Tencent Cloud Elastic Microservice
Last updated: 2025-12-04 09:14:36
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Tencent Cloud Elastic Microservice | tem | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CopyLogConfig | CopyLogConfig | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| CreateApplication | create application | Operation level | * | Supported |
| CreateApplicationAutoscaler | CreateApplicationAutoscaler | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| CreateApplicationCronHorizontalAutoscaler | create cron scale policy | Operation level | * | Supported |
| CreateApplicationHorizontalAutoscaler | create scale policy | Operation level | * | Supported |
| CreateApplicationService | CreateApplicationService | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| CreateApplicationServiceMonitor | CreateApplicationServiceMonitor | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| CreateEnvironment | create environment | Operation level | * | Supported |
| CreateGateway | CreateGateway | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| CreateLogConfig | CreateLogConfig | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| CreateSecretData | CreateSecretData | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DeleteApplication | delete application | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DeleteApplicationAutoscaler | delete scale policy | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DeleteApplicationDeploymentHistory | delete deployment history | Resource level | qcs::tem::uin/${uin}:role/${roleId} | not supported |
| DeleteApplicationPackageHistory | DeleteApplicationPackageHistory | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DeleteApplicationService | DeleteApplicationService | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DeleteApplicationServiceMonitor | DeleteApplicationServiceMonitor | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DeployApplication | deploy application | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DestroyEnvironment | destroy environment | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DestroyGateway | DestroyGateway | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DestroyLogConfig | DestroyLogConfig | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DestroyMultiLogConfigs | DestroyMultiLogConfigs | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DestroySecretData | DestroySecretData | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DisableApplicationAutoscaler | DisableApplicationAutoscaler | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| EnableApplicationAutoscaler | EnableApplicationAutoscaler | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ForwardToApiServer | ForwardToApiServer | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| GenerateApplicationPackageDownloadUrl | generate download URL | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ModifyApplicationAutoscaler | ModifyApplicationAutoscaler | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ModifyApplicationCronHorizontalAutoscaler | modify cron scale policy | Operation level | * | Supported |
| ModifyApplicationHorizontalAutoscaler | modify scale policy | Operation level | * | Supported |
| ModifyApplicationInfo | modify application info | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ModifyApplicationInstance | modify instance specification | Operation level | * | Supported |
| ModifyApplicationPortMapping | modify port mapping | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| ModifyApplicationPortMappingList | ModifyApplicationPortMappingList | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| ModifyApplicationReplicas | modify instance numbers | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ModifyApplicationService | ModifyApplicationService | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ModifyApplicationServiceMonitor | ModifyApplicationServiceMonitor | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| ModifyApplicationTraits | Modify application traits | Operation level | * | not supported |
| ModifyEnvironment | modify environment | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ModifyGatewayIngress | ModifyGatewayIngress | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| ModifyLogConfig | ModifyLogConfig | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ModifyResourceConfig | ModifyResourceConfig | Resource level | qcs::tem::uin/${uin}:role/${roleId} | not supported |
| ModifySecretData | ModifySecretData | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| RestartApplication | Restart the application | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| RestartApplicationPod | restart instance | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| ResumeDeployApplication | resume deployment | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| RevertDeployApplication | revert deployment | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| RollingUpdateApplicationByVersion | RollingUpdateApplicationByVersion | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| SpeedUpApplication | SpeedUpApplication | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| StartEnvironment | start the environment | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| StopApplication | stop application | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| StopEnvironment | stop the environment | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAlertApplications | DescribeAlertApplications | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeAlertEnvironments | get user alert environments | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeAllEnvironments | get all environments list | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationAutoscalerList | DescribeApplicationAutoscalerList | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} |
Supported |
| DescribeApplications | describe applications | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeDeployApplicationHistory | describe the history of the deployment | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeEnvironments | describe environments | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DescribeGatewayList | DescribeGatewayList | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeLogConfigList | DescribeLogConfigList | Operation level | * | not supported |
| DescribeSecretDataList | describe the list of the secrets | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeApplicationActiveNamespaces | describe active environments for the application | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationContainerSpec | describe instance specification | Operation level | * | Supported |
| DescribeApplicationDemoInfos | describe demo infos | Operation level | * | Supported |
| DescribeApplicationDeploymentHistory | describe deployment history | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationException | describe exception | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationExceptionRecords | describe list of the abnormal interfaces | Operation level | * | Supported |
| DescribeApplicationImageRepo | describe image repository | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationImages | describe images | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationInfo | describe base application info | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} |
Supported |
| DescribeApplicationInterfaceRecords | describe the list of monitored interfaces | Operation level | * | Supported |
| DescribeApplicationInvolvedResources | DescribeApplicationInvolvedResources | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationLogs | describe logs | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationMonitorData | describe monitor data | Operation level | * | not supported |
| DescribeApplicationMonitorStatistics | describe monitor statistics data | Operation level | * | Supported |
| DescribeApplicationPackageHistory | describe package history | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationPods | describe instances | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} |
Supported |
| DescribeApplicationPresetEnv | DescribeApplicationPresetEnv | Resource level | qcs::tem::uin/${uin}:role/${roleId} | not supported |
| DescribeApplicationServiceList | DescribeApplicationServiceList | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} |
Supported |
| DescribeApplicationServiceMonitors | DescribeApplicationServiceMonitors | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeApplicationSpeedUpStatus | DescribeApplicationSpeedUpStatus | Resource level | qcs::tem::uin/${uin}:role/${roleId} | not supported |
| DescribeApplicationsStatus | describe the status of applications | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DescribeChangeRecordTypes | describe record types | Operation level | * | Supported |
| DescribeDeployApplicationDetail | describe deployment | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:application/${applicationId} |
Supported |
| DescribeEnvironment | describe environment | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DescribeEnvironmentStatistics | describe statistics data of the environment | Resource level | qcs::tem::uin/${uin}:role/${roleId} | not supported |
| DescribeEnvironmentStats | query environment stats | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeEnvironmentStatus | describe status of the environment | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} |
Supported |
| DescribeEventLogs | DescribeEventLogs | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeGateway | DescribeGateway | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeGatewayIngress | DescribeGatewayIngress | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeLogConfig | DescribeLogConfig | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} qcs::tem::uin/${uin}:application/${applicationId} |
Supported |
| DescribePagedLogConfigList | DescribePagedLogConfigList | Resource level | qcs::tem::uin/${uin}:role/${roleId} qcs::tem::uin/${uin}:environment/${environmentId} qcs::tem::uin/${uin}:application/${applicationId} |
Supported |
| DescribeResourceInUseApplications | DescribeResourceInUseApplications | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeSecretData | DescribeSecretData | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeService | describe EKS service | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
| DescribeServiceList | describe EKS services | Resource level | qcs::tem::uin/${uin}:role/${roleId} | not supported |
| DescribeTopApplicationUsage | list top usage application list | Resource level | qcs::tem::uin/${uin}:role/${roleId} | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback