tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation
    Download PDF

    Bastion Host

    Last updated: 2024-09-27 09:08:02
    Download PDF

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Bastion Host bh Supported not supported Operation level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      AccessDevice Access Device Operation level * Supported
      CanCreateTrialResource CanCreateTrialResource Operation level * Supported
      DescribeAccessControlRule Describe Access Control Rule Operation level * Supported
      DescribeAccessEntry Describe Access Entry Operation level * Supported
      DescribeAssetSyncStatus Describe Asset Sync Status Operation level * Supported
      DescribeCdcSetting Describe Cdc Setting Operation level * Supported
      DescribeDeviceCount Describe Device Count Operation level * Supported
      DescribeDomainInstallScript Describe Domain InstallScript Operation level * Supported
      DescribeLogOutputSettings Describe Log Output Settings Operation level * Supported
      DescribeOperationTaskDetail Describe Operation Task Detail Operation level * Supported
      DescribeSecuritySetting Describe Security Setting Operation level * Supported
      DescribeSystemTaskStatistics Describe System Task Statistics Operation level * Supported
      DescribeTicketSubmitFlag Describe Ticket Submit Flag Operation level * Supported
      DescribeTrialGuide DescribeTrialGuide Operation level * Supported
      DescribeUserCount Describe User Count Operation level * Supported
      LoginOpserver LoginOpserver Operation level * Supported
      ReplaySession Replay Session Operation level * Supported
      ShowGraph Show Graph Operation level * Supported
      ShowTop Show Top Operation level * Supported
      ViewReport View Report Operation level * Supported

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      AccessTrackPage Access Track Page Operation level * Supported
      AddDeviceGroupMembers Add Device Group Members Operation level * Supported
      AddUserGroupMembers Add User Group Members Operation level * Supported
      BindDeviceAccountPassword Bind Device Account Password Operation level * Supported
      BindDeviceAccountPrivateKey Bind Device Account Private Key Operation level * Supported
      BindDeviceResource Bind Device Resource Operation level * Supported
      CreateAccessControlRule Create Access Control Rule Operation level * Supported
      CreateAccessControlTemplate Create Access Control Template Operation level * Supported
      CreateAccessControlTemplateRule Create Access Control Template Rule Operation level * Supported
      CreateAccessWhiteListRule Create Access WhiteList Rule Operation level * Supported
      CreateAcl Create Acl Operation level * Supported
      CreateAssetSyncJob Create Asset Sync Job Operation level * Supported
      CreateChangePwdTask Create Change Pwd Task Operation level * Supported
      CreateCmdTemplate Create Cmd Template Operation level * Supported
      CreateDepartment Create Department Operation level * Supported
      CreateDeviceAccount Create Device Account Operation level * Supported
      CreateDeviceAccountBatch Create Device Account Batch Operation level * Supported
      CreateDeviceGroup Create Device Group Operation level * Supported
      CreateDomain Create Domain Operation level * Supported
      CreateExportDeviceTask Create Export Device Task Operation level * Supported
      CreateLogDelivery Create Log Delivery Operation level * Supported
      CreatePushAccountTask Create Push Account Task Operation level * Supported
      CreateReportTask Create Report Task Operation level * Supported
      CreateResource Create Resource Operation level * Supported
      CreateUser Create User Operation level * Supported
      CreateUserBatch Create User Batch Operation level * Supported
      CreateUserGroup Create User Group Operation level * Supported
      DeleteAccessControlRules Delete Access Control Rules Operation level * Supported
      DeleteAccessControlTemplate Delete Access Control Template Operation level * Supported
      DeleteAccessControlTemplateRule Delete Access Control Template Rule Operation level * Supported
      DeleteAccessWhiteListRules Delete Access White List Rules Operation level * Supported
      DeleteAcls Delete Acls Operation level * Supported
      DeleteChangePwdTask Delete Change Pwd Task Operation level * Supported
      DeleteCmdTemplates Delete Cmd Templates Operation level * Supported
      DeleteDepartment Delete Department Operation level * Supported
      DeleteDeviceAccounts Delete Device Accounts Operation level * Supported
      DeleteDeviceGroupMembers Delete Device Group Members Operation level * Supported
      DeleteDeviceGroups Delete Device Groups Operation level * Supported
      DeleteDevices Delete Devices Operation level * Supported
      DeleteDomains Delete Domains Operation level * Supported
      DeleteExportDeviceTask Delete Export DeviceT ask Operation level * Supported
      DeletePushAccountTasks Delete Push Account Tasks Operation level * Supported
      DeleteReportTask Delete Report Task Operation level * Supported
      DeleteReportTaskHistory Delete Report Task History Operation level * Supported
      DeleteUserGroupMembers Delete User Group Members Operation level * Supported
      DeleteUserGroups Delete User Groups Operation level * Supported
      DeleteUsers Delete Users Operation level * Supported
      ImportDeviceAccount Import Device Account Operation level * Supported
      ImportDevices Import Devices Operation level * Supported
      ImportExternalDevice ImportExternalDevice Operation level * Supported
      LeaveTrackPage Leave Track Page Operation level * Supported
      ModifyAccessControlRule Modify Access Control Rule Operation level * Supported
      ModifyAccessControlTemplate Modify Access Control Template Operation level * Supported
      ModifyAccessControlTemplateRuleOrder Modify Access Control Template Rule Order Operation level * Supported
      ModifyAccessTimePolicy Modify Access Time Policy Operation level * Supported
      ModifyAccessWhiteListAutoStatus Modify Access WhiteList Auto Status Operation level * Supported
      ModifyAccessWhiteListRule Modify Access WhiteList Rule Operation level * Supported
      ModifyAccessWhiteListStatus Modify Access WhiteList Status Operation level * Supported
      ModifyAcl Modify Acl Operation level * Supported
      ModifyAssetSyncFlag Modify Asset Sync Flag Operation level * Supported
      ModifyAuthModeSetting Modify Auth Mode Setting Operation level * Supported
      ModifyChangePwdTask Modify Change Pwd Task Operation level * Supported
      ModifyCmdTemplate Modify Cmd Template Operation level * Supported
      ModifyDepartment Modify Department Operation level * Supported
      ModifyDevice Modify Device Operation level * Supported
      ModifyDeviceGroup Modify Device Group Operation level * Supported
      ModifyDevicesDepartment Modify Devices Department Operation level * Supported
      ModifyDevicesPort Modify Devices Port Operation level * Supported
      ModifyDomain Modify Domain Operation level * Supported
      ModifyExternalDevice Modify External Device Operation level * Supported
      ModifyLDAPSetting Modify LDAP Setting Operation level * Supported
      ModifyLogDelivery Modify Log Delivery Operation level * Supported
      ModifyLogOutputSettings Modify Log Output Settings Operation level * Supported
      ModifyLoginSetting Modify Login Setting Operation level * Supported
      ModifyOAuthSetting Modify OAuth Setting Operation level * Supported
      ModifyPasswordSetting Modify Password Setting Operation level * Supported
      ModifyPushAccountTask Modify Push Account Task Operation level * Supported
      ModifyReportTask Modify Report Task Operation level * Supported
      ModifyResource Modify Resource Operation level * Supported
      ModifyTicketSubmitFlag Modify Ticket Submit Flag Operation level * Supported
      ModifyUser Modify User Operation level * Supported
      ModifyUserGroup Modify User Group Operation level * Supported
      ModifyUsersDepartment Modify Users Department Operation level * Supported
      ResetDeviceAccountPassword Reset Device Account Password Operation level * Supported
      ResetDeviceAccountPrivateKey Reset Device Account Private Key Operation level * Supported
      SyncUserFromCam SyncUserFromCam Operation level * Supported
      UpdateTicketStatus Update Ticket Status Operation level * not supported
      UpdateTrialGuideStep UpdateTrialGuideStep Operation level * Supported
      VisitTrackPage Visit Track Page Operation level * Supported

      Other Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      ApproveTicket Approve Ticket Operation level * Supported
      CheckLDAPConnection Check LDAP Connection Operation level * Supported
      ConnectDomain Connect Domain Operation level * Supported
      DeployResource Deploy Resource Operation level * Supported
      DisconnectDomain Disconnect Domain Operation level * Supported
      KillSession Kill Session Operation level * Supported
      LockUser Lock User Operation level * not supported
      MonitorSession Monitor Session Operation level * Supported
      ResetLogDelivery Reset Log Delivery Operation level * Supported
      ResetUser Reset User Operation level * Supported
      RunChangePwdTask Run Change Pwd Task Operation level * Supported
      RunPushAccountTask Run Push Account Task Operation level * Supported
      SetLDAPSyncFlag Set LDAP Sync Flag Operation level * Supported
      UnlockUser Unlock User Operation level * not supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeAccessControlRules Describe Access Control Rules Operation level * Supported
      DescribeAccessControlTemplateRules Describe Access Control Template Rules Operation level * Supported
      DescribeAccessControlTemplates Describe Access Control Templates Operation level * Supported
      DescribeAccessWhiteListRules Describe Access White List Rules Operation level * Supported
      DescribeAccountsWithDeviceCount Describe Accounts With Device Count Operation level * Supported
      DescribeAcls Describe Acls Operation level * Supported
      DescribeAssetSyncFlag Describe Asset Sync Flag Operation level * Supported
      DescribeAvailableInstanceTypes Describe Available Instance Types Operation level * Supported
      DescribeChangePwdTask Describe Change Pwd Task Operation level * Supported
      DescribeChangePwdTaskDetail Describe Change Pwd Task Detail Operation level * Supported
      DescribeCkafkaInstanceList Describe Ckafka Instance List Operation level * Supported
      DescribeCmdTemplates Describe Cmd Templates Operation level * Supported
      DescribeDepartments Describe Departments Operation level * Supported
      DescribeDeviceAccounts Describe Device Accounts Operation level * Supported
      DescribeDeviceGroupMembers Describe Device Group Members Operation level * Supported
      DescribeDeviceGroups Describe Device Groups Operation level * Supported
      DescribeDevices Describe Devices Operation level * Supported
      DescribeDomains Describe Domains Operation level * Supported
      DescribeExportDeviceTask Describe Export Device Task Operation level * Supported
      DescribeInstanceIds Describe InstanceIds Operation level * Supported
      DescribeLDAPUnitSet Describe LDAP Unit Set Operation level * Supported
      DescribeLogDelivery Describe Log Delivery Operation level * Supported
      DescribeLoginEvent Describe Login Event Operation level * Supported
      DescribeOperationEvent Describe Operation Event Operation level * Supported
      DescribeOperationTaskStatistics Describe Operation Task Statistics Operation level * Supported
      DescribeOperationTasks Describe Operation Tasks Operation level * Supported
      DescribeOperationType Describe Operation Type Operation level * Supported
      DescribePushAccountTask Describe Push Account Task Operation level * Supported
      DescribePushAccountTaskDetail Describe Push Account Task Detail Operation level * Supported
      DescribeReportTask Describe Report Task Operation level * Supported
      DescribeReportTaskHistory Describe Report Task History Operation level * Supported
      DescribeResources Describe Resources Operation level * Supported
      DescribeTaskTemplate Describe Task Template Operation level * Supported
      DescribeTickets Describe Tickets Operation level * Supported
      DescribeUserGroupMembers Describe User Group Members Operation level * Supported
      DescribeUserGroups Describe User Groups Operation level * Supported
      DescribeUsers Describe Users Operation level * Supported
      SearchAuditLog Search Audit Log Operation level * Supported
      SearchChangePwdTaskInfo Search Change Pwd TaskInfo Operation level * Supported
      SearchCommand Search Command Operation level * Supported
      SearchCommandBySid Search Command By Sid Operation level * Supported
      SearchEvent Search Event Operation level * Supported
      SearchFile Search File Operation level * Supported
      SearchFileBySid Search File By Sid Operation level * Supported
      SearchFileSession Search File Session Operation level * Supported
      SearchPushAccountTaskInfo Search Push Account Task Info Operation level * Supported
      SearchSession Search Session Operation level * Supported
      SearchSessionCommand Search Session Command Operation level * Supported
      SearchStatement Search Statement Operation level * Supported
      SearchStatementBySid Search Statement By Sid Operation level * Supported
      SearchSubtaskResultById Search Subtask Result By Id Operation level * Supported
      SearchTaskResult Search Task Result Operation level * Supported
      SearchTaskResultDetail Search Task Result Detail Operation level * Supported
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy