tencent cloud

Config
Download PDF
Last updated:2026-02-10 09:16:54
Config
Last updated: 2026-02-10 09:16:54
Download PDF

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
CloudConfig config Supported not supported Resource level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AddAggregateCompliancePack AddAggregateCompliancePack Operation level * Supported
AddAggregateConfigRule AddAggregateConfigRule Operation level * Supported
AddAlarmPolicy AddAlarmPolicy Operation level * Supported
AddCompliancePack AddCompliancePack Operation level * Supported
AddCompliancePackAsync add compliance pack asyncrous Operation level * not supported
AddConfigRule AddConfigRule Operation level * Supported
BatchCloseAggregateConfigRule BatchCloseAggregateConfigRule Operation level * Supported
BatchOpenAggregateConfigRule BatchOpenAggregateConfigRule Operation level * Supported
CloseAggregateConfigRule CloseAggregateConfigRule Operation level * Supported
CloseConfigRecorder CloseConfigRecorder Operation level * Supported
CloseConfigRule CloseConfigRule Operation level * Supported
CreateAggregator CreateAggregator Operation level * Supported
CreateRemediation CreateRemediation Operation level * Supported
DeleteAggregateCompliancePack DeleteAggregateCompliancePack Operation level * Supported
DeleteAggregateConfigRule DeleteAggregateConfigRule Operation level * Supported
DeleteAggregators DeleteAggregators Operation level * Supported
DeleteAlarmPolicy DeleteAlarmPolicy Operation level * Supported
DeleteCompliancePack DeleteCompliancePack Operation level * Supported
DeleteConfigRule DeleteConfigRule Operation level * Supported
DeleteRemediations DeleteRemediations Operation level * Supported
DetachAggregateConfigRuleToCompliancePack DetachAggregateConfigRuleToCompliancePack Operation level * Supported
DetachConfigRuleToCompliancePack DetachConfigRuleToCompliancePack Operation level * Supported
OpenAggregateConfigRule OpenAggregateConfigRule Operation level * Supported
OpenConfigRecorder OpenConfigRecorder Operation level * Supported
OpenConfigRule OpenConfigRule Operation level * Supported
PutEvaluations PutEvaluations Operation level * Supported
StartAggregateConfigRuleEvaluation StartAggregateConfigRuleEvaluation Operation level * Supported
StartConfigRuleEvaluation StartConfigRuleEvaluation Operation level * Supported
StartRemediation StartRemediation Operation level * Supported
TriggerDeliver TriggerDeliver Operation level * Supported
TriggerRecorder TriggerRecorder Operation level * Supported
UpdateAggregateCompliancePack UpdateAggregateCompliancePack Operation level * Supported
UpdateAggregateCompliancePackStatus UpdateAggregateCompliancePackStatus Operation level * Supported
UpdateAggregateConfigDeliver UpdateAggregateConfigDeliver Operation level * Supported
UpdateAggregateConfigRule UpdateAggregateConfigRule Operation level * Supported
UpdateAggregator UpdateAggregator Operation level * Supported
UpdateAlarmPolicy UpdateAlarmPolicy Operation level * Supported
UpdateCompliancePack UpdateCompliancePack Operation level * Supported
UpdateCompliancePackStatus UpdateCompliancePackStatus Operation level * Supported
UpdateConfigDeliver UpdateConfigDeliver Operation level * Supported
UpdateConfigRecorder UpdateConfigRecorder Operation level * Supported
UpdateConfigRule UpdateConfigRule Operation level * Supported
UpdateRemediation UpdateRemediation Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeAccountStatus DescribeAccountStatus Operation level * Supported
DescribeAggregateCompliancePack DescribeAggregateCompliancePack Operation level * Supported
DescribeAggregateConfigDeliver DescribeAggregateConfigDeliver Operation level * Supported
DescribeAggregateConfigRule DescribeAggregateConfigRule Operation level * Supported
DescribeAggregateConfigRuleComplianceTrend Query rule compliance trends for account group Operation level * Supported
DescribeAggregateConfigRuleOverview Describe rule overview Operation level * Supported
DescribeAggregateDiscoveredResource DescribeAggregateDiscoveredResource Operation level * Supported
DescribeAggregateRecorderStatistics DescribeAggregateRecorderStatistics Operation level * Supported
DescribeAggregator DescribeAggregator Operation level * Supported
DescribeAggregatorStatistics DescribeAggregatorStatistics Operation level * Supported
DescribeCompliancePack DescribeCompliancePack Operation level * Supported
DescribeConfigDeliver DescribeConfigDeliver Operation level * Supported
DescribeConfigRecorder DescribeConfigRecorder Operation level * Supported
DescribeConfigRule DescribeConfigRule Operation level * Supported
DescribeConfigRuleComplianceTrend Query rule compliance trends Operation level * Supported
DescribeConfigRuleOverview Describe rule overview Operation level * Supported
DescribeDiscoveredResource DescribeDiscoveredResource Operation level * Supported
DescribeRecorderStatistics DescribeRecorderStatistics Operation level * Supported
DescribeSystemCompliancePack DescribeSystemCompliancePack Operation level * Supported
DescribeSystemRule DescribeSystemRule Operation level * Supported
GetResourceConfigurationTimeline GetResourceConfigurationTimeline Operation level * Supported
ListAggregators ListAggregators Operation level * Supported
ListConfigRegions ListConfigRegions Operation level * Supported
ListRemediations ListRemediations Operation level * Supported
ListResourceEvaluationResults ListResourceEvaluationResults Operation level * Supported
ListResourceRegions ListResourceRegions Operation level * Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
GetResourceAggregateConfigurationTimeline GetResourceAggregateConfigurationTimeline Operation level * Supported
ListAggregateCompliancePacks ListAggregateCompliancePacks Operation level * Supported
ListAggregateConfigRuleEvaluationResults ListAggregateConfigRuleEvaluationResults Operation level * Supported
ListAggregateConfigRuleResourceEvaluationResults Query configuration rule resource evaluation results for account group Operation level * Supported
ListAggregateConfigRules ListAggregateConfigRules Operation level * Supported
ListAggregateDiscoveredResources ListAggregateDiscoveredResources Operation level * Supported
ListAggregateResourceEvaluationResults ListAggregateResourceEvaluationResults Operation level * Supported
ListAggregateResourceRelations ListAggregateResourceRelations Operation level * Supported
ListAggregateResourceSummary Query resource summary information for account group Operation level * Supported
ListAlarmPolicy ListAlarmPolicy Operation level * Supported
ListCompliancePackConfigRules Query the rule list under the compliance package Operation level * not supported
ListCompliancePacks ListCompliancePacks Operation level * Supported
ListConfigRuleEvaluationResults ListConfigRuleEvaluationResults Operation level * Supported
ListConfigRuleResourceEvaluationResults Query configuration rule resource evaluation results Operation level * Supported
ListConfigRules ListConfigRules Operation level * Supported
ListDiscoveredResources ListDiscoveredResources Operation level * Supported
ListRemediationExecutions ListRemediationExecutions Operation level * Supported
ListResourceRelations ListResourceRelations Operation level * Supported
ListResourceSummary Query resource summary information Operation level * Supported
ListResourceTypes ListResourceTypes Operation level * Supported
ListSystemCompliancePacks ListSystemCompliancePacks Operation level * Supported
ListSystemRules ListSystemRules Operation level * Supported
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback