tencent cloud

Feedback

Tencent Cloud Organization

Last updated: 2024-11-26 09:56:25

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Tencent Cloud Organization organization Supported not supported Operation level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AcceptJoinShareUnitInvitation AcceptJoinShareUnitInvitation Operation level * Supported
    AcceptMemberChangePermission AcceptMemberChangePermission Operation level * Supported
    AcceptOrganizationInvitation Accept Organization Invitation Operation level * Supported
    AddExternalSAMLIdPCertificate Add SAML signing certificate Operation level * Supported
    AddOrganizationCloudApplication AddOrganizationCloudApplication Operation level * Supported
    AddOrganizationCloudApplicationAccount AddOrganizationCloudApplicationAccount Operation level * Supported
    AddOrganizationMemberEmail AddOrganizationMemberEmail Operation level * Supported
    AddOrganizationNode Add Organization Node Operation level * Supported
    AddOrganizationNodeTags AddOrganizationNodeTags Operation level * Supported
    AddPermissionPolicyToRoleConfiguration Add policies for permission configuration Operation level * Supported
    AddShareUnit AddShareUnit Operation level * Supported
    AddShareUnitMembers AddShareUnitMembers Operation level * Supported
    AddShareUnitResources AddShareUnitResources Operation level * Supported
    AddUserToGroup Add users to user groups Operation level * Supported
    AttachPolicy Attach policy. Operation level * Supported
    BatchAddUserToGroup Batch add users to user groups Operation level * Supported
    BatchCreateUser Batch Create Users Operation level * Supported
    BatchRemoveUserFromGroup Batch remove users from user groups Operation level * Supported
    BindOrganizationMemberAuthAccount BindOrganizationMemberAuthAccount Operation level * Supported
    BindOrganizationPolicyGroup BindOrganizationPolicyGroup Operation level * Supported
    BindOrganizationPolicySubAccount BindOrganizationPolicySubAccount Operation level * Supported
    CancelMemberChangePermission CancelMemberChangePermission Operation level * Supported
    CancelOrganizationInvitation Cancel Organization Invitation Operation level * Supported
    CancelOrganizationMemberAuthAccount CancelOrganizationMemberAuthAccount Operation level * Supported
    CancelOrganizationPolicyGroup CancelOrganizationPolicyGroup Operation level * Supported
    ClearExternalSAMLIdentityProvider Clear SAML identity provider configuration information Operation level * Supported
    CreateGroup Create user groups Operation level * Supported
    CreateMemberOperateProcess CreateMemberOperateProcess Operation level * Supported
    CreateOrgMemberProductServiceRole CreateOrgMemberProductServiceRole Operation level * Supported
    CreateOrgServiceAssign CreateOrgServiceAssign Operation level * Supported
    CreateOrganization CreateOrganization Operation level * Supported
    CreateOrganizationAuthRelationApply CreateOrganizationAuthRelationApply Operation level * Supported
    CreateOrganizationIdentity CreateOrganizationIdentity Operation level * Supported
    CreateOrganizationMember CreateOrganizationMember Operation level * Supported
    CreateOrganizationMemberAuthIdentity CreateOrganizationMemberAuthIdentity Operation level * Supported
    CreateOrganizationMemberPolicy CreateOrganizationMemberPolicy Operation level * Supported
    CreateOrganizationMembersPolicy CreateOrganizationMembersPolicy Operation level * Supported
    CreatePolicy Create policy. Operation level * Supported
    CreateResourceTypeInYeHe CreateResourceTypeInYeHe Operation level * Supported
    CreateRoleAssignment Authorize on member accounts Operation level * Supported
    CreateRoleConfiguration Create role configuration Operation level * Supported
    CreateSCIMCredential Create SCIM Credential Operation level * Supported
    CreateUser create user Operation level * Supported
    CreateUserSyncProvisioning Create sub user synchronization task Operation level * Supported
    DeleteAccount DeleteAccount Operation level * Supported
    DeleteGroup Delete User Group Operation level * Supported
    DeleteMemberOperateProcess DeleteMemberOperateProcess Operation level * Supported
    DeleteOrgServiceAssign DeleteOrgServiceAssign Operation level * Supported
    DeleteOrganization DeleteOrganization Operation level * Supported
    DeleteOrganizationAuthRelation DeleteOrganizationAuthRelation Operation level * Supported
    DeleteOrganizationCloudApplication DeleteOrganizationCloudApplication Operation level * Supported
    DeleteOrganizationCloudApplicationAccount DeleteOrganizationCloudApplicationAccount Operation level * Supported
    DeleteOrganizationIdentity DeleteOrganizationIdentity Operation level * Supported
    DeleteOrganizationMemberAuthIdentity DeleteOrganizationMemberAuthIdentity Operation level * Supported
    DeleteOrganizationMemberFromNode DeleteOrganizationMemberFromNode Operation level * Supported
    DeleteOrganizationMembers DeleteOrganizationMembers Operation level * Supported
    DeleteOrganizationMembersPolicy DeleteOrganizationMembersPolicy Operation level * Supported
    DeleteOrganizationNodeMembers DeleteOrganizationNodeMembers Operation level * Supported
    DeleteOrganizationNodeTags DeleteOrganizationNodeTags Operation level * Supported
    DeleteOrganizationNodes DeleteOrganizationNodes Operation level * Supported
    DeletePolicy Delete policy. Operation level * Supported
    DeleteRoleAssignment Remove authorization from member accounts Operation level * Supported
    DeleteRoleConfiguration Delete role configuration Operation level * Supported
    DeleteSCIMCredential Delete SCIM Credential Operation level * Supported
    DeleteShareUnit DeleteShareUnit Operation level * Supported
    DeleteShareUnitMembers DeleteShareUnitMembers Operation level * Supported
    DeleteShareUnitResources DeleteShareUnitResources Operation level * Supported
    DeleteUser Delete user Operation level * Supported
    DeleteUserSyncProvisioning Delete CAM user synchronization Operation level * Supported
    DenyMemberChangePermission DenyMemberChangePermission Operation level * Supported
    DenyOrganizationCreateRecord DenyOrganizationCreateRecord Operation level * Supported
    DenyOrganizationInvitation DenyOrganizationInvitation Operation level * Supported
    DetachPolicy Detach policy. Operation level * Supported
    DisablePolicyType Disable policy type. Operation level * Supported
    DismantleRoleConfiguration Deploy access configuration to member accounts Operation level * Supported
    EnablePolicyType Enable policy type. Operation level * Supported
    ExitShareUnit ExitShareUnit Operation level * Supported
    InviteOrganizationMember InviteOrganizationMember Operation level * Supported
    MoveOrganizationMembersToNode MoveOrganizationMembersToNode Operation level * Supported
    MoveOrganizationNode MoveOrganizationNode Operation level * Supported
    MoveOrganizationNodeMembers MoveOrganizationNodeMembers Operation level * Supported
    ProvisionRoleConfiguration Deploy access configuration to member accounts Operation level * Supported
    QuitOrganization QuitOrganization Operation level * Supported
    ReceiveOrganizationMemberDeregisterStatus ReceiveOrganizationMemberDeregisterStatus Operation level * not supported
    RejectJoinShareUnitInvitation RejectJoinShareUnitInvitation Operation level * Supported
    RemoveExternalSAMLIdPCertificate Remove SAML signing certificate Operation level * Supported
    RemovePermissionPolicyFromRoleConfiguration Configure removal policies for permissions Operation level * Supported
    RemoveUserFromGroup Remove users from user groups Operation level * Supported
    RetryUserSyncProvisioningEvent Deploy permission configuration to member accounts Operation level * Supported
    SendOrgMemberAccountBindEmail SendOrgMemberAccountBindEmail Operation level * Supported
    SendOrganizationInvitation SendOrganizationInvitation Operation level * Supported
    SetExternalSAMLIdentityProvider Configure SAML identity provider information Operation level * Supported
    SetMemberDeletionPermission SetMemberDeletionPermission Operation level * Supported
    SetOrganizationAuthRelationManage SetOrganizationAuthRelationManage Operation level * Supported
    SetOrganizationCloudApplicationStatus SetOrganizationCloudApplicationStatus Operation level * Supported
    UpdateCustomPolicyForRoleConfiguration Modify custom policies for permission configuration Operation level * Supported
    UpdateGroup Modify user group information Operation level * Supported
    UpdateMemberOperateProcess UpdateMemberOperateProcess Operation level * Supported
    UpdateMemberOperateProcessStatus UpdateMemberOperateProcessStatus Operation level * Supported
    UpdateOrgNode UpdateOrgNode Resource level qcs::organization::uin/${uin}:node/${nodeId} not supported
    UpdateOrganizationIdentity UpdateOrganizationIdentity Operation level * Supported
    UpdateOrganizationMember UpdateOrganizationMember Operation level * Supported
    UpdateOrganizationMemberEmailBind UpdateOrganizationMemberEmailBind Operation level * Supported
    UpdateOrganizationMembersPolicy UpdateOrganizationMembersPolicy Operation level * Supported
    UpdateOrganizationNode UpdateOrganizationNode Operation level * Supported
    UpdateOrganizationNodeTag UpdateOrganizationNodeTag Operation level * Supported
    UpdatePolicy Update policy. Operation level * Supported
    UpdateResourceTypeInYeHe UpdateResourceTypeInYeHe Operation level * Supported
    UpdateRoleConfiguration Update role configuration Operation level * Supported
    UpdateSCIMCredentialStatus enable or disable SCIM credential Operation level * Supported
    UpdateSCIMSynchronizationStatus Enable or disable SCIM synchronization status Operation level * Supported
    UpdateShareUnit UpdateShareUnit Operation level * Supported
    UpdateUser Modifying User Information Operation level * Supported
    UpdateUserStatus Modify user status Operation level * Supported
    UpdateUserSyncProvisioning Update CAM user synchronization Operation level * Supported
    UpdateZone Update user\'s zoneName Operation level * Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CheckAccountDelete CheckAccountDelete Operation level * Supported
    CheckAccountStatus CheckAccountStatus Operation level * Supported
    CheckChangeMemberAuthName CheckChangeMemberAuthName Operation level * Supported
    DescribeCloudApplicationToMember DescribeCloudApplicationToMember Operation level * Supported
    DescribeEventByProduct DescribeEventByProduct Operation level * Supported
    DescribeIdentityCenter Describe user cam identity center Operation level * Supported
    DescribeManagerShareMembers DescribeManagerShareMembers Operation level * Supported
    DescribeManagerShareResources DescribeManagerShareResources Operation level * Supported
    DescribeMemberChangePermissionRecords DescribeMemberChangePermissionRecords Operation level * Supported
    DescribeMemberDeletionPermission DescribeMemberDeletionPermission Operation level * Supported
    DescribeOrganization DescribeOrganization Operation level * Supported
    DescribeOrganizationAuthNode DescribeOrganizationAuthNode Operation level * Supported
    DescribeOrganizationAuthPolicies DescribeOrganizationAuthPolicies Operation level * Supported
    DescribeOrganizationAuthRelationApplies DescribeOrganizationAuthRelationApplies Operation level * Supported
    DescribeOrganizationAuthRelations DescribeOrganizationAuthRelations Operation level * Supported
    DescribeOrganizationBeInviteRecord DescribeOrganizationBeInviteRecord Operation level * Supported
    DescribeOrganizationCollPolicies get Organization Control Policies Operation level * Supported
    DescribeOrganizationCreateRecord DescribeOrganizationCreateRecord Operation level * Supported
    DescribeOrganizationFinancialByMember DescribeOrganizationFinancialByMember Operation level * Supported
    DescribeOrganizationFinancialByMonth DescribeOrganizationFinancialByMonth Operation level * Supported
    DescribeOrganizationFinancialByProduct DescribeOrganizationFinancialByProduct Operation level * Supported
    DescribeOrganizationFinancialMemberNum DescribeOrganizationFinancialMemberNum Operation level * Supported
    DescribeOrganizationIdentity DescribeOrganizationIdentity Operation level * Supported
    DescribeOrganizationInviteRecord DescribeOrganizationInviteRecord Operation level * Supported
    DescribeOrganizationMember DescribeOrganizationMember Operation level * Supported
    DescribeOrganizationMemberAuthAccounts DescribeOrganizationMemberAuthAccounts Operation level * Supported
    DescribeOrganizationMemberAuthIdentities DescribeOrganizationMemberAuthIdentities Operation level * Supported
    DescribeOrganizationMemberBindInfo DescribeOrganizationMemberBindInfo Operation level * Supported
    DescribeOrganizationMemberByUin DescribeOrganizationMemberByUin Operation level * Supported
    DescribeOrganizationMemberDeregisterStatus DescribeOrganizationMemberDeregisterStatus Operation level * Supported
    DescribeOrganizationMemberEmailBind DescribeOrganizationMemberEmailBind Operation level * Supported
    DescribeOrganizationMemberNodes DescribeOrganizationMemberNodes Operation level * Supported
    DescribeOrganizationMemberPolicies DescribeOrganizationMemberPolicies Operation level * Supported
    DescribeOrganizationMembers DescribeOrganizationMembers Operation level * Supported
    DescribeOrganizationMembersCanAuthIdentities DescribeOrganizationMembersCanAuthIdentities Operation level * Supported
    DescribeOrganizationNode DescribeOrganizationNode Operation level * Supported
    DescribeOrganizationNodeByName DescribeOrganizationNodeByName Operation level * Supported
    DescribeOrganizationNodeMemberRecords DescribeOrganizationNodeMemberRecords Operation level * Supported
    DescribeOrganizationNodeMembers DescribeOrganizationNodeMembers Operation level * Supported
    DescribeOrganizationNodeRecords DescribeOrganizationNodeRecords Operation level * Supported
    DescribeOrganizationNodeTags DescribeOrganizationNodeTags Operation level * Supported
    DescribeOrganizationNodes DescribeOrganizationNodes Operation level * Supported
    DescribeOrganizationNodesByParent DescribeOrganizationNodesByParent Operation level * Supported
    DescribeOrganizationOverView Get Organization OverView Operation level * Supported
    DescribeOrganizationPendingCreateRecord DescribeOrganizationPendingCreateRecord Operation level * Supported
    DescribeOrganizationPolicy DescribeOrganizationPolicy Operation level * Supported
    DescribeOrganizationRecords DescribeOrganizationRecords Operation level * Supported
    DescribeOrganizationServiceRole DescribeOrganizationServiceRole Operation level * Supported
    DescribeOrganizationSubAccountByDay DescribeOrganizationSubAccountByDay Operation level * Supported
    DescribeOrganizationSubAccountByMonth DescribeOrganizationSubAccountByMonth Operation level * Supported
    DescribePolicy DescribePolicy Operation level * Supported
    DescribePolicyConfig DescribePolicyConfig Operation level * Supported
    DescribeProductUsedInEvent DescribeProductUsedInEvent Operation level * Supported
    DescribeResourceToShareMember DescribeResourceToShareMember Operation level * Supported
    DescribeResourceToShareMemberByType DescribeResourceToShareMemberByType Operation level * Supported
    DescribeResourceTypes DescribeResourceTypes Operation level * Supported
    DescribeShareAreas DescribeShareAreas Operation level * Supported
    DescribeShareUnit DescribeShareUnit Operation level * Supported
    DescribeShareUnitMemberRecords DescribeShareUnitMemberRecords Operation level * Supported
    DescribeShareUnitMembers DescribeShareUnitMembers Operation level * Supported
    DescribeShareUnitResources DescribeShareUnitResources Operation level * Supported
    DescribeShareUnits DescribeShareUnits Operation level * Supported
    DescribeUnitToShareMember DescribeUnitToShareMember Operation level * Supported
    GetExternalSAMLIdentityProvider Query SAML identity provider configuration information Operation level * Supported
    GetGroup Query user group information Operation level * Supported
    GetOrganization GetOrganization Operation level * Supported
    GetOrganizationMember GetOrganizationMember Operation level * Supported
    GetProvisioningTaskStatus Query the status of user synchronous asynchronous tasks Operation level * Supported
    GetRoleConfiguration Query role configuration information Operation level * Supported
    GetSCIMSynchronizationStatus Get SCIM Synchronization Status Operation level * Supported
    GetTaskStatus Query the status of asynchronous tasks Operation level * Supported
    GetUser Query user information Operation level * Supported
    GetUserSyncProvisioning Query CAM user synchronization Operation level * Supported
    GetUserSyncProvisioningEvent Query CAM user synchronization events Operation level * Supported
    GetZoneSAMLServiceProviderInfo Query SAML service provider information Operation level * Supported
    GetZoneStatistics Query zone statistics Operation level * Supported
    ListExternalSAMLIdPCertificates Query SAML signing certificate list Operation level * Supported
    ListGroupMembers Query user list in user group Operation level * Supported
    ListGroups Query user group list Operation level * Supported
    ListJoinedGroupsForUser Query user groups joined by users Operation level * Supported
    ListNonCompliantResource ListNonCompliantResource Operation level * Supported
    ListOrganizationCloudApplication ListOrganizationCloudApplication Operation level * Supported
    ListOrganizationInvitations ListOrganizationInvitations Operation level * Supported
    ListOrganizationMembers ListOrganizationMembers Operation level * Supported
    ListOrganizationNodeMembers ListOrganizationNodeMembers Operation level * Supported
    ListOrganizationNodes ListOrganizationNodes Operation level * Supported
    ListPermissionPoliciesInRoleConfiguration Obtain the policy list in the permission configuration Operation level * Supported
    ListPoliciesForTarget ListPoliciesForTarget Operation level * Supported
    ListRoleAssignments Query authorization list Operation level * Supported
    ListRoleConfigurationProvisionings Query permission configuration deployment list Operation level * Supported
    ListRoleConfigurations Query permission configuration list Operation level * Supported
    ListTasks Query asynchronous task list Operation level * Supported
    ListUserSyncProvisioningEvents Query CAM user synchronization event list Operation level * Supported
    ListUserSyncProvisionings Query CAM user synchronization list Operation level * Supported
    ListUsers Query user list Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeMemberBeChangePermissionRecords DescribeMemberBeChangePermissionRecords Operation level * Supported
    DescribeOrganizationMembersAuthAccount DescribeOrganizationMembersAuthAccount Operation level * Supported
    DescribeOrganizationMembersAuthPolicy DescribeOrganizationMembersAuthPolicy Operation level * Supported
    DescribeShareResourceUsageRecords DescribeShareResourceUsageRecords Operation level * Supported
    DescribeShareResourcesByType DescribeShareResourcesByType Operation level * not supported
    ListMemberOperateProcess ListMemberOperateProcess Operation level * Supported
    ListOrgMemberSubAccount ListOrgMemberSubAccount Operation level * Supported
    ListOrgServiceAssignMember ListOrgServiceAssignMember Operation level * Supported
    ListOrganizationIdentity ListOrganizationIdentity Operation level * Supported
    ListOrganizationService ListOrganizationService Operation level * Supported
    ListPolicies ListPolicies Operation level * Supported
    ListSCIMCredentials List User SCIM Credentials Operation level * Supported
    ListTargetsForPolicy ListTargetsForPolicy Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support