tencent cloud

Feedback

Tencent Cloud Elastic Microservice

Last updated: 2024-11-20 09:36:09

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Tencent Cloud Elastic Microservice tem Supported Supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CopyLogConfig CopyLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    CreateApplication create application Operation level * Supported
    CreateApplicationAutoscaler CreateApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    CreateApplicationCronHorizontalAutoscaler create cron scale policy Operation level * Supported
    CreateApplicationHorizontalAutoscaler create scale policy Operation level * Supported
    CreateApplicationService CreateApplicationService Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    CreateApplicationServiceMonitor CreateApplicationServiceMonitor Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    CreateConfigData create configuration Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    CreateCosToken generate the Cos temporary secret key Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    CreateEnvironment create environment Operation level * Supported
    CreateGateway CreateGateway Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    CreateLogConfig CreateLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    CreateNamespace create namespace Operation level * Supported
    CreateResource create resource by binding Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    CreateSecretData CreateSecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    CreateService create service Operation level * Supported
    CreateServiceVersion create service version Operation level * Supported
    DeleteApplication delete application Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DeleteApplicationAutoscaler delete scale policy Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DeleteApplicationDeploymentHistory delete deployment history Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
    DeleteApplicationPackageHistory DeleteApplicationPackageHistory Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DeleteApplicationService DeleteApplicationService Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DeleteApplicationServiceMonitor DeleteApplicationServiceMonitor Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DeleteIngress delete ingress Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    qcs::tem::uin/${uin}:gateway/${environmentId}/${gatewayName}
    Supported
    DeleteResource delete resource by unbinding Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DeleteService delete service Operation level * Supported
    DeleteServiceVersion delete service version Operation level * Supported
    DeployApplication deploy application Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DeployServiceVersion deploy ervice version Operation level * Supported
    DestroyConfigData destroy configuration Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DestroyEnvironment destroy environment Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DestroyGateway DestroyGateway Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DestroyLogConfig DestroyLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DestroyMultiLogConfigs DestroyMultiLogConfigs Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DestroyNamespace delete namespace Operation level * Supported
    DestroySecretData DestroySecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DisableApplicationAutoscaler DisableApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    EnableApplicationAutoscaler EnableApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ForwardToApiServer ForwardToApiServer Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    GenerateApplicationPackageDownloadUrl generate download URL Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyApplicationAutoscaler ModifyApplicationAutoscaler Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyApplicationCronHorizontalAutoscaler modify cron scale policy Operation level * Supported
    ModifyApplicationHorizontalAutoscaler modify scale policy Operation level * Supported
    ModifyApplicationInfo modify application info Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyApplicationInstance modify instance specification Operation level * Supported
    ModifyApplicationPortMapping modify port mapping Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    ModifyApplicationPortMappingList ModifyApplicationPortMappingList Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    ModifyApplicationReplicas modify instance numbers Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyApplicationService ModifyApplicationService Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyApplicationServiceMonitor ModifyApplicationServiceMonitor Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    ModifyApplicationTraits Modify application traits Operation level * not supported
    ModifyCloudBaseGWAPI Turn on or off public network access Operation level * Supported
    ModifyConfigData modify configuration Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyEnvironment modify environment Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyGatewayIngress ModifyGatewayIngress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    ModifyIngress modify ingress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    ModifyInstanceSpec modify instance spec Operation level * Supported
    ModifyLogConfig ModifyLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ModifyNamespace modify namespace Operation level * Supported
    ModifyResourceConfig ModifyResourceConfig Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
    ModifySecretData ModifySecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    ModifyServiceRouteConf modify service route config Operation level * Supported
    ModifyServiceVersion modify service version spec Operation level * Supported
    ModifyVersionEsConf modify service version elastic config Operation level * Supported
    RestartApplication Restart the application Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    RestartApplicationPod restart instance Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    ResumeDeployApplication resume deployment Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    RevertDeployApplication revert deployment Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    RollingUpdateApplicationByVersion RollingUpdateApplicationByVersion Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    SpeedUpApplication SpeedUpApplication Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    StartEnvironment start the environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    StopApplication stop application Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    StopEnvironment stop the environment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    StopServiceVersion stop service version Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAlertApplications DescribeAlertApplications Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeAlertEnvironments get user alert environments Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeAllEnvironments get all environments list Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationAutoscalerList DescribeApplicationAutoscalerList Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    Supported
    DescribeApplications describe applications Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeDeployApplicationHistory describe the history of the deployment Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeEnvironments describe environments Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DescribeGatewayList DescribeGatewayList Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeIngresses describe ingresses Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:gateway/${environmentId}/${gatewayName}
    Supported
    DescribeLogConfigList DescribeLogConfigList Operation level * not supported
    DescribeSecretDataList describe the list of the secrets Resource level qcs::tem::uin/${uin}:role/${roleId} Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeApplicationActiveNamespaces describe active environments for the application Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationContainerSpec describe instance specification Operation level * Supported
    DescribeApplicationDemoInfos describe demo infos Operation level * Supported
    DescribeApplicationDeploymentHistory describe deployment history Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationException describe exception Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationExceptionRecords describe list of the abnormal interfaces Operation level * Supported
    DescribeApplicationImageRepo describe image repository Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationImages describe images Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationInfo describe base application info Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    Supported
    DescribeApplicationInterfaceRecords describe the list of monitored interfaces Operation level * Supported
    DescribeApplicationInvolvedResources DescribeApplicationInvolvedResources Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationLogs describe logs Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationMonitorData describe monitor data Operation level * not supported
    DescribeApplicationMonitorStatistics describe monitor statistics data Operation level * Supported
    DescribeApplicationPackageHistory describe package history Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationPods describe instances Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    Supported
    DescribeApplicationPresetEnv DescribeApplicationPresetEnv Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
    DescribeApplicationServiceList DescribeApplicationServiceList Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    Supported
    DescribeApplicationServiceMonitors DescribeApplicationServiceMonitors Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeApplicationSpeedUpStatus DescribeApplicationSpeedUpStatus Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
    DescribeApplicationsStatus describe the status of applications Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DescribeBaseService obtain basic service information Operation level * Supported
    DescribeBaseServiceVersion Obtain basic service version information Operation level * Supported
    DescribeChangeRecordDetail Obtain change record detail Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeChangeRecordTypes describe record types Operation level * Supported
    DescribeChangeRecords Obtain change records Operation level * Supported
    DescribeCloudBaseRunPodList get the list of running Pods below the service version Operation level * Supported
    DescribeConfigData describe configuration Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DescribeConfigDataList describe configurations Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DescribeCurveData obtaining monitoring data Operation level * Supported
    DescribeDemoInfos get demo info Operation level * Supported
    DescribeDeployApplicationDetail describe deployment Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:application/${applicationId}
    Supported
    DescribeDestroyLimit get the number of namespace deletes remaining Operation level * Supported
    DescribeEnvStatus get env status Operation level * Supported
    DescribeEnvironment describe environment Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DescribeEnvironmentStatistics describe statistics data of the environment Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
    DescribeEnvironmentStats query environment stats Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeEnvironmentStatus describe status of the environment Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    Supported
    DescribeEventLogs DescribeEventLogs Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeEventObjects gets the event object Operation level * Supported
    DescribeGateway DescribeGateway Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeGatewayIngress DescribeGatewayIngress Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeImages query image information Operation level * Supported
    DescribeIngress DescribeIngress Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:gateway/${environmentId}/${gatewayName}
    Supported
    DescribeLogConfig DescribeLogConfig Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    qcs::tem::uin/${uin}:application/${applicationId}
    Supported
    DescribeLogs search logs Operation level * Supported
    DescribeNamespaces gets the list of tenant namespaces Operation level * Supported
    DescribePagedLogConfigList DescribePagedLogConfigList Resource level qcs::tem::uin/${uin}:role/${roleId}
    qcs::tem::uin/${uin}:environment/${environmentId}
    qcs::tem::uin/${uin}:application/${applicationId}
    Supported
    DescribeRegistryResourceEnv describe instance environments for registry Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeRelatedIngresses describe application-related ingresses Operation level * Supported
    DescribeResourceCategories describe resource categories Operation level * Supported
    DescribeResourceInUseApplications DescribeResourceInUseApplications Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeResources describe resources Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeSecretData DescribeSecretData Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeService describe EKS service Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeServiceImageRepoGuide query push guidance of image repository Operation level * Supported
    DescribeServiceList describe EKS services Resource level qcs::tem::uin/${uin}:role/${roleId} not supported
    DescribeServiceVersions get the service version list Operation level * Supported
    DescribeServices gets a list of running services Operation level * Supported
    DescribeTopApplicationUsage list top usage application list Resource level qcs::tem::uin/${uin}:role/${roleId} Supported
    DescribeVersionContainerSpec uery the image specification information Operation level * Supported
    DescribeVersionException query version exception details Operation level * Supported
    DescribeVersionName get service version drop down list Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support