeServiceList | DescribeServiceList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeServiceListDashboard | DescribeServiceListDashboard | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DescribeTopology | DescribeTopology | Resource level | qcs::tcm:${region}:uin/${uin}:DescribeTopology | Supported |
| DescribeWorkloadDashboard | DescribeWorkloadDashboard | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CreateEgressGateway | CreateEgressGateway | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| CreateIngressGateway | CreateIngressGateway | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| CreateIstioResource | CreateIstioResource | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DeleteEgressGateway | DeleteEgressGateway | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DeleteIngressGateway | DeleteIngressGateway | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| DeleteIstioResource | DeleteIstioResource | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| LinkClusterList | link clusters | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| LinkNamespaceList | LinkNamespaceList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| LinkPrometheus | LinkPrometheus | Resource level | qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} | Supported |
| ModifyAccessLogConfig | ModifyAccessLogConfig | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| ModifyIngressGateway | ModifyIngressGateway | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| ModifyIstioResource | ModifyIstioResource | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| ModifyMesh | Modify mesh | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| ModifyMeshCanaryUpgradingPhase | ModifyMeshCanaryUpgradingPhase | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| ModifyTracingConfig | ModifyTracingConfig | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| RelinkCluster | RelinkCluster | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| UnlinkCluster | unlink cluster | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| UnlinkNamespaceList | UnlinkNamespaceList | Resource level | qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} | Supported |
| UnlinkPrometheus | UnlinkPrometheus | Resource level | qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} | Supported |
| UpgradeGateway | UpgradeGateway | Resource level | qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback