Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
Private DNS
Last updated: 2025-03-26 10:02:38
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Private DNS | privatedns | Supported | Supported | Resource level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddSpecifyPrivateZoneVpc | Add Specify Private Zone Vpc | Operation level | * | Supported |
| CreateDefaultCLSLog | Create a default CLS log set, log subject, and index, and enable log push for the current private domain. | Operation level | * | Supported |
| CreateEndPoint | Create a end point | Operation level | * | Supported |
| CreateEndPointAndEndPointService | Simultaneously create an endpoint service and an endpoint. | Operation level | * | Supported |
| CreateExtendEndpoint | Create Extend Endpoint | Operation level | * | Supported |
| CreateForwardRule | Create a custom forwarding rule | Operation level | * | Supported |
| CreatePrivateDNSAccount | Create PrivateDNS account | Operation level | * | Supported |
| CreatePrivateZone | Create Private Zone | Operation level | * | Supported |
| CreatePrivateZoneList | Batch add PrivateDNS. | Operation level | * | Supported |
| CreatePrivateZoneRecord | Create Private Zone Record | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| CreatePrivateZoneRecordList | Batch add PrivateDNS resolution records. | Operation level | * | Supported |
| DeleteEndPoint | Delete end point | Operation level | * | Supported |
| DeleteForwardRule | Delete forwarding rule | Operation level | * | Supported |
| DeletePrivateDNSAccount | delete PrivateDNS bound account | Operation level | * | Supported |
| DeletePrivateZone | Delete Private Zone | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| DeletePrivateZoneRecord | Delete Private Zone Record | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| DeleteSpecifyPrivateZoneVpc | Delete Specify Private Zone Vpc | Operation level | * | Supported |
| ModifyForwardRule | Modify forwarding rules | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| ModifyPrivateZone | Modify Private Zone | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| ModifyPrivateZoneRecord | Modify Private Zone Record | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| ModifyPrivateZoneVpc | Modify Private Zone Binded VPC | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| ModifyRecordsStatus | Modify resolution record status | Operation level | * | Supported |
| ModifyResourcePackage | Modify Resource Package Status | Resource level | qcs::privatedns::uin/${uin}:resource/${resourceId} | Supported |
| ModifyUserConfig | Modify User Config | Operation level | * | Supported |
| ModifyZoneCLSLog | Modify the log set of the private dns binding. | Operation level | * | Supported |
| SubscribePrivateZoneService | Subscribe Private Zone Service | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckDomainVpcConflict | Check for conflicts between VPCs bound to private domains | Operation level | * | Supported |
| CheckRoleAuthorize | Query whether the role is authorized. | Operation level | * | Supported |
| DescribeAccountVpcList | Query the VPC list of PrivateDNS binded accounts | Operation level | * | Supported |
| DescribeCreateRecordListResult | Query batch add private domain resolution records results. | Operation level | * | Supported |
| DescribeCreateZoneListResult | Query batch created private domains results. | Operation level | * | Supported |
| DescribeDashboard | Describe Product Dashboard | Operation level | * | Supported |
| DescribeDefaultCLSLog | Query the default CLS log set | Operation level | * | Supported |
| DescribeEndPointRegion | Query the enabled region of the terminal node | Operation level | * | Supported |
| DescribeForwardRule | Query forwarding rule details | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| DescribeImportRecordsResult | Query file import parsing record results | Operation level | * | Supported |
| DescribeImportTemplateUrl | Query file import parsing record template | Operation level | * | Supported |
| DescribePrivateZone | Describe Private Zone | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| DescribePrivateZoneService | Describe Private Zone Service Status | Operation level | * | Supported |
| DescribePrivateZoneServiceList | describe private zone service list | Operation level | * | Supported |
| DescribeQuotaUsage | Query quota usage (including TLD quota at present) | Operation level | * | Supported |
| DescribeRecordsExportFileUrl | Batch export of resolution records according to private domain ID | Operation level | * | Supported |
| DescribeRegionList | Describe Region List | Operation level | * | Supported |
| DescribeRequestData | Describe Record Request Statistics Data | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| DescribeSupportRecordDetailList | Query Record Details List | Operation level | * | Supported |
| DescribeUploadUrl | Query temporary upload URL | Operation level | * | Supported |
| DescribeUserConfig | Get User Current Config | Operation level | * | Supported |
| DescribeZoneCLSLog | Querying CLS log sets bound to private dns | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAuditLog | Describe User Audit Log List | Operation level | * | Supported |
| DescribeEndPointList | Query end point list | Operation level | * | Supported |
| DescribeExtendEndpointList | Describe Extend Endpoint List | Operation level | * | Supported |
| DescribeForwardRuleList | Query forwarding rule list | Operation level | * | Supported |
| DescribePrivateDNSAccountList | query the account list bound to the PrivateDNS | Operation level | * | Supported |
| DescribePrivateZoneList | Describe Private Zone List | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| DescribePrivateZoneRecordList | Describe Private Zone Record List | Resource level | qcs::privatedns::uin/${uin}:zone/${zone} | Supported |
| DescribeResourcePackageList | Describe Resource Package List | Resource level | qcs::privatedns::uin/${uin}:resource/${resourceId} | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No