tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation
    Download PDF

    Serverless Cloud Function

    Last updated: 2024-11-20 09:34:23
    Download PDF

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Serverless Cloud Function scf Supported Supported Resource level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      BatchResumeService resume service Operation level * Supported
      BatchSuspendService suspend service Operation level * Supported
      BindTrigger scf bind trigger Operation level * Supported
      BuildDebugConnection Build the connection of debug Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      ChangeTcbBackendClsType ChangeTcbBackendClsType Operation level * Supported
      ConvertPayMode ConvertPayMode Operation level * Supported
      CopyFunction CopyFunction Operation level * Supported
      CreateAlias Operation level * Supported
      CreateCustomDomain Users create custom domain to route to functions Resource level qcs::scf:${region}:uin/${uin}:domain/* Supported
      CreateFunctionTemplate create function template Operation level * Supported
      CreateNamespace Operation level * Supported
      CreateResource CreateResource Operation level * Supported
      DeleteAlias delete function alias Operation level * Supported
      DeleteCustomDomain delete custom domain Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
      DeleteFunctionVersion delete function input version Operation level * Supported
      DeleteLayerVersion - Operation level * Supported
      DeleteNamespace Operation level * Supported
      DeleteProvisionedConcurrencyConfig Delete provisioned concurrency config of specified function or function version Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      DeleteReservedConcurrencyConfig Delete reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      InvokeFunction invokefunction Operation level * Supported
      InvokeFunctionUrl Function URL Invoke Interface Resource level qcs::scf:${region}:uin/${uin}:namespace/${Namespace}/function/${FunctionName} Supported
      PublishLayerVersion Creates a new version of a layer using the given zip file or cos object. Operation level * Supported
      PutProvisionedConcurrencyConfig Set provisioned concurrency config of specified functonvresion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      PutReservedConcurrencyConfig Set reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      PutTotalConcurrencyConfig Set user concurrency memory limit. Operation level * not supported
      SetTrigger Operation level * not supported
      StartDebugMode Open debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      StartDebugging Open debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      StopDebugMode Stop debug mode Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      StopDebugging Stop debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      UnbindTrigger scf unbind trigger Operation level * Supported
      UpdateAlias Operation level * Supported
      UpdateCustomDomain update custom domain config Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
      UpdateFunction Operation level * not supported
      UpdateFunctionCode update function code Resource level qcs::scf:${region}:uin/${uin}:namespace/${namespace}/function/${functionName} Supported
      UpdateFunctionConfiguration update function configuration Resource level qcs::scf:${region}:uin/${uin}:namespace/${namespace}/function/${functionName} Supported
      UpdateFunctionEventInvokeConfig UpdateFunctionEventInvokeConfig Resource level qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} Supported
      UpdateFunctionIncrementalCode Update Function IncrementalCode Resource level qcs::scf:${region}:uin/${uin}:namespace/${namespace}/function/${functionName} Supported
      UpdateNamespace Operation level * Supported
      UpdateTrigger UpdateTrigger Operation level * Supported

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      CheckCreate checkcreate Operation level * Supported
      CheckModify CheckModify Operation level * Supported
      CheckResource CheckResource Operation level * not supported
      CheckSearchLogs CheckSearchLogs Operation level * Supported
      CreateFunction create function Operation level * Supported
      CreateTrigger CreateTrigger Operation level * Supported
      DeleteFunction delete function Operation level * Supported
      DeleteTrigger DeleteTrigger Operation level * Supported
      DescribeImageAccelerateInfo get imageAccelerate info Operation level * Supported
      DescribeUserResources describe user resource info Operation level * Supported
      GetAccount Operation level * Supported
      GetAccountSettings Operation level * not supported
      GetAlias Operation level * Supported
      GetAsyncEventOverview get async event overview Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      GetAsyncEventStatus get async event status Operation level * Supported
      GetBatchUserInfo get user global info Operation level * Supported
      GetBeianResource get beian resource Operation level * not supported
      GetCloudStudioAccessInfo get coud studio access info Operation level * Supported
      GetCloudStudioTicket get cloud stdio tmpToken Operation level * Supported
      GetContainerLoginToken GetContainerLoginToken Resource level qcs::scf::uin/${uin}:namespace/$ns/function/$func Supported
      GetCustomDomain describe custom domain info Resource level qcs::scf:${region}:uin/${uin}:domain/${Domain} Supported
      GetDebuggingInfo Get info of debugging Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      GetDemoAddress get function demo download address Operation level * Supported
      GetDemoDetail get demo detail Operation level * Supported
      GetFunction get function detail Operation level * Supported
      GetFunctionAddress GetFunctionAddress Operation level * Supported
      GetFunctionEventInvokeConfig GetFunctionEventInvokeConfig Operation level * Supported
      GetFunctionLogs Operation level * Supported
      GetFunctionSAM Operation level * Supported
      GetFunctionTemplate get function template detail Operation level * Supported
      GetLayerVersion Get layer version details, including links to download files in layers. Operation level * Supported
      GetPkgsInfo Get prepaid resource pack details Operation level * Supported
      GetProvisionedConcurrencyConfig Get provisioned concurrency config of specified function or functionversion Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      GetRequestStatus get request status Operation level * Supported
      GetReservedConcurrencyConfig Get reserved concurrency memory config of specified function. Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      GetUserBurst get user burst Operation level * Supported
      GetUserEipQuota get user eip quota Operation level * Supported
      GetUserInfo GetUserInfo Operation level * Supported
      GetUserResourceAmount Get User Resource Amount Operation level * Supported
      Invoke Operation level * Supported
      ListAliases ListAliases Operation level * Supported
      ListAsyncEvents list async events Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      ListDemo list function demos Operation level * Supported
      ListFunctionInstances list function instances Operation level * Supported
      ListFunctionTestModels Operation level * Supported
      ListFunctionVersions list function versions Resource level qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} not supported
      ListFunctions ListFunctions Operation level * Supported
      ListGoods ListGoods Operation level * Supported
      ListHelpDoc list help doc Operation level * Supported
      ListIntranetAddress list intranet address Operation level * Supported
      ListIntranetAddressInternal ListIntranetAddressInternal Operation level * Supported
      ListNamespaces Operation level * Supported
      ListTriggers list triggers Resource level qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func Supported
      ListVersion Operation level * not supported
      ListVersionByFunction Operation level * Supported
      ModifyPreCheck Modify pkg Pre Check Operation level * Supported
      UpdateTriggerStatus UpdateTriggerStatus Operation level * Supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      ListCustomDomains list custom domain info Operation level * Supported
      ListLayerVersions - Operation level * Supported
      ListLayers Returns a list of all layers, which contains information about the latest version of each layer, which can be filtered by the adaptation runtime. Resource level qcs::scf:${region}:uin/${uin}:layer/${layerName} Supported

      Other Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      TerminateAsyncEvent terminate async event Resource level qcs::scf:$region:uin/$uin:namespace/$ns/function/$func Supported
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy