Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
Serverless Cloud Function
Last updated: 2025-03-26 10:03:07
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Serverless Cloud Function | scf | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| BatchResumeService | resume service | Operation level | * | Supported |
| BatchSuspendService | suspend service | Operation level | * | Supported |
| BindTrigger | scf bind trigger | Operation level | * | Supported |
| BuildDebugConnection | Build the connection of debug | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| ChangeTcbBackendClsType | ChangeTcbBackendClsType | Operation level | * | Supported |
| ConvertPayMode | ConvertPayMode | Operation level | * | Supported |
| CopyFunction | copy function | Operation level | * | Supported |
| CreateAlias | create a function\\\\\\\'s alias | Resource level | qcs::scf::uin/${uin}:namespace/$ns/function/$func | Supported |
| CreateCustomDomain | Users create custom domain to route to functions | Resource level | qcs::scf:${region}:uin/${uin}:domain/* | Supported |
| CreateFunctionTemplate | create function template | Operation level | * | Supported |
| CreatePlugin | CreatePlugin | Operation level | * | Supported |
| CreateResource | CreateResource | Operation level | * | Supported |
| DeleteAlias | delete function alias | Resource level | qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func | Supported |
| DeleteCustomDomain | delete custom domain | Resource level | qcs::scf:${region}:uin/${uin}:domain/${Domain} | Supported |
| DeleteFunctionVersion | delete function input version | Operation level | * | Supported |
| DeleteLayerVersion | Delete the specified version of the specified layer. but it will not affect the function that is referencing this layer. | Resource level | qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func | Supported |
| DeletePlugin | DeletePlugin | Resource level | qcs::scf::uin/${uin}:plugin/{PluginName} | Supported |
| DeletePluginVersion | DeleteFunctionVersion | Resource level | qcs::scf::uin/${uin}:plugin/{PluginName} | Supported |
| DeleteProvisionedConcurrencyConfig | Delete provisioned concurrency config of specified function or function version | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| DeleteReservedConcurrencyConfig | Delete reserved concurrency memory config of specified function. | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| InvokeFunction | invokefunction | Operation level | * | Supported |
| InvokeFunctionUrl | Function URL Invoke Interface | Resource level | qcs::scf:${region}:uin/${uin}:namespace/${Namespace}/function/${FunctionName} | Supported |
| PublishLayerVersion | Creates a new version of a layer using the given zip file or cos object. | Resource level | qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func | Supported |
| PublishPluginVersion | PublishPluginVersion | Resource level | qcs::scf::uin/${uin}:plugin/{PluginName} | Supported |
| PutProvisionedConcurrencyConfig | Set provisioned concurrency config of specified functonvresion | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| PutReservedConcurrencyConfig | Set reserved concurrency memory config of specified function. | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| PutTotalConcurrencyConfig | Set user concurrency memory limit. | Operation level | * | not supported |
| SetTrigger | Operation level | * | not supported | |
| StartDebugMode | Open debug mode | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| StartDebugging | Open debugging | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| StopDebugMode | Stop debug mode | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| StopDebugging | Stop debugging | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| UnbindTrigger | scf unbind trigger | Operation level | * | Supported |
| UpdateAlias | update alias\\\\\\\\\\\\\\\'s config | Resource level | qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func | Supported |
| UpdateCustomDomain | update custom domain config | Resource level | qcs::scf:${region}:uin/${uin}:domain/${Domain} | Supported |
| UpdateFunction | Operation level | * | not supported | |
| UpdateFunctionEventInvokeConfig | UpdateFunctionEventInvokeConfig | Resource level | qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} | Supported |
| UpdateFunctionIncrementalCode | Update Function IncrementalCode | Resource level | qcs::scf:${region}:uin/${uin}:namespace/${namespace}/function/${functionName} | Supported |
| UpdateNamespace | Operation level | * | Supported | |
| UpdateTrigger | UpdateTrigger | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckCreate | checkcreate | Operation level | * | Supported |
| CheckModify | CheckModify | Operation level | * | Supported |
| CheckResource | CheckResource | Operation level | * | not supported |
| CheckSearchLogs | CheckSearchLogs | Operation level | * | Supported |
| CreateFunction | create function | Operation level | * | Supported |
| CreateNamespace | create a namespace | Operation level | * | Supported |
| CreateTrigger | CreateTrigger | Operation level | * | Supported |
| DeleteFunction | delete function | Operation level | * | Supported |
| DeleteNamespace | delete the namespace | Operation level | * | Supported |
| DeleteTrigger | DeleteTrigger | Operation level | * | Supported |
| DescribeImageAccelerateInfo | get imageAccelerate info | Operation level | * | Supported |
| DescribeUserResources | describe user resource info | Operation level | * | Supported |
| GetAccountSettings | Operation level | * | not supported | |
| GetAlias | get alias info | Operation level | * | Supported |
| GetAsyncEventOverview | get async event overview | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| GetAsyncEventStatus | get async event status | Operation level | * | Supported |
| GetBatchUserInfo | get user global info | Operation level | * | Supported |
| GetBeianResource | get beian resource | Operation level | * | not supported |
| GetCloudStudioAccessInfo | get coud studio access info | Operation level | * | Supported |
| GetCloudStudioTicket | get cloud stdio tmpToken | Operation level | * | Supported |
| GetContainerLoginToken | GetContainerLoginToken | Resource level | qcs::scf::uin/${uin}:namespace/$ns/function/$func | Supported |
| GetCustomDomain | describe custom domain info | Resource level | qcs::scf:${region}:uin/${uin}:domain/${Domain} | Supported |
| GetDebuggingInfo | Get info of debugging | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| GetDemoAddress | get function demo download address | Operation level | * | Supported |
| GetDemoDetail | get demo detail | Operation level | * | Supported |
| GetFunction | get function detail | Operation level | * | Supported |
| GetFunctionEventInvokeConfig | GetFunctionEventInvokeConfig | Operation level | * | Supported |
| GetFunctionLogs | Operation level | * | Supported | |
| GetFunctionSAM | Operation level | * | Supported | |
| GetFunctionTemplate | get function template detail | Operation level | * | Supported |
| GetFunctionsByPlugin | GetFunctionsByPlugin | Resource level | qcs::scf::uin/${uin}:plugin/{PluginName} | Supported |
| GetLayerVersion | Get layer version details, including links to download files in layers. | Operation level | * | Supported |
| GetPkgsInfo | Get prepaid resource pack details | Operation level | * | Supported |
| GetPluginInfo | GetPluginInfo | Resource level | qcs::scf::uin/${uin}:plugin/{PluginName} | Supported |
| GetPostAmount | GetPostAmount | Operation level | * | Supported |
| GetProvisionedConcurrencyConfig | Get provisioned concurrency config of specified function or functionversion | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| GetRequestStatus | get request status | Operation level | * | Supported |
| GetReservedConcurrencyConfig | Get reserved concurrency memory config of specified function. | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| GetUserBurst | get user burst | Operation level | * | Supported |
| GetUserEipQuota | get user eip quota | Operation level | * | Supported |
| GetUserInfo | GetUserInfo | Operation level | * | Supported |
| GetUserResourceAmount | Get User Resource Amount | Operation level | * | Supported |
| Invoke | Operation level | * | Supported | |
| ListAliases | ListAliases | Operation level | * | Supported |
| ListAsyncEvents | list async events | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
| ListDemo | list function demos | Operation level | * | Supported |
| ListFunctionInstances | list function instances | Operation level | * | Supported |
| ListFunctionTestModels | Operation level | * | Supported | |
| ListFunctionVersions | list function versions | Resource level | qcs::scf::uin/${uin}:namespace/${namespace}/function/${functionName} | Supported |
| ListFunctions | ListFunctions | Operation level | * | Supported |
| ListGoods | ListGoods | Operation level | * | Supported |
| ListHelpDoc | list help doc | Operation level | * | Supported |
| ListIntranetAddress | list intranet address | Operation level | * | Supported |
| ListIntranetAddressInternal | ListIntranetAddressInternal | Operation level | * | Supported |
| ListNamespaces | list namespace info | Operation level | * | Supported |
| ListPluginVersions | ListPluginVersions | Resource level | qcs::scf::uin/${uin}:plugin/{PluginName} | Supported |
| ListPlugins | get plugins list | Resource level | qcs::scf:${region}:uin/${uin}:plugin/${pluginName} | not supported |
| ListTriggers | list triggers | Resource level | qcs::scf:${region}:uin/${uin}:namespace/$ns/function/$func | Supported |
| ListVersion | Operation level | * | not supported | |
| ListVersionByFunction | list function versions | Operation level | * | Supported |
| ModifyPreCheck | Modify pkg Pre Check | Operation level | * | Supported |
| UpdateFunctionCode | update function code | Operation level | * | Supported |
| UpdateFunctionConfiguration | update function configuration | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| ListCustomDomains | list custom domain info | Resource level | qcs::scf::uin/${uin}:domain/${Domain} | Supported |
| ListLayerVersions | Returns information about all versions of the specified layer | Operation level | * | Supported |
| ListLayers | Returns a list of all layers, which contains information about the latest version of each layer, which can be filtered by the adaptation runtime. | Resource level | qcs::scf:${region}:uin/${uin}:layer/${layerName} | Supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| TerminateAsyncEvent | terminate async event | Resource level | qcs::scf:$region:uin/$uin:namespace/$ns/function/$func | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No