tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation
    Download PDF

    Tencent Cloud Mesh

    Last updated: 2024-11-20 09:35:45
    Download PDF

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Tencent Cloud Mesh tcm Supported Supported Resource level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      CheckClusterList CheckClusterList Resource level qcs::tcm::uin/${uin}:- Supported
      DescribeAccessLogConfig Get AccessLog config Resource level qcs::tcm::uin/${uin}:mesh/${MeshId} Supported
      DescribeAutoInjectionNamespaceList DescribeAutoInjectionNamespaceList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeConfig DescribeConfig Operation level * Supported
      DescribeEgressGateway get egressgateway workload Resource level qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} Supported
      DescribeGatewayWorkloadList get gateway workload list Resource level qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} Supported
      DescribeIngressGateway get ingressgateway workload Resource level qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} Supported
      DescribeIngressGatewayList DescribeIngressGatewayList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeIstioResource fetch istio resources Resource level qcs::tcm::uin/${uin}:mesh/${MeshId} Supported
      DescribeIstioResourceList DescribeIstioResourceList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeMesh Describe Mesh Resource level qcs:tcm:gz:uin/12345678:* Supported
      DescribeMeshList DescribeMeshList Resource level qcs::tcm:${region}:uin/${uin}:- Supported
      DescribeMeshOperation DescribeMeshOperation Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeMeshStatistics DescribeMeshStatistics Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeMetaClusterID DescribeMetaClusterID Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeNamespaceList DescribeNamespaceList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeNodeRegionList DescribeNodeRegionList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeServiceDashboard DescribeServiceDashboard Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeServiceList DescribeServiceList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeServiceListDashboard DescribeServiceListDashboard Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DescribeTopology DescribeTopology Resource level qcs::tcm:${region}:uin/${uin}:DescribeTopology Supported
      DescribeWorkloadDashboard DescribeWorkloadDashboard Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      ForwardRequestRead ForwardRequestRead Operation level * Supported
      ListIstioIngresses ListIstioIngresses Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} not supported
      ListMeshes ListMeshes Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} not supported

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      ConvertIstioIngress ConvertIstioIngress Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} not supported
      CreateEgressGateway CreateEgressGateway Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      CreateIngressGateway CreateIngressGateway Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      CreateIstioResource CreateIstioResource Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      CreateMesh CreateMesh Resource level qcs:tcm:gz:uin/12345678:* Supported
      CreateTrial Create TCM sample deployment Operation level * Supported
      DeleteEgressGateway DeleteEgressGateway Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DeleteIngressGateway DeleteIngressGateway Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DeleteIstioResource DeleteIstioResource Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DeleteMesh DeleteMesh Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      DeleteTrial Delete TCM sample deployment Operation level * Supported
      EnableAccessLogConfig EnableAccessLogConfig Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} not supported
      ForwardRequestWrite ForwardRequestWrite Operation level * Supported
      LinkClusterList link clusters Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      LinkNamespaceList LinkNamespaceList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      LinkPrometheus LinkPrometheus Resource level qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} Supported
      ModifyAccessLogConfig ModifyAccessLogConfig Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      ModifyIngressGateway ModifyIngressGateway Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      ModifyIstioResource ModifyIstioResource Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      ModifyMesh Modify mesh Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      ModifyMeshCanaryUpgradingPhase ModifyMeshCanaryUpgradingPhase Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      ModifyTracingConfig ModifyTracingConfig Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      RelinkCluster RelinkCluster Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      RetryTrialTask Retry TCM sample deployment creation Operation level * Supported
      UnlinkCluster unlink cluster Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      UnlinkNamespaceList UnlinkNamespaceList Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      UnlinkPrometheus UnlinkPrometheus Resource level qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} Supported
      UpgradeGateway UpgradeGateway Resource level qcs::${ApiModule}:${Region}:uin/:mesh/${MeshId} Supported
      UpgradeMesh UpgradeMesh Resource level qcs::tcm:${region}:uin/${uin}:mesh/${MeshId} Supported
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy