tencent cloud

Detect AI Fraud with Tencent eKYC！Intercept 99%+ Deepfake Attacks!

Tencent Container Registry

Updates and Announcements

Release Notes

Announcements

Announcement on Merging the Entries of TCR Enterprise and TCR Individual

Product Introduction

Purchase Guide

Quick Start

TCR Individual Getting Started

Operation Guide

Creating an Enterprise Edition Instance

Access Configuration

Credential Access Control

Managing User Accounts

Managing Service Accounts

Network Access Control

Network Access Control Overview

Configuring Public Network Access Control

Private Network Access Control

Access Permission Configuration

Overview

CAM APIs for Enterprise Edition

TCR Enterprise Authorization Management

Access Domain Name Configuration

Configuring Custom Domain Name

Manage Image Repository

Managing Namespaces

Basic Image Repository Operations

Image Distribution

Intra-Instance Multi-Region Image Replication

Cross-Tenant Synchronization

Loading Container Images on Demand

Image Security

Container Image Security Scanning

Configuring Image Tag Immutability

Blocking the Deployment of High-Risk Images

Container Image Signature

Synchronization and Replication

Configuring Instance Synchronization

Configuring Instance Replication

Configuring Image Tag Retention

Image Cleanup

Auto-Deleting Image Tags

Releasing COS Storage Capacity

DevOps

Managing Triggers

OCI Artifacts Management

OCI Artifacts Management Overview

Management Helm Chart

Operation Guide for TCR Individual

Resetting the Login Password

Configuring Access Permission

CAM APIs for Personal Edition

Example of Authorization Solution of TCR Individual

Update Guide of Resource Level APIs and Authorization Solution of Personal Edition

Configuring Garbage Collection

Terminating/Returning Instances

Practical Tutorial

TCR Personal migration

Migration from TCR Individual to TCR Enterprise

Using Personal Edition Domain Name to Access Enterprise Edition Instance

TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network

Synchronizing Images to TCR Enterprise Edition from External Harbor

TKE Serverless Clusters Pull TCR Container Images

Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud

Nearby Access Through Image Synchronization Between Multiple Global Regions

Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access

API Documentation

Making API Requests

Instance Management APIs

CheckInstance

CheckInstanceName

CreateImageAccelerationService

CreateInstanceCustomizedDomain

CreateInstanceToken

DeleteImageAccelerateService

DeleteInstance

DeleteInstanceCustomizedDomain

DeleteInstanceToken

DescribeImageAccelerateService

DescribeInstanceCustomizedDomain

DescribeInstanceStatus

DescribeInstanceToken

Namespace APIs

CreateImmutableTagRules

CreateNamespace

CreateSignaturePolicy

DeleteImmutableTagRules

DeleteNamespace

DeleteSignaturePolicy

DescribeImmutableTagRules

DescribeInstanceAllNamespaces

ModifyImmutableTagRules

ModifyNamespace

DescribeNamespaces

Access Control APIs

CreateMultipleSecurityPolicy

DeleteMultipleSecurityPolicy

DescribeExternalEndpointStatus

DescribeInternalEndpoints

DescribeSecurityPolicies

ManageExternalEndpoint

ManageInternalEndpoint

ModifySecurityPolicy

DeleteSecurityPolicy

Instance Synchronization APIs

CreateReplicationInstance

DeleteReplicationInstance

DescribeReplicationInstanceCreateTasks

DescribeReplicationInstanceSyncStatus

DescribeReplicationInstances

ManageReplication

Tag Retention APIs

CreateTagRetentionExecution

CreateTagRetentionRule

DeleteTagRetentionRule

DescribeTagRetentionExecution

DescribeTagRetentionExecutionTask

DescribeTagRetentionRules

ModifyTagRetentionRule

Trigger APIs

CreateWebhookTrigger

DeleteWebhookTrigger

DescribeWebhookTrigger

DescribeWebhookTriggerLog

ModifyWebhookTrigger

Helm Chart APIs

DescribeChartDownloadInfo

DownloadHelmChart

Image Repository APIs

DescribeImageManifests

Custom Account APIs

ModifyServiceAccountPassword

DescribeServiceAccounts

Data Types

Error Codes

FAQs

TCR Individual Edition

TCR Enterprise Edition

Related Agreement

Service Level Agreement

Contact Us

Glossary

DocumentationTencent Container RegistryOperation GuideOperation Guide for TCR IndividualConfiguring Access PermissionExample of Authorization Solution of TCR Individual

Example of Authorization Solution of TCR Individual

Download PDF

Last updated: 2024-12-02 14:30:05

Example of Authorization Solution of TCR Individual

Last updated: 2024-12-02 14:30:05

Download PDF

Policy Configuration in Typical Scenarios
Note: 
The following scenario policies are only used for TCR Individual use cases.
Grant a sub-account the full read/write permissions for all resources in TCR Individual.
{
  "version": "2.0",
  "statement": [{
      "action": [
          "tcr:*"
      ],
      "resource": [
          "qcs::tcr:::repo/*"
      ],
      "effect": "allow"
  }]
}
Grant a sub-account the read-only permission for all resources in TCR Individual (former Image Repositories in TKE).
{
  "version": "2.0",
  "statement": [{
      "action": [
          "tcr:Describe*",
          "tcr:PullRepository*"
      ],
      "resource": [
          "qcs::tcr:::repo/*"
      ],
      "effect": "allow"
  }]
}
Grant a sub-account permissions to manage the specific namespace in the specific region. For example, the namespace team-01 in the default region.
{
  "version": "2.0",
  "statement": [{
          "action": [
              "tcr:*"
          ],
          "resource": [
              "qcs::tcr:::repo/team-01",
              "qcs::tcr:::repo/team-01/*"
          ],
          "effect": "allow"
      }
  ]
}
Grant a sub-account the read-only permission for an image repository, which means that the sub-account can only pull the images in the image repository instead of deleting the repository, modifying repository attributes, or pushing images. For example, the image repository repo-demo in the namespace team-01 in the default region.
{
  "version": "2.0",
  "statement": [{
          "action": [
              "tcr:Describe*",
              "tcr:PullRepositoryPersonal"
          ],
          "resource": [
              "qcs::tcr:::repo/team-01",
              "qcs::tcr:::repo/team-01/repo-demo",
              "qcs::tcr:::repo/team-01/repo-demo/*"
          ],
          "effect": "allow"
      }
  ]
}
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

No

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

7x24 Phone Support

Hong Kong, China

+852 800 906 020 (Toll Free)

United States

+1 844 606 0804 (Toll Free)

United Kingdom

+44 808 196 4551 (Toll Free)

Canada

+1 888 605 7930 (Toll Free)

Australia

+61 1300 986 386 (Toll Free)

EdgeOne hotline

+852 300 80699

More local hotlines coming soon

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service free trial

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center

Key Management Service