tencent cloud

Feedback

Tencent Container Registry

Last updated: 2024-06-13 09:20:24

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Tencent Container Registry tcr Supported Supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    BatchDeleteImagePersonal Batch Delete Image Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame}/${Tags} Supported
    BatchDeleteRepositoryPersonal Batch Delete Repository Personal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoNames} Supported
    CreateApplicationTokenPersonal Create Application Token Operation level * Supported
    CreateCustomAccount create custom account Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    CreateGCJob Create GC Job Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    CreateHelmChart Create Helm Chart Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    CreateImageAccelerationService Create Image Acceleration Service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    CreateImageLifecyclePersonal CreateImageLifecyclePersonal Resource level qcs::tcr:${region}:uin/${uin}:repo/${RepoName} Supported
    CreateImmutableTagRules CreateImmutable Tag Rule Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    CreateInstance Create Enterprise Registry Instance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
    CreateInstanceCustomizedDomain Create Instance Customized Domain Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateInstanceToken Create Instance Token Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateInternalEndpointDns CreateInternalEndpointDns Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateMultipleSecurityPolicy CreateMultipleSecurityPolicy Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    CreateNamespace Create Namespace Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/* not supported
    CreateNamespacePersonal Create Namespace Personal Resource level qcs::tcr:${Region}:uin/:repo/${Namespace} Supported
    CreateReplicationInstance CreateReplicationInstance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateRepository Create Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    CreateRepositoryPersonal Create Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} Supported
    CreateSecurityPolicy Create Security Policy Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateServiceAccount create service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    CreateSignature Create Signature Resource level qcs::tcr:${region}:uin/${uin}:repository/$instanceid/$namespacename/$repositoryname not supported
    CreateTagRetentionRule Create Tag RetentionRule Operation level * not supported
    CreateUserPersonal Create CCR User Operation level * Supported
    CreateWebhookTrigger Create Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename Supported
    DeleteCustomAccount delete custom account Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    DeleteHelmChart Delete Helm Chart Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    DeleteImageAccelerateService Delete image accelerate service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DeleteImageLifecycleGlobalPersonal Delete global image tag lifecycle strategy Resource level qcs::tcr:$regionid:$accountid:repo/* Supported
    DeleteImageLifecyclePersonal DeleteImageLifecyclePersonal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoName} Supported
    DeleteImagePersonal Delete Image Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame}/${Tag} Supported
    DeleteImmutableTagRules DeleteImmutable Tag Rule Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DeleteInstance DeleteI instance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteInstanceCustomizedDomain Delete Instance Customized Domain Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteInstanceToken Delete Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DeleteInternalEndpointDns DeleteInternalEndpointDns Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteMultipleSecurityPolicy DeleteMultipleSecurityPolicy Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceId} Supported
    DeleteNamespace Delete Namespace Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    DeleteNamespacePersonal Delete Namespace Personal Resource level qcs::tcr:${Region}:uin/:repo/${Namespace} Supported
    DeleteReplicationInstance DeleteReplicationInstance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteRepository Delete Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    DeleteRepositoryPersonal Delete Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame} Supported
    DeleteSecurityPolicy Delete Security Policy Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteServiceAccount delete service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DeleteTagRetentionRule Delete Tag RetentionRule Operation level * not supported
    DeleteWebhookTrigger Delete Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    DuplicateImagePersonal DuplicateImagePersonal Resource level qcs::${ApiModule}:${Region}:uin/:repo/* Supported
    ManageExternalEndpoint Manage External Endpoint Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    ManageImageLifecycleGlobalPersonal Set global image tag lifecycle strategy Resource level qcs::tcr:$regionid:$accountid:repo/* Supported
    ManageInternalEndpoint Manage Internal Endpoint Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    ManageReplication Manage Replication Resource level * Supported
    ModifyCustomAccount update properties of custom account Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    ModifyImmutableTagRules ModifyImmutable Tag Rules Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    ModifyInstance Modify Instance Resource level qcs::tcr:$regionid:$accountid:instance/* Supported
    ModifyInstanceToken Modify Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    ModifyInstanceTokenValidTime Modify Instance Token Valid Time Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
    ModifyNamespace Modify Namespace Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    ModifyRepository Modify Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    ModifyRepositoryAccessPersonal ModifyRepositoryAccessPersonal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoName} Supported
    ModifySecurityPolicy Modify Security Policy Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    ModifyServiceAccount update properties of service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    ModifyTagRetentionRule Modify Tag RetentionRule Operation level * not supported
    ModifyUserPasswordPersonal Modify CCR Password Operation level * Supported
    ModifyWebhookTrigger Modify Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    PushRepository Push Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    PushRepositoryPersonal Push Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} not supported
    RenewInstance Renewal of prepaid instances supports pay-as-you-go subscriptions to yearly and monthly subscriptions during the same period Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeApplicationTokenPersonal Describe Application Token Operation level * Supported
    DescribeChartDownloadInfo DescribeChartDownloadInfo Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeChartUploadInfo DescribeChartUploadInfo Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeCustomAccounts describe custom accounts Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    DescribeExternalEndpointStatus Describe External Endpoint Status Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeGCJobs Describe GC Latest 10 Jobs Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeHelmCharts Describe Helm Charts Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/* not supported
    DescribeImageAccelerateService Describe image accelerate service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeImageVulnerabilityDetails Query scanned image vulnerability information based on the image version Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeImmutableTagRules DescribeImmutable Tag Rules Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeInstanceInspection Get instance inspection result information Resource level qcs::tcr:${region}:uin/${uin}:instance/* Supported
    DescribeInstanceStatus Describe Instance Status Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeInstanceToken Describe Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeInstances Describe Instances Resource level qcs::tcr:$regionid:$accountid:instance/* not supported
    DescribeInternalEndpoints Describe Internal Endpoints Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeNamespaces Describe Namespaces Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/* not supported
    DescribeReplication Describe Replication Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
    DescribeReplicationExecutions Instance synchronization/instance replication policy execution record list Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeReplicationInstanceCreateTasks DescribeReplicationInstanceCreateTasks Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeReplicationInstanceSyncStatus DescribeReplicationInstanceSyncStatus Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeReplicationPolicies Get the list of instance synchronization rules Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeReplicationTasks Instance synchronization/instance replication execution task list Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeRepositories Describe Repositories Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$* not supported
    DescribeRepositoryOwnerPersonal Describe Repository OwnerPersonal Operation level * not supported
    DescribeSecurityPolicies Describe Security Policies Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeServiceAccounts describe service accounts Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeSourceCodeAuthPersonal DescribeSourceCodeAuthPersonal Operation level * not supported
    DescribeSystemInfo return the system information of tcr instance Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeTagRetentionRuleLog Describe Tag RetentionRuleLog Operation level * not supported
    DescribeTagRetentionRules Describe Tag RetentionRules Operation level * not supported
    DescribeWebhookTrigger Describe Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    DescribeWebhookTriggerLog Describe Webhook TriggerLog Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    PullRepository Pull Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    PullRepositoryPersonal Pull Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} not supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeInstanceCustomizedDomain Describe Instance Customized Domain Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeInternalEndpointDnsStatus DescribeInternalEndpointDnsStatus Resource level qcs::tcr:$regionid:$accountid:instance/* Supported
    DescribeReplicationInstances DescribeReplicationInstances Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support