tencent cloud

Boost Engagement with Tencent RTC Free TrialFree video and chat features await!

Feedback

Cloud Access Management

Cloud Object Storage

Last updated: 2024-11-26 09:52:51

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
COS cos Supported Supported Resource level Supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AbortMultipartUpload Abort multipart upload Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
DescribeAutoBackup Describe auto backup for lhcos. Operation level * Supported
DescribeBackupTask Describe backup task for lhcos Operation level * Supported
DescribeGsPkgConfig get gs config Operation level * Supported
DescribeJob Describe a specified COS Batch job information Operation level * Supported
DescribeStatCosPackage get user\'s package ingo Operation level * Supported
GetBucket List the objects in the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetBucketACL Get bucket ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketAccelerate Get bucket accelerate configuration. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketAccessMonitor Get bucket access monitor Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
GetBucketBandwidthQuota GET Bucket Bandwidth Quota Operation level * Supported
GetBucketCORS Query the cross-origin resource sharing (CORS) access control configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketDomain Get bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketDomainCertificate get domain certificate status Resource level * Supported
GetBucketEncryption Get Bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketIntelligentTiering Obtain storage bucket intelligent tiered storage configuration information Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketInventory Get bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketLifecycle Query the lifecycle configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketLocation Get bucket location information Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketLogging Query the logging configuration of the bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketLoggingAnalysis Get bucket logging analysis configuration Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
GetBucketNotification Query the notification configuration of the bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketObjectLock Get bucket object lock configuration Resource level qcs::cos:${region}:uid/${appid}:${bucket-appid}/* Supported
GetBucketObjectVersions List historical versions of objects in the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketOrigin Get bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketPolicy Read the permission policy of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketReferer Get bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketReplication Query the cross-bucket replication configuration of a bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketTagging Query the existing bucket tags of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketVersionAcl Get bucket version Acl Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketVersioning Get the versioning information of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetBucketWebsite Query the configuration of static websites associated with a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetLiveChannel get the channel\'s param、status or histroy logs Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
GetObject Get object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetObject Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetObjectACL Get object ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetObjectLegalHold Get object legal hold status. Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
GetObjectRetention Get object retention Resource level qcs::cos:${region}:uid/${appid}:${bucket-appid}/${resource_path} Supported
GetObjectTagging Get object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetObjectVersionAcl Get object version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetService List buckets Operation level * Supported
GetSymlink Get Symlink Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
GetVodPlayList get the vod playlis in specified time Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
HeadBucket Get basic information about the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
HeadObject Get basic information about the object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
ListJobs List COS Batch jobs of CAM user Operation level * Supported
ListMultipartUploads List multipart upload tasks Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
ListParts List uploaded parts Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
OptionsObject Preflight request for CORS Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AppendObject Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
AppendObject append object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
CompleteMultipartUpload Complete multipart upload task Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
CreateAutoBackup Create auto backup for lhcos Operation level * Supported
CreateInstantBackup Create instant backup for lhcos. Operation level * Supported
CreateJob Create a COS Batch job Operation level * Supported
DeleteBucket Delete bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketCORS Delete the cross-origin resource sharing (CORS) access control configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketDomain Delete bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketDomainCertificate delete domain certificate Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketEncryption Delete bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketInventory Delete bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketLifecycle Delete the lifecycle configuration of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketOrigin Delete bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketPolicy Delete a permission policy of a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketReferer Delete bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketReplication Delete the cross-bucket replication configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketTagging Delete the existing bucket tags from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteBucketWebsite Delete the static website configuration from a bucket. Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteJob Delete COS Batch Job configuration Operation level * Supported
DeleteLiveChannel delete a specified channel Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteMultipleObjects Delete objects in bulk Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
DeleteObject Delete object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
DeleteObjectTagging Delete object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
InitiateMultipartUpload Initiate multipart upload task Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PostBucketInventory initiate instant inventory Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PostObject Post object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PostObjectRestore Restore an archive object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PostVodPlayList create a vod playlis in specified time and upload it into the bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PushStream push audio/video streaming data into bucket by created channel Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucket Put bucket Operation level * Supported
PutBucketACL Put bucket ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketAccelerate Put bucket accelerate configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketAccessMonitor put bucket access monitor Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
PutBucketBandwidthQuota PUT Bucket Bandwidth Quota Operation level * Supported
PutBucketCORS Configure bucket cross-domain resource sharing Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketDomain Put bucket domain configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketDomainCertificate bind domain certificate Resource level * Supported
PutBucketEncryption Put bucket encryption configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketIntelligentTiering Enable intelligent tiered storage for buckets Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketInventory Put bucket inventory configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketLifecycle Put bucket lifecycle configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketLogging Put bucket logging configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketLoggingAnalysis Put bucket logging analysis configuration Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/
qcs::cls::uin/:topic/
Supported
PutBucketNotification Put bucket notification configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketObjectLock Put bucket object lock configuration Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
PutBucketOrigin Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketOrigin Put bucket origin configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketPolicy Put bucket policy Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketReferer Put bucket referer Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketReplication Put bucket replication configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketTagging Put bucket tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketVersionAcl Put bucket version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketVersioning Put bucket versioning configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutBucketWebsite Put bucket website configuration Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutLiveChannel create a channel which can be used to push stream, modify a channel\'s switch Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
PutObject Put object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PutObjectACL Put object ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PutObjectCopy Copy object Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PutObjectLegalHold Put object legal hold control Resource level qcs::cos:${region}:uid/${appid}:{bucket-appid}/* Supported
PutObjectRetention Put object retention Resource level qcs::cos:${region}:uid/${appid}:bucket-appid/* Supported
PutObjectTagging Put object tagging Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PutObjectVersionAcl Put object version ACL Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
PutSymlink Create Symlink Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
RenameObject rename object, supported by ofs only Resource level * Supported
RenewBucketBandwidthQuota RENEW Bucket Bandwidth Quota Operation level * Supported
TruncateObject truncate object, supported by ofs only Resource level * Supported
UpdateJobPriority Update a COS Batch job priority Operation level * Supported
UpdateJobStatus Update a COS Batch job status Operation level * Supported
UpgradeBucketBandwidthQuota UPGRADE Bucket Bandwidth Quota Operation level * Supported
UploadPart Upload part Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported
UploadPartCopy Copy upload parts Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path} Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeGsUinOverview DescribeGsUinOverview Operation level * Supported
DescribeGsUser get user regist ingo Operation level * Supported
DescribePkgList get pkg list for console Operation level * Supported
DescribePkgUsedDetail get pkg deduct info Operation level * Supported
DescribeUinDayAmountByTime DescribeUinDayAmountByTime Operation level * Supported
ListLiveChannels list the created channels in a bucket Resource level qcs::cos:${Region}:uid/${uid}:${bucket-appid}/* Supported
Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon