tencent cloud

Feedback

Tencent Container Registry

Last updated: 2024-11-26 09:58:16

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Tencent Container Registry tcr Supported Supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AuthorizeUserImageBuildConfig add coding certification Operation level * not supported
    BatchDeleteImagePersonal Batch Delete Image Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame}/${Tags} Supported
    BatchDeleteRepositoryPersonal Batch Delete Repository Personal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoNames} Supported
    CreateApplicationTokenPersonal Create Application Token Operation level * Supported
    CreateCustomAccount create custom account Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    CreateGCJob Create GC Job Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    CreateHelmChart Create Helm Chart Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    CreateImageAccelerationService Create Image Acceleration Service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    CreateImageLifecyclePersonal CreateImageLifecyclePersonal Resource level qcs::tcr:${region}:uin/${uin}:repo/${RepoName} Supported
    CreateImmutableTagRules CreateImmutable Tag Rule Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    CreateInstance Create Enterprise Registry Instance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
    CreateInstanceCustomizedDomain Create Instance Customized Domain Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId}
    qcs::ssl::uin/${uin}:certificate/${CertificateId}
    Supported
    CreateInstanceToken Create Instance Token Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateInternalEndpointDns CreateInternalEndpointDns Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateMultipleSecurityPolicy CreateMultipleSecurityPolicy Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    CreateNamespacePersonal Create Namespace Personal Resource level qcs::tcr:${Region}:uin/:repo/${Namespace} Supported
    CreateReplicationInstance CreateReplicationInstance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateRepositoryPersonal Create Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} Supported
    CreateSecurityPolicy Create Security Policy Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    CreateServiceAccount create service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    CreateSignature Create Signature Resource level qcs::tcr:${region}:uin/${uin}:repository/$instanceid/$namespacename/$repositoryname not supported
    CreateTagRetentionRule Create Tag RetentionRule Operation level * not supported
    CreateUserPersonal Create CCR User Operation level * Supported
    CreateWebhookTrigger Create Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename Supported
    CreateWebhookTriggerPersonal CreateWebhookTriggerPersonal Operation level * not supported
    DeleteCustomAccount delete custom account Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    DeleteHelmChart Delete Helm Chart Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    DeleteImageAccelerateService Delete image accelerate service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DeleteImageLifecycleGlobalPersonal Delete global image tag lifecycle strategy Resource level qcs::tcr:$regionid:$accountid:repo/* Supported
    DeleteImageLifecyclePersonal DeleteImageLifecyclePersonal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoName} Supported
    DeleteImagePersonal Delete Image Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame}/${Tag} Supported
    DeleteImmutableTagRules DeleteImmutable Tag Rule Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DeleteInstance DeleteI instance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteInstanceCustomizedDomain Delete Instance Customized Domain Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteInstanceToken Delete Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DeleteInternalEndpointDns DeleteInternalEndpointDns Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteMultipleSecurityPolicy DeleteMultipleSecurityPolicy Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceId} Supported
    DeleteNamespacePersonal Delete Namespace Personal Resource level qcs::tcr:${Region}:uin/:repo/${Namespace} Supported
    DeleteReplicationInstance DeleteReplicationInstance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteRepository Delete Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    DeleteRepositoryPersonal Delete Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame} Supported
    DeleteSecurityPolicy Delete Security Policy Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DeleteServiceAccount delete service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DeleteTagRetentionRule Delete Tag RetentionRule Operation level * not supported
    DeleteWebhookTrigger Delete Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    DeleteWebhookTriggerPersonal DeleteWebhookTriggerPersonal Operation level * not supported
    DuplicateImagePersonal DuplicateImagePersonal Resource level qcs::${ApiModule}:${Region}:uin/:repo/* Supported
    ManageExternalEndpoint Manage External Endpoint Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    ManageImageLifecycleGlobalPersonal Set global image tag lifecycle strategy Resource level qcs::tcr:$regionid:$accountid:repo/* Supported
    ModifyApplicationTriggerPersonal ModifyApplicationTriggerPersonal Operation level * Supported
    ModifyCustomAccount update properties of custom account Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    ModifyImmutableTagRules ModifyImmutable Tag Rules Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    ModifyInstance Modify Instance Resource level qcs::tcr:$regionid:$accountid:instance/* Supported
    ModifyInstanceToken Modify Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    ModifyInstanceTokenValidTime Modify Instance Token Valid Time Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
    ModifyNamespace Modify Namespace Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    ModifyRepository Modify Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    ModifyRepositoryAccessPersonal ModifyRepositoryAccessPersonal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoName} Supported
    ModifySecurityPolicy Modify Security Policy Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    ModifyServiceAccount update properties of service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    ModifyTagRetentionRule Modify Tag RetentionRule Operation level * not supported
    ModifyUserPasswordPersonal Modify CCR Password Operation level * Supported
    ModifyWebhookTrigger Modify Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    PushRepository Push Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    PushRepositoryPersonal Push Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} not supported
    RenewInstance Renewal of prepaid instances supports pay-as-you-go subscriptions to yearly and monthly subscriptions during the same period Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    UpdateApplicationTokenPermission Update Application Token Read Write Permission Operation level * not supported
    UpdateApplicationTokenPermissionPersonal Update Application Token Read Write Permission Operation level * Supported
    UpdateApplicationTokenPersonal Update Application Token Operation level * Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CheckInstanceName Check whether the instance name to be created conforms to the specification Operation level * not supported
    CreateNamespace create namespace Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/* not supported
    CreateRepository create image repository Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
    DeleteNamespace delete namespace Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/* not supported
    DescribeApplicationTokenPersonal Describe Application Token Operation level * Supported
    DescribeApplicationTriggerPersonal DescribeApplicationTriggerPersonal Operation level * Supported
    DescribeChartDownloadInfo DescribeChartDownloadInfo Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeChartUploadInfo DescribeChartUploadInfo Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeCustomAccounts describe custom accounts Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
    DescribeDockerHubImagePersonal DescribeDockerHubImagePersonal Operation level * Supported
    DescribeDockerHubRepositoryInfoPersonal DescribeDockerHubRepositoryInfoPersonal Operation level * Supported
    DescribeDockerHubRepositoryPersonal DescribeDockerHubRepositoryPersonal Operation level * Supported
    DescribeExternalEndpointStatus Describe External Endpoint Status Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeFavorRepositoryPersonal DescribeFavorRepositoryPersonal Operation level * Supported
    DescribeGCJobs Describe GC Latest 10 Jobs Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeHelmCharts Describe Helm Charts Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/* not supported
    DescribeImageAccelerateService Describe image accelerate service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeImageConfigPersonal DescribeImageConfigPersonal Operation level * Supported
    DescribeImageFilterPersonal DescribeImageFilterPersonal Operation level * Supported
    DescribeImageLifecycleGlobalPersonal Describe Image Lifecycle Global Personal Operation level * Supported
    DescribeImageLifecyclePersonal DescribeImageLifecyclePersonal Operation level * Supported
    DescribeImagePersonal Used to get the personal version of the mirror warehouse tag list Operation level * Supported
    DescribeImageVulnerabilityDetails Query scanned image vulnerability information based on the image version Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeImmutableTagRules DescribeImmutable Tag Rules Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeInstanceInspection Get instance inspection result information Resource level qcs::tcr:${region}:uin/${uin}:instance/* Supported
    DescribeInstanceStatus Describe Instance Status Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeInstanceToken Describe Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeInstances Describe Instances Operation level * not supported
    DescribeInternalEndpoints Describe Internal Endpoints Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeNamespacePersonal DescribeNamespacePersonal Operation level * Supported
    DescribeNamespaces describe namespace info Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/* not supported
    DescribeReplication Describe Replication Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
    DescribeReplicationExecutions Instance synchronization/instance replication policy execution record list Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeReplicationInstanceCreateTasks DescribeReplicationInstanceCreateTasks Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeReplicationInstanceSyncStatus DescribeReplicationInstanceSyncStatus Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeReplicationPolicies Get the list of instance synchronization rules Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeReplicationTasks Instance synchronization/instance replication execution task list Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeRepositories describe instance repositories Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
    DescribeRepositoryAllPersonal DescribeRepositoryAllPersonal Operation level * Supported
    DescribeRepositoryFilterPersonal DescribeRepositoryFilterPersonal Operation level * Supported
    DescribeRepositoryOwnerPersonal Describe Repository Owner Personal Operation level * not supported
    DescribeRepositoryPersonal DescribeRepositoryPersonal Operation level * Supported
    DescribeSecurityPolicies Describe Security Policies Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeServiceAccounts describe service accounts Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
    DescribeSourceCodeAuthPersonal DescribeSourceCodeAuthPersonal Operation level * not supported
    DescribeSystemInfo return the system information of tcr instance Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
    DescribeTagRetentionRuleLog Describe Tag RetentionRuleLog Operation level * not supported
    DescribeTagRetentionRules Describe Tag RetentionRules Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/* not supported
    DescribeUserPersonal DescribeUserPersonal Operation level * Supported
    DescribeUserQuotaPersonal DescribeUserQuotaPersonal Operation level * Supported
    DescribeWebhookTrigger Describe Webhook Trigger Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename not supported
    DescribeWebhookTriggerLog query Webhook consumption logs Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${Namespace}/* not supported
    DownloadHelmChart Download Helm Chart Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${ChartName} not supported
    ManageInternalEndpoint Manage instance intranet access VPC link Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId}
    qcs::vpc:${region}:uin/${uin}:subnet/${subnetId}
    Supported
    ManageReplication Operation level * Supported
    PullRepository Pull Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
    PullRepositoryPersonal Pull Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} not supported
    ValidateApplicationTokenPersonal Validate Application Token Operation level * not supported
    ValidateNamespaceExistPersonal ValidateNamespaceExistPersonal Operation level * Supported
    ValidateRepositoryExistPersonal ValidateRepositoryExistPersonal Operation level * Supported
    ValidateUserPersonal ValidateUserPersonal Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeInstanceCustomizedDomain Describe Instance Customized Domain Resource level qcs::tcr:$regionid:$accountid:instance/$RegistryId Supported
    DescribeInternalEndpointDnsStatus DescribeInternalEndpointDnsStatus Resource level qcs::tcr:$regionid:$accountid:instance/* Supported
    DescribeReplicationInstances DescribeReplicationInstances Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
    DescribeWebhookTriggerPersonal DescribeWebhookTriggerPersonal Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support