tencent cloud

Cloud Access Management

Product Introduction
CAM Overview
Features
Scenarios
Basic Concepts
Use Limits
User Types
Purchase Guide
Getting Started
Creating Admin User
Creating and Authorizing Sub-account
Logging In to Console with Sub-account
User Guide
Overview
Users
Access Key
User Groups
Role
Identity Provider
Policies
Permissions Boundary
Troubleshooting
Downloading Security Analysis Report
CAM-Enabled Role
Overview
Compute
Container
Microservice
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Database SaaS Service
Networking
CDN and Acceleration
Network Security
Data Security
Application Security
Domains & Websites
Big Data
Middleware
Interactive Video Services
Real-Time Interaction
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
CAM-Enabled API
Overview
Compute
Edge Computing
Container
Distributed cloud
Microservice
Serverless
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Networking
CDN and Acceleration
Network Security
Endpoint Security
Data Security
Business Security
Application Security
Domains & Websites
Office Collaboration
Big Data
Voice Technology
Image Creation
Tencent Big Model
AI Platform Service
Natural Language Processing
Optical Character Recognition
Middleware
Communication
Interactive Video Services
Real-Time Interaction
Stream Services
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Education Sevices
Medical Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
Use Cases
Security Practical Tutorial
Multi-Identity Personnel Permission Management
Authorizing Certain Operations by Tag
Supporting Isolated Resource Access for Employees
Enterprise Multi-Account Permissions Management
Reviewing Employee Operation Records on Tencent Cloud
Implementing Attribute-Based Access Control for Employee Resource Permissions Management
During tag-based authentication, only tag key matching is supported
Business Use Cases
TencentDB for MySQL
CLB
CMQ
COS
CVM
VPC
VOD
Others
API Documentation
History
Introduction
API Category
Making API Requests
User APIs
Policy APIs
Role APIs
Identity Provider APIs
Data Types
Error Codes
FAQs
Role
Key
Others
CAM Users and Permissions
Glossary
문서Cloud Access ManagementAPI DocumentationData Types

Data Types

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2026-03-26 22:23:11

AccessKey

Access key list

Used by actions: ListAccessKeys.

Name Type Description
AccessKeyId String Access key ID
Status String Key status. Valid values: Active (activated), Inactive (not activated)
CreateTime Timestamp Creation time

AccessKeyDetail

Access key

Used by actions: CreateAccessKey.

Name Type Description
AccessKeyId String Access key ID
SecretAccessKey String Access key, which is visible only when it is created. Keep it properly.
Status String Key status. Valid values: Active (activated), Inactive (not activated).
CreateTime Timestamp Creation time

AttachEntityOfPolicy

The entity associated with the policy

Used by actions: ListEntitiesForPolicy.

Name Type Description
Id String Entity ID
Name String Entity Name
Note: This field may return null, indicating that no valid value was found.
Uin Integer Entity UIN
Note: This field may return null, indicating that no valid value was found.
RelatedType Integer Type of entity association. 1: Associate by users; 2: Associate by User Groups
AttachmentTime String Policy association time
Note: this field may return null, indicating that no valid value was found.

AttachPolicyInfo

Associated policy

Used by actions: ListAttachedGroupPolicies, ListAttachedUserPolicies.

Name Type Description
PolicyId Integer Policy ID
PolicyName String Policy name
Note: This field may return null, indicating that no valid value was found.
AddTime Timestamp Time created
Note: This field may return null, indicating that no valid value was found.
CreateMode Integer How the policy was created: 1: Via console; 2: Via syntax
Note: This field may return null, indicating that no valid value was found.
PolicyType String Valid values: user and QCS
Note: This field may return null, indicating that no valid value was found.
Remark String Policy remarks
OperateOwnerUin String Root account of the operator associating the policy
Note: this field may return null, indicating that no valid values can be obtained.
OperateUin String The ID of the account associating the policy. If UinType is 0, this indicates that this is a sub-account UIN. If UinType is 1, this indicates this is a role ID
OperateUinType Integer If UinType is 0, OperateUin indicates that this is a sub-account UIN. If UinType is 1, OperateUin indicates that this is a role ID
Deactived Integer Queries if the policy has been deactivated
Note: this field may return null, indicating that no valid values can be obtained.
DeactivedDetail Array of String List of deprecated products
Note: this field may return null, indicating that no valid values can be obtained.

AttachedPolicyOfRole

Policy associated with the role

Used by actions: ListAttachedRolePolicies.

Name Type Description
PolicyId Integer Policy ID
PolicyName String Policy name
AddTime String Time of association
PolicyType String Policy type. User indicates custom policy; QCS indicates preset policy
Note: This field may return null, indicating that no valid value was found.
CreateMode Integer Policy creation method. 1: indicates the policy was created based on product function or item permission; other values indicate the policy was created based on the policy syntax
Deactived Integer Whether the product has been deprecated (0: no; 1: yes)
Note: this field may return null, indicating that no valid values can be obtained.
DeactivedDetail Array of String List of deprecated products
Note: this field may return null, indicating that no valid values can be obtained.
Description String Policy description
Note: this field may return null, indicating that no valid values can be obtained.

AttachedUserPolicy

Details of policies associated with the user

Used by actions: ListAttachedUserAllPolicies.

Name Type Description
PolicyId String Policy ID.
PolicyName String Policy name.
Description String Policy description.
AddTime String Creation time.
StrategyType String Policy type (1: custom policy; 2: preset policy).
CreateMode String Creation mode (1: create by product feature or project permission; other values: create by policy syntax).
Groups Array of AttachedUserPolicyGroupInfo Information on policies inherited from the user group.
Note: this field may return null, indicating that no valid values can be obtained.
Deactived Integer Whether the product has been deprecated (0: no; 1: yes).
Note: this field may return null, indicating that no valid values can be obtained.
DeactivedDetail Array of String List of deprecated products.
Note: this field may return null, indicating that no valid values can be obtained.

AttachedUserPolicyGroupInfo

Information on policies that are associated with the user and inherited from the user group

Used by actions: ListAttachedUserAllPolicies.

Name Type Description
GroupId Integer Group ID.
GroupName String Group name.

GroupIdOfUidInfo

Information on the association between a sub-user and a User Group

Used by actions: AddUserToGroup, RemoveUserFromGroup.

Name Type Required Description
GroupId Integer Yes User Group ID
Uid Integer No Sub-user UID
Uin Integer No Sub-user UIN. For UIN and UID, at least one of them is required.

GroupInfo

User Group information

Used by actions: ListGroups, ListGroupsForUser.

Name Type Description
GroupId Integer User group ID
GroupName String User Group name
CreateTime String Time User Group created
Remark String User Group description

GroupMemberInfo

User Group user information

Used by actions: GetGroup, ListUsersForGroup.

Name Type Description
Uid Integer Sub-user UID
Uin Integer Sub-user UIN
Name String Sub-user name
PhoneNum String Mobile number
CountryCode String Mobile number country/area code
PhoneFlag Integer Whether the mobile phone has been verified. 0: No; 1: Yes.
Email String Email address
EmailFlag Integer Whether the email has been verified. 0: No; 1: Yes.
UserType Integer User type. 1: Global collaborator; 2: Project collaborator; 3: Message recipient.
CreateTime String Time policy created
IsReceiverOwner Integer Whether the user is the primary message recipient. 0: No; 1: Yes.

LoginActionFlag

Login and sensitive operation flag

Used by actions: DescribeSafeAuthFlagColl.

Name Type Required Description
Phone Integer No Phone
Token Integer No Hard token
Stoken Integer No Soft token
Wechat Integer No WeChat
Custom Integer No Custom
Mail Integer No Mail
U2FToken Integer No U2F token

LoginActionFlagIntl

Login and sensitive operation flag

Used by actions: DescribeSafeAuthFlagIntl.

Name Type Required Description
Phone Integer No Mobile number
Token Integer No Hard token
Stoken Integer No Soft token
Wechat Integer No WeChat
Custom Integer No Custom
Mail Integer No Email

LoginActionMfaFlag

Login and sensitive operation flag

Used by actions: SetMfaFlag.

Name Type Required Description
Phone Integer No Mobile phone
Stoken Integer No Soft token
Wechat Integer No WeChat

OffsiteFlag

Suspicious login location settings

Used by actions: DescribeSafeAuthFlagColl, DescribeSafeAuthFlagIntl.

Name Type Required Description
VerifyFlag Integer No Verification flag
NotifyPhone Integer No Phone notification
NotifyEmail Integer No Email notification
NotifyWechat Integer No WeChat notification
Tips Integer No Alert

PolicyVersionDetail

Policy version details

Used by actions: GetPolicyVersion.

Name Type Description
VersionId Integer Policy version ID
Note: this field may return null, indicating that no valid values can be obtained.
CreateDate String Policy version creation time
Note: this field may return null, indicating that no valid values can be obtained.
IsDefaultVersion Integer Whether it is the operative version. 0: no, 1: yes
Note: this field may return null, indicating that no valid values can be obtained.
Document String Policy syntax text
Note: this field may return null, indicating that no valid values can be obtained.

PolicyVersionItem

Policy version list element structure

Used by actions: ListPolicyVersions.

Name Type Description
VersionId Integer Policy version ID
Note: this field may return null, indicating that no valid values can be obtained.
CreateDate String Policy version creation time
Note: this field may return null, indicating that no valid values can be obtained.
IsDefaultVersion Integer Whether it is the operative version. 0: no, 1: yes
Note: this field may return null, indicating that no valid values can be obtained.

RoleInfo

Role details

Used by actions: DescribeRoleList, GetRole.

Name Type Description
RoleId String Role ID
RoleName String Role name
PolicyDocument String Role policy document
Description String Role description
AddTime String Time role created
UpdateTime String Time role last updated
ConsoleLogin Integer If login is allowed for the role
RoleType String User role. Valid values: user, system, service_linked
Note: this field may return null, indicating that no valid values can be obtained.
SessionDuration Integer Valid period
Note: this field may return null, indicating that no valid values can be obtained.
DeletionTaskId String Task identifier for deleting a service-linked role
Note: this field may return null, indicating that no valid values can be obtained.
Tags Array of RoleTags Tags.
Note: This field may return null, indicating that no valid values can be obtained.
RoleArn String The Role Arn

RoleTags

Role tag type

Used by actions: CreateRole, CreateServiceLinkedRole, DescribeRoleList, GetRole, TagRole.

Name Type Required Description
Key String Yes Tag key.
Value String Yes Tag value.

SAMLProviderInfo

SAML identity provider

Used by actions: ListSAMLProviders.

Name Type Required Description
Name String Yes SAML identity provider name
Description String Yes SAML identity provider description
CreateTime String Yes Time SAML identity provider created
ModifyTime String Yes Time SAML identity provider last modified

SecretIdLastUsed

The last time the key was used.

Used by actions: GetSecurityLastUsed.

Name Type Description
SecretId String Key ID.
LastUsedDate Date The date when the key ID was last used (the value is obtained one day later).
Note: this field may return null, indicating that no valid value can be obtained.
LastSecretUsedDate Integer The most recent date the key was accessed
Note: This field may return null, indicating that no valid values can be obtained.

StrategyInfo

Policy information

Used by actions: ListPolicies.

Name Type Description
PolicyId Integer Policy ID
PolicyName String Policy name
AddTime Timestamp Time policy created
Note: This field may return null, indicating that no valid value was found.
Type Integer Policy type. 1: Custom policy; 2: Preset policy
Description String Policy description
Note: This field may return null, indicating that no valid value was found.
CreateMode Integer How the policy was created: 1: Via console; 2: Via syntax
Attachments Integer Number of associated users
ServiceType String Product associated with the policy
Note: This field may return null, indicating that no valid value was found.
IsAttached Integer This value should not be null when querying whether a marked entity has been associated with a policy. 0 indicates that no policy has been associated, while 1 indicates that a policy has been associated
Deactived Integer Queries if the policy has been deactivated
Note: this field may return null, indicating that no valid values can be obtained.
DeactivedDetail Array of String List of deprecated products
Note: this field may return null, indicating that no valid values can be obtained.
IsServiceLinkedPolicy Integer The deletion task identifier used to check the deletion status of the service-linked role
Note: this field may return null, indicating that no valid values can be obtained.
AttachEntityCount Integer The number of entities associated with the policy.
Note: this field may return null, indicating that no valid values can be obtained.
AttachEntityBoundaryCount Integer The number of entities associated with the permission boundary.
Note: this field may return null, indicating that no valid values can be obtained.
UpdateTime Timestamp The last edited time.
Note: this field may return null, indicating that no valid values can be obtained.

SubAccountInfo

Sub-user information

Used by actions: ListCollaborators, ListUsers.

Name Type Description
Uin Integer Sub-user user ID
Name String Sub-user username
Uid Integer Sub-user UID
Remark String Sub-user remarks
ConsoleLogin Integer If sub-user can log in to the console
PhoneNum String Mobile number
CountryCode String Country/Area code
Email String Email
CreateTime Timestamp Creation time
Note: this field may return null, indicating that no valid values can be obtained.
NickName String Nickname.
Note: This field may return null, indicating that no valid values can be obtained.

SubAccountUser

Sub-user information

Used by actions: DescribeSubAccounts.

Name Type Description
Uin Integer Sub-user ID
Name String Sub-user name
Uid Integer Sub-user UID. UID is the unique identifier of a user who is a message recipient, while UIN is a unique identifier of a user.
Remark String Sub-user remarks
CreateTime Timestamp Creation time
Note: this field may return null, indicating that no valid values can be obtained.
UserType Integer User type (1: root account; 2: sub-user; 3: WeCom sub-user; 4: collaborator; 5: message recipient)
LastLoginIp String Recent Login IP
LastLoginTime String Recent login time; if the returned value is empty, it means the console has never been logged in to.
이전 주제: UpdateUserSAMLConfig다음 주제: Error Codes

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백