Granting Policy

Custom Policy for TMP
If preset policies cannot meet your needs, you can click Create Custom Policy to create custom policies.
﻿
﻿
﻿
For the method of custom policy creation, please see Setting Policy.
Policy Authorization
A configured policy can grant permissions by associating user groups or sub-users.
﻿
﻿
﻿
Resource Types Authorizable by Custom Policy
Resource-Level permission can be used to specify which resources a user can manipulate. TMP supports certain resource-level permissions. This means that for TMP operations that support resource-level permission, you can control the time when a user is allowed to perform operations or to use specified resources. The following table describes the types of resources that can be authorized in CAM.
Resource Type
Resource Description Method in Authorization Policy
TMP
qcs::monitor:$region:$account:prom-instance/*
qcs::monitor:$region:$account:prom-instance/$instanceId
The following table describes the TMP API operations that currently support resource-level permissions. When setting a policy, you can enter the API operation name in the action field to control the individual API. You can also use * as a wildcard to set the action.
List of APIs supporting resource-level authorization
API Operation
API Description
DescribePrometheusInstances
Lists all TMP instances of the user
TerminatePrometheusInstances
Terminates TMP instance
RecreatePrometheusInstance
Reboots TMP instance
ModifyPrometheusInstanceAttributes
Modifies TMP instance attributes
ChangeGrafanaAdminPassword
Changes Grafana admin Password
UpgradeGrafanaDashboard
Upgrades Grafana dashboard
DescribePrometheusKubeClusters
Lists TKE clusters that can be integrated with TMP
InstallPrometheusAgent
Installs Prometheus agent
UninstallPrometheusAgent
Uninstalls Prometheus agent
DescribeServiceDiscovery
Lists TMP scrape configurations
CreateServiceDiscovery
Creates TMP scrape configuration
UpdateServiceDiscovery
Updates TMP scrape configuration
DeleteServiceDiscovery
Deletes TMP scrape configuration
DescribePrometheusKubeBasicMonitor
Queries basic monitoring status
EnablePrometheusKubeBasicMonitor
Enables basic monitoring
DisablePrometheusKubeBasicMonitor
Disables basic monitoring
DescribePrometheusAgentRuntime
Gets the runtime status of Prometheus agent
DescribePrometheusJobTargets
Lists the status information of TMP metric scrape tasks
DescribeRecordingRules
Queries recording rules
CreateRecordingRule
Creates recording rule
UpdateRecordingRule
Updates recording rule
DeleteRecordingRules
Deletes recording rule
DescribeAlertRules
Queries alarming rules
DeleteAlertRules
Deletes alarming rule
UpdateAlertRuleState
Updates alarming rule status
CreateAlertRule
Creates alarming rule
UpdateAlertRule
Updates alarming rule
List of APIs not supporting resource-level authorization
For TMP API operations that don't support resource-level authorization, you can still authorize a user to perform them, but you must specify * as the resource element in the policy statement.
API Operation
API Description
CreatePrometheusInstance
Creates TMP instance

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Resource Type	Resource Description Method in Authorization Policy
TMP	`qcs::monitor:$region:$account:prom-instance/*` `qcs::monitor:$region:$account:prom-instance/$instanceId`

API Operation	API Description
DescribePrometheusInstances	Lists all TMP instances of the user
TerminatePrometheusInstances	Terminates TMP instance
RecreatePrometheusInstance	Reboots TMP instance
ModifyPrometheusInstanceAttributes	Modifies TMP instance attributes
ChangeGrafanaAdminPassword	Changes Grafana admin Password
UpgradeGrafanaDashboard	Upgrades Grafana dashboard
DescribePrometheusKubeClusters	Lists TKE clusters that can be integrated with TMP
InstallPrometheusAgent	Installs Prometheus agent
UninstallPrometheusAgent	Uninstalls Prometheus agent
DescribeServiceDiscovery	Lists TMP scrape configurations
CreateServiceDiscovery	Creates TMP scrape configuration
UpdateServiceDiscovery	Updates TMP scrape configuration
DeleteServiceDiscovery	Deletes TMP scrape configuration
DescribePrometheusKubeBasicMonitor	Queries basic monitoring status
EnablePrometheusKubeBasicMonitor	Enables basic monitoring
DisablePrometheusKubeBasicMonitor	Disables basic monitoring
DescribePrometheusAgentRuntime	Gets the runtime status of Prometheus agent
DescribePrometheusJobTargets	Lists the status information of TMP metric scrape tasks
DescribeRecordingRules	Queries recording rules
CreateRecordingRule	Creates recording rule
UpdateRecordingRule	Updates recording rule
DeleteRecordingRules	Deletes recording rule
DescribeAlertRules	Queries alarming rules
DeleteAlertRules	Deletes alarming rule
UpdateAlertRuleState	Updates alarming rule status
CreateAlertRule	Creates alarming rule
UpdateAlertRule	Updates alarming rule

API Operation	API Description
CreatePrometheusInstance	Creates TMP instance

tencent cloud

Sign Up

Log in

Compute

Microservice

Data Migration

Database SaaS Tool

Data Security

Application Security

Big Data

Voice Technology

Internet of Things

Stream Services

Cloud Real-time Rendering

Cloud Resource Management

More

Edge Computing

Serverless

Relational Database

Networking

Business Security

Domains & Websites

Face Recognition

AI Platform Service

Middleware

Media On-Demand

Game Services

Management and Audit Tools

Container

Essential Storage Service

Enterprise Distributed DBMS

CDN and Acceleration

Security Services

Enterprise Applications

Tencent Big Model

Natural Language Processing

Communication

Media Process Services

Education Sevices

Developer Tools

Distributed cloud

Data Process and Analysis

NoSQL Database

Network Security

Cloud Security

Office Collaboration

Image Creation

Optical Character Recognition

Interactive Video Services

Media SDK

Medical Services

Monitor and Operation

Custom Policy for TMP

Policy Authorization

Resource Types Authorizable by Custom Policy

List of APIs supporting resource-level authorization

List of APIs not supporting resource-level authorization