tencent cloud

Cloud Access Management

Product Introduction
CAM Overview
Features
Scenarios
Basic Concepts
Use Limits
User Types
Purchase Guide
Getting Started
Creating Admin User
Creating and Authorizing Sub-account
Logging In to Console with Sub-account
User Guide
Overview
Users
Access Key
User Groups
Role
Identity Provider
Policies
Permissions Boundary
Troubleshooting
Downloading Security Analysis Report
CAM-Enabled Role
Overview
Compute
Container
Microservice
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Database SaaS Service
Networking
CDN and Acceleration
Network Security
Data Security
Application Security
Domains & Websites
Big Data
Middleware
Interactive Video Services
Real-Time Interaction
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
CAM-Enabled API
Overview
Compute
Edge Computing
Container
Distributed cloud
Microservice
Serverless
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Networking
CDN and Acceleration
Network Security
Endpoint Security
Data Security
Business Security
Application Security
Domains & Websites
Office Collaboration
Big Data
Voice Technology
Image Creation
Tencent Big Model
AI Platform Service
Natural Language Processing
Optical Character Recognition
Middleware
Communication
Interactive Video Services
Real-Time Interaction
Stream Services
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Education Sevices
Medical Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
Use Cases
Security Practical Tutorial
Multi-Identity Personnel Permission Management
Authorizing Certain Operations by Tag
Supporting Isolated Resource Access for Employees
Enterprise Multi-Account Permissions Management
Reviewing Employee Operation Records on Tencent Cloud
Implementing Attribute-Based Access Control for Employee Resource Permissions Management
During tag-based authentication, only tag key matching is supported
Business Use Cases
TencentDB for MySQL
CLB
CMQ
COS
CVM
VPC
VOD
Others
API Documentation
History
Introduction
API Category
Making API Requests
User APIs
Policy APIs
Role APIs
Identity Provider APIs
Data Types
Error Codes
FAQs
Role
Key
Others
CAM Users and Permissions
Glossary
문서Cloud Access ManagementCAM-Enabled APIContainerTencent Kubernetes Engine Distributed Cloud Center

Tencent Kubernetes Engine Distributed Cloud Center

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2026-04-03 09:47:08

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
tencent distributed cloud center tdcc Supported Supported Resource level Supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AcquireClusterAdminRole acquire cluster admin role Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
CreateAnywhereTunnel create anywhere reverse proxy Resource level qcs::tdcc::uin/${uin}:hub/${ClusterId} Supported
CreateExternalCluster create TDCC external cluster Operation level * Supported
CreateHubCluster create TDCC hub cluster Operation level * Supported
DeleteAnywhereTunnel delete reverse proxy tunnel Resource level qcs::tdcc::uin/${uin}:hub/${ClusterId} Supported
DeleteExternalCluster delete external cluster Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
DeleteHubCluster delete TDCC hub cluster Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
InstallLogAgent install log agent on external cluster Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
OpenPaasPlatform Open TDCC PaaS platform Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
RegisterClusters auto register tke clusters Operation level * Supported
UninstallLogAgent remove log agent from external cluster Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
UpdateClusterKubeconfig update custer kubeconfig Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
UpdateExternalCluster update external cluster Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
UpdateHubCluster update hub cluster Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
UpdateServiceVendor Update the service vendor for the specific cluster Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeAnywhereComponentStatus describe anywhere component status Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
DescribeAnywhereTunnelRegistration describe anywhere tunnel registration Resource level qcs::tdcc::uin/${uin}:hub/${ClusterId} Supported
DescribeAnywhereTunnels describe reverse proxy tunnels Resource level qcs::tdcc::uin/${uin}:hub/${ClusterId} Supported
DescribeAvailableAnywhereVersions describe avaliable anywhere version info Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
DescribeClusterCommonNames describe cluster common names Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
DescribeClusterMetricData describe external cluster metric data Operation level * Supported
DescribeClusterStatus describe cluster status Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
DescribeExternalClusterSpec describe external cluster spec Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
DescribeHubClusterCredential get hub cluster credential detail Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
DescribeLogSwitches list log switchs on external cluster Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
DescribePolicies describe policies Resource level qcs::tdcc::uin/:hub/${ClusterId} Supported
DescribeRoles describe roles Resource level qcs::tdcc::uin/:hub/${ClusterId} Supported
DescribeServiceInstances Describe service instances Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
DescribeServicePlans Describe service plans from the PaaS platform Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
DescribeServiceVendors Describe service vendors from the PaaS platform Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported
DescribeUsers describe users Resource level qcs::tdcc::uin/:hub/${ClusterId} Supported
ListClusterCertificates List user certificates in cluster Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
ValidateAnywhereCluster validate anywhere cluster Resource level qcs::tdcc::uin/:cluster/${ClusterId} Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeExternalClusters Describe external cluster list Resource level qcs::tdcc::uin/${uin}:cluster/${clusterId} Supported
DescribeHubClusters List all Hub Clusters Resource level qcs::tdcc::uin/${uin}:cluster/${ClusterId} Supported
DescribeOpenStatus DescribeOpenStatus Operation level * Supported
ForwardRequestTDCC ForwardRequestTDCC Operation level * Supported
ForwardRequestTDCCApp ForwardRequestTDCCApp Operation level * Supported
GetAppChartList GetAppChartList Operation level * Supported
ListRegion ListRegion Operation level * Supported
이전 주제: Tencent Container Registry다음 주제: Cloud Dedicated Cluster

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백