- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Access Key
- User Groups
- Role
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Policies
- Permissions Boundary
- Troubleshooting
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- Authorizing Sub-account Full Access to COS Resources under the Account
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- Authorizing Sub-account Read-only Access to VPCs
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Access Key
- User Groups
- Role
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Policies
- Permissions Boundary
- Troubleshooting
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- Authorizing Sub-account Full Access to COS Resources under the Account
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- Authorizing Sub-account Read-only Access to VPCs
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| COS | cos | Supported | Supported | Resource level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AbortMultipartUpload | Abort multipart upload | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| DescribeAutoBackup | Describe auto backup for lhcos. | Operation level | * | Supported |
| DescribeBackupTask | Describe backup task for lhcos | Operation level | * | Supported |
| DescribeGsPkgConfig | get gs config | Operation level | * | Supported |
| DescribeJob | Describe a specified COS Batch job information | Operation level | * | Supported |
| DescribeStatCosPackage | get user\'s package ingo | Operation level | * | Supported |
| GetBucket | List the objects in the bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| GetBucketACL | Get bucket ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketAccelerate | Get bucket accelerate configuration. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketAccessMonitor | Get bucket access monitor | Resource level | qcs::cos:${region}:uid/${appid}:{bucket-appid}/* | Supported |
| GetBucketBandwidthQuota | GET Bucket Bandwidth Quota | Operation level | * | Supported |
| GetBucketCORS | Query the cross-origin resource sharing (CORS) access control configuration of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketDomain | Get bucket domain configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketDomainCertificate | get domain certificate status | Resource level | * | Supported |
| GetBucketEncryption | Get Bucket encryption configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketIntelligentTiering | Obtain storage bucket intelligent tiered storage configuration information | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketInventory | Get bucket inventory configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketLifecycle | Query the lifecycle configuration of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketLocation | Get bucket location information | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketLogging | Query the logging configuration of the bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketLoggingAnalysis | Get bucket logging analysis configuration | Resource level | qcs::cos:${region}:uid/${appid}:{bucket-appid}/* | Supported |
| GetBucketNotification | Query the notification configuration of the bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketObjectLock | Get bucket object lock configuration | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/* | Supported |
| GetBucketObjectVersions | List historical versions of objects in the bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| GetBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| GetBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| GetBucketOrigin | Get bucket origin configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketPolicy | Read the permission policy of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketReferer | Get bucket referer | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketReplication | Query the cross-bucket replication configuration of a bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketTagging | Query the existing bucket tags of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketVersionAcl | Get bucket version Acl | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketVersioning | Get the versioning information of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetBucketWebsite | Query the configuration of static websites associated with a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetLiveChannel | get the channel\'s param、status or histroy logs | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| GetObject | Get object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| GetObject | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported | |
| GetObjectACL | Get object ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| GetObjectLegalHold | Get object legal hold status. | Resource level | qcs::cos:${region}:uid/${appid}:{bucket-appid}/* | Supported |
| GetObjectRetention | Get object retention | Resource level | qcs::cos:${region}:uid/${appid}:${bucket-appid}/${resource_path} | Supported |
| GetObjectTagging | Get object tagging | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| GetObjectVersionAcl | Get object version ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| GetService | List buckets | Operation level | * | Supported |
| GetSymlink | Get Symlink | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| GetVodPlayList | get the vod playlis in specified time | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| HeadBucket | Get basic information about the bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| HeadObject | Get basic information about the object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| ListJobs | List COS Batch jobs of CAM user | Operation level | * | Supported |
| ListMultipartUploads | List multipart upload tasks | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| ListParts | List uploaded parts | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| OptionsObject | Preflight request for CORS | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AppendObject | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported | |
| AppendObject | append object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| CompleteMultipartUpload | Complete multipart upload task | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| CreateAutoBackup | Create auto backup for lhcos | Operation level | * | Supported |
| CreateInstantBackup | Create instant backup for lhcos. | Operation level | * | Supported |
| CreateJob | Create a COS Batch job | Operation level | * | Supported |
| DeleteBucket | Delete bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketCORS | Delete the cross-origin resource sharing (CORS) access control configuration from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketDomain | Delete bucket domain configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketDomainCertificate | delete domain certificate | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketEncryption | Delete bucket encryption configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketInventory | Delete bucket inventory configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketLifecycle | Delete the lifecycle configuration of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| DeleteBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| DeleteBucketOrigin | Delete bucket origin configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketPolicy | Delete a permission policy of a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketReferer | Delete bucket referer | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketReplication | Delete the cross-bucket replication configuration from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketTagging | Delete the existing bucket tags from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteBucketWebsite | Delete the static website configuration from a bucket. | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteJob | Delete COS Batch Job configuration | Operation level | * | Supported |
| DeleteLiveChannel | delete a specified channel | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteMultipleObjects | Delete objects in bulk | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| DeleteObject | Delete object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| DeleteObjectTagging | Delete object tagging | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| InitiateMultipartUpload | Initiate multipart upload task | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PostBucketInventory | initiate instant inventory | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PostObject | Post object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PostObjectRestore | Restore an archive object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PostVodPlayList | create a vod playlis in specified time and upload it into the bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PushStream | push audio/video streaming data into bucket by created channel | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucket | Put bucket | Operation level | * | Supported |
| PutBucketACL | Put bucket ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketAccelerate | Put bucket accelerate configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketAccessMonitor | put bucket access monitor | Resource level | qcs::cos:${region}:uid/${appid}:{bucket-appid}/* | Supported |
| PutBucketBandwidthQuota | PUT Bucket Bandwidth Quota | Operation level | * | Supported |
| PutBucketCORS | Configure bucket cross-domain resource sharing | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketDomain | Put bucket domain configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketDomainCertificate | bind domain certificate | Resource level | * | Supported |
| PutBucketEncryption | Put bucket encryption configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketIntelligentTiering | Enable intelligent tiered storage for buckets | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketInventory | Put bucket inventory configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketLifecycle | Put bucket lifecycle configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketLogging | Put bucket logging configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketLoggingAnalysis | Put bucket logging analysis configuration | Resource level | qcs::cos:${region}:uid/${appid}:{bucket-appid}/ qcs::cls: |
Supported |
| PutBucketNotification | Put bucket notification configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketObjectLock | Put bucket object lock configuration | Resource level | qcs::cos:${region}:uid/${appid}:{bucket-appid}/* | Supported |
| PutBucketOrigin | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported | |
| PutBucketOrigin | Put bucket origin configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketPolicy | Put bucket policy | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketReferer | Put bucket referer | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketReplication | Put bucket replication configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketTagging | Put bucket tagging | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketVersionAcl | Put bucket version ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketVersioning | Put bucket versioning configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutBucketWebsite | Put bucket website configuration | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutLiveChannel | create a channel which can be used to push stream, modify a channel\'s switch | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
| PutObject | Put object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PutObjectACL | Put object ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PutObjectCopy | Copy object | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PutObjectLegalHold | Put object legal hold control | Resource level | qcs::cos:${region}:uid/${appid}:{bucket-appid}/* | Supported |
| PutObjectRetention | Put object retention | Resource level | qcs::cos:${region}:uid/${appid}:bucket-appid/* | Supported |
| PutObjectTagging | Put object tagging | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PutObjectVersionAcl | Put object version ACL | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| PutSymlink | Create Symlink | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| RenameObject | rename object, supported by ofs only | Resource level | * | Supported |
| RenewBucketBandwidthQuota | RENEW Bucket Bandwidth Quota | Operation level | * | Supported |
| TruncateObject | truncate object, supported by ofs only | Resource level | * | Supported |
| UpdateJobPriority | Update a COS Batch job priority | Operation level | * | Supported |
| UpdateJobStatus | Update a COS Batch job status | Operation level | * | Supported |
| UpgradeBucketBandwidthQuota | UPGRADE Bucket Bandwidth Quota | Operation level | * | Supported |
| UploadPart | Upload part | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
| UploadPartCopy | Copy upload parts | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeGsUinOverview | DescribeGsUinOverview | Operation level | * | Supported |
| DescribeGsUser | get user regist ingo | Operation level | * | Supported |
| DescribePkgList | get pkg list for console | Operation level | * | Supported |
| DescribePkgUsedDetail | get pkg deduct info | Operation level | * | Supported |
| DescribeUinDayAmountByTime | DescribeUinDayAmountByTime | Operation level | * | Supported |
| ListLiveChannels | list the created channels in a bucket | Resource level | qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* | Supported |
Yes
No
Was this page helpful?