- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Application Performance Management
- Mobile App Performance Monitoring
- Real User Monitoring
- Cloud Automated Testing
- Prometheus Monitoring
- Grafana
- EventBridge
- Quick Start
- Cloud Product Monitoring
- Tencent Cloud Service Metrics
- CVM
- TKE
- Microservice
- Networking
- CBS
- TencentDB
- TencentDB for SQL Server Monitoring Metrics
- TencentDB for MySQL Monitoring Metrics
- TencentDB for Redis Monitoring Metrics
- TencentDB for MongoDB Monitoring Metrics
- TencentDB for PostgreSQL Monitoring Metrics
- TDSQL-C for MySQL Monitoring Metrics
- TencentDB for TcaplusDB Monitoring Metrics
- TencentDB for MariaDB Monitoring Metrics
- TDSQL for MySQL Monitoring Metrics (Legacy)
- TDSQL for MySQL Monitoring Metrics
- SCF
- CKafka
- TDMQ
- CLB
- COS
- CFS
- CPM
- ECM
- CDN And EdgeOne
- Direct Connect
- GAAP
- CMQ
- Elasticsearch
- WAF
- CLS
- Data Analysis
- Operation Guide
- CVM Agents
- CM Connection to Grafana
- Troubleshooting
- Practical Tutorial
- Tencent Cloud Service Metrics
- Application Performance Management
- Product Introduction
- Access Guide
- Operation Guide
- Practical Tutorial
- Parameter Information
- FAQs
- Mobile App Performance Monitoring
- Tencent Cloud Real User Monitoring
- Product Introduction
- Operation Guide
- Connection Guide
- FAQs
- Cloud Automated Testing
- Prometheus Monitoring
- Product Introduction
- Access Guide
- Scrape Configuration Description
- Custom Monitoring
- EMR Integration
- Java Application Integration
- Go Application Integration
- Exporter Integration
- Elasticsearch Exporter Integration
- Kafka Exporter Integration
- MongoDB Exporter Integration
- PostgreSQL Exporter Integration
- NGINX Exporter Integration
- Redis Exporter Integration
- MySQL Exporter Integration
- Consul Exporter Integration
- Memcached Exporter Integration
- Apache Exporter Integration
- Integration with Other Exporters
- CVM Node Exporter
- Health Check
- Cloud Monitoring
- Read Cloud-Hosted Prometheus Instance Data via Remote Read
- Agent Self-Service Access
- Pushgateway Integration
- Instructions for Installing Components in the TKE Cluster
- Security Group Open Description
- Operation Guide
- Practical Tutorial
- Terraform
- FAQs
- Grafana
- Dashboard
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Alarm APIs
- DescribeAlarmPolicies
- DescribeAlarmMetrics
- DescribeAlarmHistories
- CreateAlarmPolicy
- DeleteAlarmPolicy
- DescribeAlarmPolicy
- ModifyAlarmPolicyStatus
- SetDefaultAlarmPolicy
- BindingPolicyObject
- UnBindingPolicyObject
- UnBindingAllPolicyObject
- ModifyAlarmPolicyCondition
- ModifyAlarmPolicyNotice
- ModifyAlarmPolicyTasks
- DescribeMonitorTypes
- DescribeAllNamespaces
- DescribeAlarmEvents
- DescribeBindingPolicyObjectList
- ModifyAlarmPolicyInfo
- DescribeConditionsTemplateList
- Notification Template APIs
- Monitoring Data Query APIs
- Legacy Alert APIs
- Prometheus Service APIs
- DescribePrometheusInstanceUsage
- DescribeServiceDiscovery
- CreateServiceDiscovery
- UpdateAlertRuleState
- UpdateAlertRule
- DescribeAlertRules
- DeleteAlertRules
- CreateAlertRule
- DescribePrometheusInstances
- UpgradeGrafanaDashboard
- UpdatePrometheusScrapeJob
- UpdatePrometheusAgentStatus
- UpdateExporterIntegration
- UninstallGrafanaDashboard
- UnbindPrometheusManagedGrafana
- TerminatePrometheusInstances
- ModifyPrometheusInstanceAttributes
- GetPrometheusAgentManagementCommand
- DestroyPrometheusInstance
- DescribePrometheusScrapeJobs
- DescribePrometheusAgents
- DescribeExporterIntegrations
- DeletePrometheusScrapeJobs
- DeleteExporterIntegration
- CreatePrometheusScrapeJob
- CreatePrometheusAgent
- CreateExporterIntegration
- BindPrometheusManagedGrafana
- UpdateRecordingRule
- DescribeRecordingRules
- DeleteRecordingRules
- CreateRecordingRule
- CreatePrometheusMultiTenantInstancePostPayMode
- DescribePrometheusZones
- Grafana Service APIs
- UpgradeGrafanaInstance
- UpdateSSOAccount
- UpdateGrafanaWhiteList
- UpdateGrafanaNotificationChannel
- UpdateGrafanaIntegration
- UpdateGrafanaEnvironments
- UpdateGrafanaConfig
- UpdateDNSConfig
- UninstallGrafanaPlugins
- ResumeGrafanaInstance
- ModifyGrafanaInstance
- InstallPlugins
- EnableSSOCamCheck
- EnableGrafanaSSO
- EnableGrafanaInternet
- DescribeSSOAccount
- DescribeInstalledPlugins
- DescribeGrafanaWhiteList
- DescribeGrafanaNotificationChannels
- DescribeGrafanaIntegrations
- DescribeGrafanaInstances
- DescribeGrafanaEnvironments
- DescribeGrafanaConfig
- DescribeDNSConfig
- DeleteSSOAccount
- DeleteGrafanaNotificationChannel
- DeleteGrafanaIntegration
- DeleteGrafanaInstance
- CreateSSOAccount
- CreateGrafanaNotificationChannel
- CreateGrafanaIntegration
- CreateGrafanaInstance
- CleanGrafanaInstance
- DescribeGrafanaChannels
- Event Center APIs
- TencentCloud Managed Service for Prometheus APIs
- CreatePrometheusTemp
- CreatePrometheusAlertPolicy
- CreatePrometheusClusterAgent
- CreatePrometheusGlobalNotification
- DeletePrometheusTemp
- DeletePrometheusTempSync
- DeletePrometheusAlertPolicy
- DeletePrometheusClusterAgent
- DescribePrometheusAgentInstances
- DescribePrometheusAlertPolicy
- DescribePrometheusInstanceDetail
- DescribePrometheusClusterAgents
- DescribePrometheusInstanceInitStatus
- DescribePrometheusGlobalConfig
- DescribePrometheusInstancesOverview
- DescribePrometheusGlobalNotification
- DescribePrometheusRecordRules
- DescribePrometheusTemp
- DescribePrometheusTempSync
- DescribePrometheusTargetsTMP
- ModifyPrometheusTemp
- ModifyPrometheusAgentExternalLabels
- ModifyPrometheusAlertPolicy
- ModifyPrometheusGlobalNotification
- RunPrometheusInstance
- DescribeClusterAgentCreatingProgress
- SyncPrometheusTemp
- Monitoring APIs
- Data Types
- Error Codes
- FAQs
- Alarm Management
- Documentation Guide
- Related Agreements
- Glossary
- EventBridge
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Application Performance Management
- Mobile App Performance Monitoring
- Real User Monitoring
- Cloud Automated Testing
- Prometheus Monitoring
- Grafana
- EventBridge
- Quick Start
- Cloud Product Monitoring
- Tencent Cloud Service Metrics
- CVM
- TKE
- Microservice
- Networking
- CBS
- TencentDB
- TencentDB for SQL Server Monitoring Metrics
- TencentDB for MySQL Monitoring Metrics
- TencentDB for Redis Monitoring Metrics
- TencentDB for MongoDB Monitoring Metrics
- TencentDB for PostgreSQL Monitoring Metrics
- TDSQL-C for MySQL Monitoring Metrics
- TencentDB for TcaplusDB Monitoring Metrics
- TencentDB for MariaDB Monitoring Metrics
- TDSQL for MySQL Monitoring Metrics (Legacy)
- TDSQL for MySQL Monitoring Metrics
- SCF
- CKafka
- TDMQ
- CLB
- COS
- CFS
- CPM
- ECM
- CDN And EdgeOne
- Direct Connect
- GAAP
- CMQ
- Elasticsearch
- WAF
- CLS
- Data Analysis
- Operation Guide
- CVM Agents
- CM Connection to Grafana
- Troubleshooting
- Practical Tutorial
- Tencent Cloud Service Metrics
- Application Performance Management
- Product Introduction
- Access Guide
- Operation Guide
- Practical Tutorial
- Parameter Information
- FAQs
- Mobile App Performance Monitoring
- Tencent Cloud Real User Monitoring
- Product Introduction
- Operation Guide
- Connection Guide
- FAQs
- Cloud Automated Testing
- Prometheus Monitoring
- Product Introduction
- Access Guide
- Scrape Configuration Description
- Custom Monitoring
- EMR Integration
- Java Application Integration
- Go Application Integration
- Exporter Integration
- Elasticsearch Exporter Integration
- Kafka Exporter Integration
- MongoDB Exporter Integration
- PostgreSQL Exporter Integration
- NGINX Exporter Integration
- Redis Exporter Integration
- MySQL Exporter Integration
- Consul Exporter Integration
- Memcached Exporter Integration
- Apache Exporter Integration
- Integration with Other Exporters
- CVM Node Exporter
- Health Check
- Cloud Monitoring
- Read Cloud-Hosted Prometheus Instance Data via Remote Read
- Agent Self-Service Access
- Pushgateway Integration
- Instructions for Installing Components in the TKE Cluster
- Security Group Open Description
- Operation Guide
- Practical Tutorial
- Terraform
- FAQs
- Grafana
- Dashboard
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Alarm APIs
- DescribeAlarmPolicies
- DescribeAlarmMetrics
- DescribeAlarmHistories
- CreateAlarmPolicy
- DeleteAlarmPolicy
- DescribeAlarmPolicy
- ModifyAlarmPolicyStatus
- SetDefaultAlarmPolicy
- BindingPolicyObject
- UnBindingPolicyObject
- UnBindingAllPolicyObject
- ModifyAlarmPolicyCondition
- ModifyAlarmPolicyNotice
- ModifyAlarmPolicyTasks
- DescribeMonitorTypes
- DescribeAllNamespaces
- DescribeAlarmEvents
- DescribeBindingPolicyObjectList
- ModifyAlarmPolicyInfo
- DescribeConditionsTemplateList
- Notification Template APIs
- Monitoring Data Query APIs
- Legacy Alert APIs
- Prometheus Service APIs
- DescribePrometheusInstanceUsage
- DescribeServiceDiscovery
- CreateServiceDiscovery
- UpdateAlertRuleState
- UpdateAlertRule
- DescribeAlertRules
- DeleteAlertRules
- CreateAlertRule
- DescribePrometheusInstances
- UpgradeGrafanaDashboard
- UpdatePrometheusScrapeJob
- UpdatePrometheusAgentStatus
- UpdateExporterIntegration
- UninstallGrafanaDashboard
- UnbindPrometheusManagedGrafana
- TerminatePrometheusInstances
- ModifyPrometheusInstanceAttributes
- GetPrometheusAgentManagementCommand
- DestroyPrometheusInstance
- DescribePrometheusScrapeJobs
- DescribePrometheusAgents
- DescribeExporterIntegrations
- DeletePrometheusScrapeJobs
- DeleteExporterIntegration
- CreatePrometheusScrapeJob
- CreatePrometheusAgent
- CreateExporterIntegration
- BindPrometheusManagedGrafana
- UpdateRecordingRule
- DescribeRecordingRules
- DeleteRecordingRules
- CreateRecordingRule
- CreatePrometheusMultiTenantInstancePostPayMode
- DescribePrometheusZones
- Grafana Service APIs
- UpgradeGrafanaInstance
- UpdateSSOAccount
- UpdateGrafanaWhiteList
- UpdateGrafanaNotificationChannel
- UpdateGrafanaIntegration
- UpdateGrafanaEnvironments
- UpdateGrafanaConfig
- UpdateDNSConfig
- UninstallGrafanaPlugins
- ResumeGrafanaInstance
- ModifyGrafanaInstance
- InstallPlugins
- EnableSSOCamCheck
- EnableGrafanaSSO
- EnableGrafanaInternet
- DescribeSSOAccount
- DescribeInstalledPlugins
- DescribeGrafanaWhiteList
- DescribeGrafanaNotificationChannels
- DescribeGrafanaIntegrations
- DescribeGrafanaInstances
- DescribeGrafanaEnvironments
- DescribeGrafanaConfig
- DescribeDNSConfig
- DeleteSSOAccount
- DeleteGrafanaNotificationChannel
- DeleteGrafanaIntegration
- DeleteGrafanaInstance
- CreateSSOAccount
- CreateGrafanaNotificationChannel
- CreateGrafanaIntegration
- CreateGrafanaInstance
- CleanGrafanaInstance
- DescribeGrafanaChannels
- Event Center APIs
- TencentCloud Managed Service for Prometheus APIs
- CreatePrometheusTemp
- CreatePrometheusAlertPolicy
- CreatePrometheusClusterAgent
- CreatePrometheusGlobalNotification
- DeletePrometheusTemp
- DeletePrometheusTempSync
- DeletePrometheusAlertPolicy
- DeletePrometheusClusterAgent
- DescribePrometheusAgentInstances
- DescribePrometheusAlertPolicy
- DescribePrometheusInstanceDetail
- DescribePrometheusClusterAgents
- DescribePrometheusInstanceInitStatus
- DescribePrometheusGlobalConfig
- DescribePrometheusInstancesOverview
- DescribePrometheusGlobalNotification
- DescribePrometheusRecordRules
- DescribePrometheusTemp
- DescribePrometheusTempSync
- DescribePrometheusTargetsTMP
- ModifyPrometheusTemp
- ModifyPrometheusAgentExternalLabels
- ModifyPrometheusAlertPolicy
- ModifyPrometheusGlobalNotification
- RunPrometheusInstance
- DescribeClusterAgentCreatingProgress
- SyncPrometheusTemp
- Monitoring APIs
- Data Types
- Error Codes
- FAQs
- Alarm Management
- Documentation Guide
- Related Agreements
- Glossary
- EventBridge
Custom Policy for TMP
If preset policies cannot meet your needs, you can click Create Custom Policy to create custom policies.
For the method of custom policy creation, please see Setting Policy.
Policy Authorization
A configured policy can grant permissions by associating user groups or sub-users.
Resource Types Authorizable by Custom Policy
Resource-Level permission can be used to specify which resources a user can manipulate. TMP supports certain resource-level permissions. This means that for TMP operations that support resource-level permission, you can control the time when a user is allowed to perform operations or to use specified resources. The following table describes the types of resources that can be authorized in CAM.
Resource Type | Resource Description Method in Authorization Policy |
TMP | qcs::monitor:$region:$account:prom-instance/*qcs::monitor:$region:$account:prom-instance/$instanceId |
The following table describes the TMP API operations that currently support resource-level permissions. When setting a policy, you can enter the API operation name in the
action field to control the individual API. You can also use * as a wildcard to set the action.List of APIs supporting resource-level authorization
API Operation | API Description |
DescribePrometheusInstances | Lists all TMP instances of the user |
TerminatePrometheusInstances | Terminates TMP instance |
RecreatePrometheusInstance | Reboots TMP instance |
ModifyPrometheusInstanceAttributes | Modifies TMP instance attributes |
ChangeGrafanaAdminPassword | Changes Grafana admin Password |
UpgradeGrafanaDashboard | Upgrades Grafana dashboard |
DescribePrometheusKubeClusters | Lists TKE clusters that can be integrated with TMP |
InstallPrometheusAgent | Installs Prometheus agent |
UninstallPrometheusAgent | Uninstalls Prometheus agent |
DescribeServiceDiscovery | Lists TMP scrape configurations |
CreateServiceDiscovery | Creates TMP scrape configuration |
UpdateServiceDiscovery | Updates TMP scrape configuration |
DeleteServiceDiscovery | Deletes TMP scrape configuration |
DescribePrometheusKubeBasicMonitor | Queries basic monitoring status |
EnablePrometheusKubeBasicMonitor | Enables basic monitoring |
DisablePrometheusKubeBasicMonitor | Disables basic monitoring |
DescribePrometheusAgentRuntime | Gets the runtime status of Prometheus agent |
DescribePrometheusJobTargets | Lists the status information of TMP metric scrape tasks |
DescribeRecordingRules | Queries recording rules |
CreateRecordingRule | Creates recording rule |
UpdateRecordingRule | Updates recording rule |
DeleteRecordingRules | Deletes recording rule |
DescribeAlertRules | Queries alarming rules |
DeleteAlertRules | Deletes alarming rule |
UpdateAlertRuleState | Updates alarming rule status |
CreateAlertRule | Creates alarming rule |
UpdateAlertRule | Updates alarming rule |
List of APIs not supporting resource-level authorization
For TMP API operations that don't support resource-level authorization, you can still authorize a user to perform them, but you must specify
* as the resource element in the policy statement.API Operation | API Description |
CreatePrometheusInstance | Creates TMP instance |
Yes
No
Was this page helpful?