- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Access Key
- User Groups
- Role
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Policies
- Permissions Boundary
- Troubleshooting
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- Authorizing Sub-account Full Access to COS Resources under the Account
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- Authorizing Sub-account Read-only Access to VPCs
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Access Key
- User Groups
- Role
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Policies
- Permissions Boundary
- Troubleshooting
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- Authorizing Sub-account Full Access to COS Resources under the Account
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- Authorizing Sub-account Read-only Access to VPCs
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Tencent Cloud Organization | organization | Supported | not supported | Operation level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AcceptJoinShareUnitInvitation | AcceptJoinShareUnitInvitation | Operation level | * | Supported |
| AcceptMemberChangePermission | AcceptMemberChangePermission | Operation level | * | Supported |
| AcceptOrganizationInvitation | Accept Organization Invitation | Operation level | * | Supported |
| AddExternalSAMLIdPCertificate | Add SAML signing certificate | Operation level | * | Supported |
| AddOrganizationCloudApplication | AddOrganizationCloudApplication | Operation level | * | Supported |
| AddOrganizationCloudApplicationAccount | AddOrganizationCloudApplicationAccount | Operation level | * | Supported |
| AddOrganizationMemberEmail | AddOrganizationMemberEmail | Operation level | * | Supported |
| AddOrganizationNode | Add Organization Node | Operation level | * | Supported |
| AddOrganizationNodeTags | AddOrganizationNodeTags | Operation level | * | Supported |
| AddPermissionPolicyToRoleConfiguration | Add policies for permission configuration | Operation level | * | Supported |
| AddShareUnit | AddShareUnit | Operation level | * | Supported |
| AddShareUnitMembers | AddShareUnitMembers | Operation level | * | Supported |
| AddShareUnitResources | AddShareUnitResources | Operation level | * | Supported |
| AddUserToGroup | Add users to user groups | Operation level | * | Supported |
| AttachPolicy | Attach policy. | Operation level | * | Supported |
| BatchAddUserToGroup | Batch add users to user groups | Operation level | * | Supported |
| BatchCreateUser | Batch Create Users | Operation level | * | Supported |
| BatchRemoveUserFromGroup | Batch remove users from user groups | Operation level | * | Supported |
| BindOrganizationMemberAuthAccount | BindOrganizationMemberAuthAccount | Operation level | * | Supported |
| BindOrganizationPolicyGroup | BindOrganizationPolicyGroup | Operation level | * | Supported |
| BindOrganizationPolicySubAccount | BindOrganizationPolicySubAccount | Operation level | * | Supported |
| CancelMemberChangePermission | CancelMemberChangePermission | Operation level | * | Supported |
| CancelOrganizationInvitation | Cancel Organization Invitation | Operation level | * | Supported |
| CancelOrganizationMemberAuthAccount | CancelOrganizationMemberAuthAccount | Operation level | * | Supported |
| CancelOrganizationPolicyGroup | CancelOrganizationPolicyGroup | Operation level | * | Supported |
| ClearExternalSAMLIdentityProvider | Clear SAML identity provider configuration information | Operation level | * | Supported |
| CreateGroup | Create user groups | Operation level | * | Supported |
| CreateMemberOperateProcess | CreateMemberOperateProcess | Operation level | * | Supported |
| CreateOrgMemberProductServiceRole | CreateOrgMemberProductServiceRole | Operation level | * | Supported |
| CreateOrgServiceAssign | CreateOrgServiceAssign | Operation level | * | Supported |
| CreateOrganization | CreateOrganization | Operation level | * | Supported |
| CreateOrganizationAuthRelationApply | CreateOrganizationAuthRelationApply | Operation level | * | Supported |
| CreateOrganizationIdentity | CreateOrganizationIdentity | Operation level | * | Supported |
| CreateOrganizationMember | CreateOrganizationMember | Operation level | * | Supported |
| CreateOrganizationMemberAuthIdentity | CreateOrganizationMemberAuthIdentity | Operation level | * | Supported |
| CreateOrganizationMemberPolicy | CreateOrganizationMemberPolicy | Operation level | * | Supported |
| CreateOrganizationMembersPolicy | CreateOrganizationMembersPolicy | Operation level | * | Supported |
| CreatePolicy | Create policy. | Operation level | * | Supported |
| CreateResourceTypeInYeHe | CreateResourceTypeInYeHe | Operation level | * | Supported |
| CreateRoleAssignment | Authorize on member accounts | Operation level | * | Supported |
| CreateRoleConfiguration | Create role configuration | Operation level | * | Supported |
| CreateSCIMCredential | Create SCIM Credential | Operation level | * | Supported |
| CreateUser | create user | Operation level | * | Supported |
| CreateUserSyncProvisioning | Create sub user synchronization task | Operation level | * | Supported |
| DeleteAccount | DeleteAccount | Operation level | * | Supported |
| DeleteGroup | Delete User Group | Operation level | * | Supported |
| DeleteMemberOperateProcess | DeleteMemberOperateProcess | Operation level | * | Supported |
| DeleteOrgServiceAssign | DeleteOrgServiceAssign | Operation level | * | Supported |
| DeleteOrganization | DeleteOrganization | Operation level | * | Supported |
| DeleteOrganizationAuthRelation | DeleteOrganizationAuthRelation | Operation level | * | Supported |
| DeleteOrganizationCloudApplication | DeleteOrganizationCloudApplication | Operation level | * | Supported |
| DeleteOrganizationCloudApplicationAccount | DeleteOrganizationCloudApplicationAccount | Operation level | * | Supported |
| DeleteOrganizationIdentity | DeleteOrganizationIdentity | Operation level | * | Supported |
| DeleteOrganizationMemberAuthIdentity | DeleteOrganizationMemberAuthIdentity | Operation level | * | Supported |
| DeleteOrganizationMemberFromNode | DeleteOrganizationMemberFromNode | Operation level | * | Supported |
| DeleteOrganizationMembers | DeleteOrganizationMembers | Operation level | * | Supported |
| DeleteOrganizationMembersPolicy | DeleteOrganizationMembersPolicy | Operation level | * | Supported |
| DeleteOrganizationNodeMembers | DeleteOrganizationNodeMembers | Operation level | * | Supported |
| DeleteOrganizationNodeTags | DeleteOrganizationNodeTags | Operation level | * | Supported |
| DeleteOrganizationNodes | DeleteOrganizationNodes | Operation level | * | Supported |
| DeletePolicy | Delete policy. | Operation level | * | Supported |
| DeleteRoleAssignment | Remove authorization from member accounts | Operation level | * | Supported |
| DeleteRoleConfiguration | Delete role configuration | Operation level | * | Supported |
| DeleteSCIMCredential | Delete SCIM Credential | Operation level | * | Supported |
| DeleteShareUnit | DeleteShareUnit | Operation level | * | Supported |
| DeleteShareUnitMembers | DeleteShareUnitMembers | Operation level | * | Supported |
| DeleteShareUnitResources | DeleteShareUnitResources | Operation level | * | Supported |
| DeleteUser | Delete user | Operation level | * | Supported |
| DeleteUserSyncProvisioning | Delete CAM user synchronization | Operation level | * | Supported |
| DenyMemberChangePermission | DenyMemberChangePermission | Operation level | * | Supported |
| DenyOrganizationCreateRecord | DenyOrganizationCreateRecord | Operation level | * | Supported |
| DenyOrganizationInvitation | DenyOrganizationInvitation | Operation level | * | Supported |
| DetachPolicy | Detach policy. | Operation level | * | Supported |
| DisablePolicyType | Disable policy type. | Operation level | * | Supported |
| DismantleRoleConfiguration | Deploy access configuration to member accounts | Operation level | * | Supported |
| EnablePolicyType | Enable policy type. | Operation level | * | Supported |
| ExitShareUnit | ExitShareUnit | Operation level | * | Supported |
| InviteOrganizationMember | InviteOrganizationMember | Operation level | * | Supported |
| MoveOrganizationMembersToNode | MoveOrganizationMembersToNode | Operation level | * | Supported |
| MoveOrganizationNode | MoveOrganizationNode | Operation level | * | Supported |
| MoveOrganizationNodeMembers | MoveOrganizationNodeMembers | Operation level | * | Supported |
| ProvisionRoleConfiguration | Deploy access configuration to member accounts | Operation level | * | Supported |
| QuitOrganization | QuitOrganization | Operation level | * | Supported |
| ReceiveOrganizationMemberDeregisterStatus | ReceiveOrganizationMemberDeregisterStatus | Operation level | * | not supported |
| RejectJoinShareUnitInvitation | RejectJoinShareUnitInvitation | Operation level | * | Supported |
| RemoveExternalSAMLIdPCertificate | Remove SAML signing certificate | Operation level | * | Supported |
| RemovePermissionPolicyFromRoleConfiguration | Configure removal policies for permissions | Operation level | * | Supported |
| RemoveUserFromGroup | Remove users from user groups | Operation level | * | Supported |
| RetryUserSyncProvisioningEvent | Deploy permission configuration to member accounts | Operation level | * | Supported |
| SendOrgMemberAccountBindEmail | SendOrgMemberAccountBindEmail | Operation level | * | Supported |
| SendOrganizationInvitation | SendOrganizationInvitation | Operation level | * | Supported |
| SetExternalSAMLIdentityProvider | Configure SAML identity provider information | Operation level | * | Supported |
| SetMemberDeletionPermission | SetMemberDeletionPermission | Operation level | * | Supported |
| SetOrganizationAuthRelationManage | SetOrganizationAuthRelationManage | Operation level | * | Supported |
| SetOrganizationCloudApplicationStatus | SetOrganizationCloudApplicationStatus | Operation level | * | Supported |
| UpdateCustomPolicyForRoleConfiguration | Modify custom policies for permission configuration | Operation level | * | Supported |
| UpdateGroup | Modify user group information | Operation level | * | Supported |
| UpdateMemberOperateProcess | UpdateMemberOperateProcess | Operation level | * | Supported |
| UpdateMemberOperateProcessStatus | UpdateMemberOperateProcessStatus | Operation level | * | Supported |
| UpdateOrgNode | UpdateOrgNode | Resource level | qcs::organization::uin/${uin}:node/${nodeId} | not supported |
| UpdateOrganizationIdentity | UpdateOrganizationIdentity | Operation level | * | Supported |
| UpdateOrganizationMember | UpdateOrganizationMember | Operation level | * | Supported |
| UpdateOrganizationMemberEmailBind | UpdateOrganizationMemberEmailBind | Operation level | * | Supported |
| UpdateOrganizationMembersPolicy | UpdateOrganizationMembersPolicy | Operation level | * | Supported |
| UpdateOrganizationNode | UpdateOrganizationNode | Operation level | * | Supported |
| UpdateOrganizationNodeTag | UpdateOrganizationNodeTag | Operation level | * | Supported |
| UpdatePolicy | Update policy. | Operation level | * | Supported |
| UpdateResourceTypeInYeHe | UpdateResourceTypeInYeHe | Operation level | * | Supported |
| UpdateRoleConfiguration | Update role configuration | Operation level | * | Supported |
| UpdateSCIMCredentialStatus | enable or disable SCIM credential | Operation level | * | Supported |
| UpdateSCIMSynchronizationStatus | Enable or disable SCIM synchronization status | Operation level | * | Supported |
| UpdateShareUnit | UpdateShareUnit | Operation level | * | Supported |
| UpdateUser | Modifying User Information | Operation level | * | Supported |
| UpdateUserStatus | Modify user status | Operation level | * | Supported |
| UpdateUserSyncProvisioning | Update CAM user synchronization | Operation level | * | Supported |
| UpdateZone | Update user\'s zoneName | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckAccountDelete | CheckAccountDelete | Operation level | * | Supported |
| CheckAccountStatus | CheckAccountStatus | Operation level | * | Supported |
| CheckChangeMemberAuthName | CheckChangeMemberAuthName | Operation level | * | Supported |
| DescribeCloudApplicationToMember | DescribeCloudApplicationToMember | Operation level | * | Supported |
| DescribeEventByProduct | DescribeEventByProduct | Operation level | * | Supported |
| DescribeIdentityCenter | Describe user cam identity center | Operation level | * | Supported |
| DescribeManagerShareMembers | DescribeManagerShareMembers | Operation level | * | Supported |
| DescribeManagerShareResources | DescribeManagerShareResources | Operation level | * | Supported |
| DescribeMemberChangePermissionRecords | DescribeMemberChangePermissionRecords | Operation level | * | Supported |
| DescribeMemberDeletionPermission | DescribeMemberDeletionPermission | Operation level | * | Supported |
| DescribeOrganization | DescribeOrganization | Operation level | * | Supported |
| DescribeOrganizationAuthNode | DescribeOrganizationAuthNode | Operation level | * | Supported |
| DescribeOrganizationAuthPolicies | DescribeOrganizationAuthPolicies | Operation level | * | Supported |
| DescribeOrganizationAuthRelationApplies | DescribeOrganizationAuthRelationApplies | Operation level | * | Supported |
| DescribeOrganizationAuthRelations | DescribeOrganizationAuthRelations | Operation level | * | Supported |
| DescribeOrganizationBeInviteRecord | DescribeOrganizationBeInviteRecord | Operation level | * | Supported |
| DescribeOrganizationCollPolicies | get Organization Control Policies | Operation level | * | Supported |
| DescribeOrganizationCreateRecord | DescribeOrganizationCreateRecord | Operation level | * | Supported |
| DescribeOrganizationFinancialByMember | DescribeOrganizationFinancialByMember | Operation level | * | Supported |
| DescribeOrganizationFinancialByMonth | DescribeOrganizationFinancialByMonth | Operation level | * | Supported |
| DescribeOrganizationFinancialByProduct | DescribeOrganizationFinancialByProduct | Operation level | * | Supported |
| DescribeOrganizationFinancialMemberNum | DescribeOrganizationFinancialMemberNum | Operation level | * | Supported |
| DescribeOrganizationIdentity | DescribeOrganizationIdentity | Operation level | * | Supported |
| DescribeOrganizationInviteRecord | DescribeOrganizationInviteRecord | Operation level | * | Supported |
| DescribeOrganizationMember | DescribeOrganizationMember | Operation level | * | Supported |
| DescribeOrganizationMemberAuthAccounts | DescribeOrganizationMemberAuthAccounts | Operation level | * | Supported |
| DescribeOrganizationMemberAuthIdentities | DescribeOrganizationMemberAuthIdentities | Operation level | * | Supported |
| DescribeOrganizationMemberBindInfo | DescribeOrganizationMemberBindInfo | Operation level | * | Supported |
| DescribeOrganizationMemberByUin | DescribeOrganizationMemberByUin | Operation level | * | Supported |
| DescribeOrganizationMemberDeregisterStatus | DescribeOrganizationMemberDeregisterStatus | Operation level | * | not supported |
| DescribeOrganizationMemberEmailBind | DescribeOrganizationMemberEmailBind | Operation level | * | Supported |
| DescribeOrganizationMemberNodes | DescribeOrganizationMemberNodes | Operation level | * | Supported |
| DescribeOrganizationMemberPolicies | DescribeOrganizationMemberPolicies | Operation level | * | Supported |
| DescribeOrganizationMembers | DescribeOrganizationMembers | Operation level | * | Supported |
| DescribeOrganizationMembersCanAuthIdentities | DescribeOrganizationMembersCanAuthIdentities | Operation level | * | Supported |
| DescribeOrganizationNode | DescribeOrganizationNode | Operation level | * | Supported |
| DescribeOrganizationNodeByName | DescribeOrganizationNodeByName | Operation level | * | Supported |
| DescribeOrganizationNodeMemberRecords | DescribeOrganizationNodeMemberRecords | Operation level | * | Supported |
| DescribeOrganizationNodeMembers | DescribeOrganizationNodeMembers | Operation level | * | Supported |
| DescribeOrganizationNodeRecords | DescribeOrganizationNodeRecords | Operation level | * | Supported |
| DescribeOrganizationNodeTags | DescribeOrganizationNodeTags | Operation level | * | Supported |
| DescribeOrganizationNodes | DescribeOrganizationNodes | Operation level | * | Supported |
| DescribeOrganizationNodesByParent | DescribeOrganizationNodesByParent | Operation level | * | Supported |
| DescribeOrganizationOverView | Get Organization OverView | Operation level | * | Supported |
| DescribeOrganizationPendingCreateRecord | DescribeOrganizationPendingCreateRecord | Operation level | * | Supported |
| DescribeOrganizationPolicy | DescribeOrganizationPolicy | Operation level | * | Supported |
| DescribeOrganizationRecords | DescribeOrganizationRecords | Operation level | * | Supported |
| DescribeOrganizationServiceRole | DescribeOrganizationServiceRole | Operation level | * | Supported |
| DescribeOrganizationSubAccountByDay | DescribeOrganizationSubAccountByDay | Operation level | * | Supported |
| DescribeOrganizationSubAccountByMonth | DescribeOrganizationSubAccountByMonth | Operation level | * | Supported |
| DescribePolicy | DescribePolicy | Operation level | * | Supported |
| DescribePolicyConfig | DescribePolicyConfig | Operation level | * | Supported |
| DescribeProductUsedInEvent | DescribeProductUsedInEvent | Operation level | * | Supported |
| DescribeResourceToShareMember | DescribeResourceToShareMember | Operation level | * | Supported |
| DescribeResourceToShareMemberByType | DescribeResourceToShareMemberByType | Operation level | * | Supported |
| DescribeResourceTypes | DescribeResourceTypes | Operation level | * | Supported |
| DescribeShareAreas | DescribeShareAreas | Operation level | * | Supported |
| DescribeShareUnit | DescribeShareUnit | Operation level | * | Supported |
| DescribeShareUnitMemberRecords | DescribeShareUnitMemberRecords | Operation level | * | Supported |
| DescribeShareUnitMembers | DescribeShareUnitMembers | Operation level | * | Supported |
| DescribeShareUnitResources | DescribeShareUnitResources | Operation level | * | Supported |
| DescribeShareUnits | DescribeShareUnits | Operation level | * | Supported |
| DescribeUnitToShareMember | DescribeUnitToShareMember | Operation level | * | Supported |
| GetExternalSAMLIdentityProvider | Query SAML identity provider configuration information | Operation level | * | Supported |
| GetGroup | Query user group information | Operation level | * | Supported |
| GetOrganization | GetOrganization | Operation level | * | Supported |
| GetOrganizationMember | GetOrganizationMember | Operation level | * | Supported |
| GetProvisioningTaskStatus | Query the status of user synchronous asynchronous tasks | Operation level | * | Supported |
| GetRoleConfiguration | Query role configuration information | Operation level | * | Supported |
| GetSCIMSynchronizationStatus | Get SCIM Synchronization Status | Operation level | * | Supported |
| GetTaskStatus | Query the status of asynchronous tasks | Operation level | * | Supported |
| GetUser | Query user information | Operation level | * | Supported |
| GetUserSyncProvisioning | Query CAM user synchronization | Operation level | * | Supported |
| GetUserSyncProvisioningEvent | Query CAM user synchronization events | Operation level | * | Supported |
| GetZoneSAMLServiceProviderInfo | Query SAML service provider information | Operation level | * | Supported |
| GetZoneStatistics | Query zone statistics | Operation level | * | Supported |
| ListExternalSAMLIdPCertificates | Query SAML signing certificate list | Operation level | * | Supported |
| ListGroupMembers | Query user list in user group | Operation level | * | Supported |
| ListGroups | Query user group list | Operation level | * | Supported |
| ListJoinedGroupsForUser | Query user groups joined by users | Operation level | * | Supported |
| ListNonCompliantResource | ListNonCompliantResource | Operation level | * | Supported |
| ListOrganizationCloudApplication | ListOrganizationCloudApplication | Operation level | * | Supported |
| ListOrganizationInvitations | ListOrganizationInvitations | Operation level | * | Supported |
| ListOrganizationMembers | ListOrganizationMembers | Operation level | * | Supported |
| ListOrganizationNodeMembers | ListOrganizationNodeMembers | Operation level | * | Supported |
| ListOrganizationNodes | ListOrganizationNodes | Operation level | * | Supported |
| ListPermissionPoliciesInRoleConfiguration | Obtain the policy list in the permission configuration | Operation level | * | Supported |
| ListPoliciesForTarget | ListPoliciesForTarget | Operation level | * | Supported |
| ListRoleAssignments | Query authorization list | Operation level | * | Supported |
| ListRoleConfigurationProvisionings | Query permission configuration deployment list | Operation level | * | Supported |
| ListRoleConfigurations | Query permission configuration list | Operation level | * | Supported |
| ListTasks | Query asynchronous task list | Operation level | * | Supported |
| ListUserSyncProvisioningEvents | Query CAM user synchronization event list | Operation level | * | Supported |
| ListUserSyncProvisionings | Query CAM user synchronization list | Operation level | * | Supported |
| ListUsers | Query user list | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeMemberBeChangePermissionRecords | DescribeMemberBeChangePermissionRecords | Operation level | * | Supported |
| DescribeOrganizationMembersAuthAccount | DescribeOrganizationMembersAuthAccount | Operation level | * | Supported |
| DescribeOrganizationMembersAuthPolicy | DescribeOrganizationMembersAuthPolicy | Operation level | * | Supported |
| DescribeShareResourceUsageRecords | DescribeShareResourceUsageRecords | Operation level | * | Supported |
| DescribeShareResourcesByType | DescribeShareResourcesByType | Operation level | * | not supported |
| ListMemberOperateProcess | ListMemberOperateProcess | Operation level | * | Supported |
| ListOrgMemberSubAccount | ListOrgMemberSubAccount | Operation level | * | Supported |
| ListOrgServiceAssignMember | ListOrgServiceAssignMember | Operation level | * | Supported |
| ListOrganizationIdentity | ListOrganizationIdentity | Operation level | * | Supported |
| ListOrganizationService | ListOrganizationService | Operation level | * | Supported |
| ListPolicies | ListPolicies | Operation level | * | Supported |
| ListSCIMCredentials | List User SCIM Credentials | Operation level | * | Supported |
| ListTargetsForPolicy | ListTargetsForPolicy | Operation level | * | Supported |
Yes
No
Was this page helpful?