Product Introduction
Purchase Guide
Getting Started
User Guide
- Overview
- Users
- Access Key
- User Groups
- Role
- Identity Provider
- Policies
- Permissions Boundary
- Troubleshooting
- Downloading Security Analysis Report
CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Database SaaS Service
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Tencent Big Model
- Middleware
- Interactive Video Services
- Real-Time Interaction
- Media On-Demand
- Media Process Services
- Media Process
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Developer Tools
- Monitor and Operation
- More
CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Office Collaboration
- Big Data
- Voice Technology
- Image Creation
- Tencent Big Model
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Real-Time Interaction
- Stream Services
- Media On-Demand
- Media Process Services
- Media Process
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Medical Services
- Cloud Resource Management
- Management and Audit Tools
- Developer Tools
- Monitor and Operation
- More
Use Cases
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- VOD
- Others
API Documentation
- History
- Introduction
- API Category
- Making API Requests
- User APIs
- Policy APIs
- Role APIs
- Identity Provider APIs
- Data Types
- Error Codes
FAQs
Glossary

Intelligent Pre-Consultation

Focus Mode

Font Size

Last updated: 2026-04-25 09:21:37

Fundamental information

Product	Abbreviation in CAM	Console	Authorization by Tag	Authorization Granularity	IP Restriction
Intelligent Pre-Consultation	ipc	Supported	not supported	Operation level	Supported

Note：
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.

Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.

Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

Resource level: It supports the authorization of a specific resource.
Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API	API Description	Authorization Granularity	Six-segment Resource Description	IP Restriction
AddTokenPackage	Add Token Package	Operation level	*	Supported
CloseService	Close Service	Operation level	*	Supported
DestroyPostPaidPackage	Destroy Post Paid Package	Operation level	*	Supported
ModifyHospitalName	Modify Hospital Name	Operation level	*	Supported
ModifyHospitalStatus	Modify Hospital Status	Operation level	*	Supported
OpenService	Open Service	Operation level	*	Supported

List Operations

API	API Description	Authorization Granularity	Six-segment Resource Description	IP Restriction
DescribeGlobalOrderList	Describe Global Order List	Operation level	*	Supported
DescribeTokenPackageList	Describe Token Package List	Operation level	*	Supported

Read operations

API	API Description	Authorization Granularity	Six-segment Resource Description	IP Restriction
DescribeHospitalToken	Describe Hospital Token	Operation level	*	Supported
DescribeIpcOrderList	Describe Ipc Order List	Operation level	*	Supported
DescribeServiceOverView	Describe Service OverView	Operation level	*	Supported
DescribeServiceStatus	Describe Service Status	Operation level	*	Supported

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

Cloud Access Management