- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Access Key
- User Groups
- Role
- Policies
- Troubleshooting
- Permissions Boundary
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Access Key
- User Groups
- Role
- Policies
- Troubleshooting
- Permissions Boundary
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| CKafka | ckafka | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddPartition | AddPartition | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| AddRoute | AddRoute | Operation level | * | not supported |
| AddTopicIpwhitelist | AddTopicIpwhitelist | Operation level | * | not supported |
| AuthorizeToken | authorize token | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | Supported |
| BatchCreateAcl | BatchCreateAcl | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| BatchDeleteAcl | BatchDeleteAcl | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| BatchModifyGroupOffsets | BatchModifyGroupOffsets | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| BatchModifyTopicAttributes | BatchModifyTopicAttributes | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| BurnCPU | BurnCPU | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| BurnDiskIO | BurnDiskIO | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateAcl | CreateAcl | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateAclRule | create Acl rule | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateConnectResource | create dip connect resource | Operation level | * | not supported |
| CreateConsumer | Create consumer group | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| CreateDatahubGroup | create dip consumer group | Operation level | * | not supported |
| CreateDatahubTask | create dip task | Operation level | * | Supported |
| CreateDatahubTopic | create dip topic | Operation level | * | Supported |
| CreateInstance | CreateInstance | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateInstancePost | CreateInstancePost | Operation level | * | Supported |
| CreateInstancePre | CreateInstancePre | Operation level | * | Supported |
| CreatePartition | CreatePartition | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreatePostPaidInstance | CreatePostPaidInstance | Operation level | * | Supported |
| CreatePrometheus | CreatePrometheus | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateRoute | CreateRoute | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateStringRegularExpressionMatchPattern | CreateStringRegularExpressionMatchPattern | Operation level | * | not supported |
| CreateSystemMaintenanceTime | CreateSystemMaintenanceTime | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateToken | create token | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | Supported |
| CreateTopic | CreateTopic | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| CreateTopicIpWhiteList | CreateTopicIpWhiteList | Operation level | * | not supported |
| CreateUser | CreateUser | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DelayMessage | DelayMessage | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| DelayMessageRollback | DelayMessageRollback | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| DeleteAcl | DeleteAcl | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DeleteAclRule | delete Acl rule | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| DeleteConnectResource | delete dip connect resource | Resource level | qcs::ckafka:${region}:uin/${uin}:connectResource/${resourceId} | not supported |
| DeleteDatahubGroup | delete dip consumer group | Resource level | qcs::ckafka:${region}:uin/${uin}:dipGroup/${Group} | not supported |
| DeleteDatahubTask | delete dip task | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTask/${taskId} | Supported |
| DeleteDatahubTopic | delete dip Topic | Resource level | qcs::ckafka:${region}:uin/${uin}:dipTopic/${Name} | not supported |
| DeleteGroup | Delete consumer group | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DeleteInstance | DeleteInstance | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | Supported |
| DeleteInstancePost | DeleteInstancePost | Operation level | * | Supported |
| DeleteInstancePre | DeleteInstancePre | Operation level | * | not supported |
| DeletePrometheus | DeletePrometheus | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| DeleteRoute | DeleteRoute | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DeleteTopic | DeleteTopic | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DeleteTopicIpwhitelist | DeleteTopicIpwhitelist | Operation level | * | not supported |
| DeleteUser | DeleteUser | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DownAttackRollback | DownAttackRollback | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| InjectDownAttack | shutdown | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| InstanceScalingDown | InstanceScalingDown | Operation level | * | Supported |
| IsolateResource | Isolate Resource | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| ModifyAclRule | ModifyAclRule | Operation level | * | not supported |
| ModifyConnectResource | modify dip connect resource attributes | Resource level | qcs::ckafka:${region}:uin/${uin}:connectResource/${resourceId} | not supported |
| ModifyConsumerGroupConfig | ModifyConsumerGroupConfig | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| ModifyDatahubGroupOffsets | modify dip group offset | Resource level | qcs::ckafka:${region}:uin/${uin}:dipGroup/${Group} | not supported |
| ModifyDatahubPartition | add dip topic partition | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTopic/${topicId} | not supported |
| ModifyDatahubPassword | modify dip topic password | Resource level | qcs::ckafka:${region}:uin/${uin}:dipTopic/${Name} | not supported |
| ModifyDatahubResource | ModifyDatahubResource | Resource level | qcs::ckafka:${region}:uin/:connectTask/${taskId} | Supported |
| ModifyDatahubTask | ModifyDatahubTask | Resource level | qcs::ckafka::uin/${uin}:connectTask/${taskId} | Supported |
| ModifyDatahubTopic | modify dip topic attributes | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTopic/${topicId} | not supported |
| ModifyForward | Set ckafka to forward messages to cos | Operation level | * | not supported |
| ModifyGroupOffsets | ModifyGroupOffsets | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| ModifyInstance | ModifyInstance | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| ModifyInstanceAttributes | ModifyInstanceAttributes | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| ModifyInstanceMultiZone | ModifyInstanceMultiZone | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| ModifyInstancePre | ModifyInstancePre | Operation level | * | not supported |
| ModifyPassword | ModifyPassword | Operation level | * | Supported |
| ModifyRoutineMaintenanceTask | ModifyRoutineMaintenanceTask | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | Supported |
| ModifyTopicAttributes | ModifyTopicAttributes | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| PauseDatahubTask | pause dip task | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTask/${taskId} | Supported |
| RenewCkafkaInstance | Renew Ckafka instance | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| RestartDatahubTask | RestartDatahubTask | Resource level | qcs::ckafka::uin/${uin}:connectTask/${taskId} | Supported |
| ResumeDatahubTask | resume dip task | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTask/${taskId} | not supported |
| SendMessage | HTTP send message | Resource level | qcs::ckafka:${region}:uin/${uin}:DataHub/${DataHubId} | not supported |
| SetForward | Set ckafka to forward messages to cos | Operation level | * | not supported |
| SetInstanceAttributes | SetInstanceAttributes | Operation level | * | not supported |
| SetTopicAttributes | SetTopicAttributes | Operation level | * | not supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeACL | DescribeACL | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeAclRule | DescribeAclRule | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeAppIdIsVip | DescribeAppIdIsVip | Operation level | * | Supported |
| DescribeAppInfo | DescribeAppInfo | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeAsyncResult | DescribeAsyncResult | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeAttackAsyncRequestResult | DescribeAttackAsyncRequestResult | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeBrokerIpInfo | DescribeBrokerIpInfo | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | Supported |
| DescribeCkafkaTypeConfigs | DescribeCkafkaTypeConfigs | Operation level | * | Supported |
| DescribeCkafkaZone | DescribeCkafkaZone | Operation level | * | Supported |
| DescribeConnectResource | describe dip connect resource attributes | Resource level | qcs::ckafka:${region}:uin/${uin}:connectResource/${ResourceId} | Supported |
| DescribeConnector | DescribeConnector | Operation level | * | not supported |
| DescribeConnectorConfigs | DescribeConnectorConfigs | Operation level | * | not supported |
| DescribeConnectorStatus | DescribeConnectorStatus | Operation level | * | Supported |
| DescribeDatahubGroup | describe dip group list | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTopic/${topicId} | Supported |
| DescribeDatahubGroupOffsets | describe dip group offset | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTopic/${topicId} | not supported |
| DescribeDatahubTask | describe dip task attributes | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTask/${taskId} | Supported |
| DescribeDatahubTopic | describe dip topic attributes | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTopic/${Name} | Supported |
| DescribeGroup | DescribeGroup | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeGroupInfo | DescribeGroupInfo | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeGroupOffsets | DescribeGroupOffsets | Operation level | * | Supported |
| DescribeIfCommunity | DescribeIfCommunity | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| DescribeInstanceAttributes | DescribeInstanceAttributes | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeMigrationTask | DescribeMigrationTask | Operation level | * | Supported |
| DescribeModifyProgress | get progress of the modification | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| DescribeModifyType | Describe ckafka Instance Modify Type | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| DescribeOrderConfig | query price quota for cluster | Operation level | * | Supported |
| DescribeRegion | DescribeRegion | Operation level | * | Supported |
| DescribeRollbackAsyncRequestResult | DescribeRollbackAsyncRequestResult | Resource level | qcs::ckafka:${region}:uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeRoute | DescribeRoute | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeRunningEventIds | DescribeRunningEventIds | Operation level | * | Supported |
| DescribeTaskStatus | DescribeTaskStatus | Operation level | * | Supported |
| DescribeTopicAttributes | DescribeTopicAttributes | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| DescribeTopicDetail | DescribeTopicDetail | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| DescribeTopicDistribute | DescribeTopicDistribute | Operation level | * | Supported |
| DescribeTopicFlowRanking | describe some topics in the cluster. and get flow metric about the nodes in the cluster, using the default options. | Operation level | * | Supported |
| DescribeTopicProduceConnection | Get producer connection info | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | Supported |
| DescribeTopicSubscribeGroup | DescribeTopicSubscribeGroup | Operation level | * | Supported |
| DescribeTopicSyncReplica | Get partition replica and offset info | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeUser | DescribeUser | Operation level | * | not supported |
| FetchLatestDatahubMessageList | get latest message from task | Operation level | * | Supported |
| FetchMessageByOffset | fetch message by specfic offset | Operation level | * | Supported |
| FetchMessageListByOffset | fetch message by specific partition offset | Operation level | * | Supported |
| FetchMessageListByTimestamp | Fetch message by timestamp given | Operation level | * | Supported |
| GetInstanceAttributes | GetInstanceAttributes | Operation level | * | not supported |
| GetTopicAttributes | GetTopicAttributes | Operation level | * | not supported |
| InquireCkafkaPrice | Inquire ckafka instance price | Operation level | * | not supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeConnectResources | describe dip connect resource list | Resource level | qcs::ckafka:${region}:uin/${uin}:connectResource/${resourceId} | Supported |
| DescribeConsumerGroup | DescribeConsumerGroup | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| DescribeDatahubTasks | describe dip task list | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTask/${taskId} | Supported |
| DescribeDatahubTopics | describe dip topic list | Resource level | qcs::ckafka:${region}:uin/${uin}:connectTopic/${topicId} | Supported |
| DescribeInstance | DescribeInstance | Operation level | * | not supported |
| DescribeInstanceDetail | DescribeInstanceDetail | Operation level | * | not supported |
| DescribeInstances | DescribeInstances | Operation level | * | not supported |
| DescribeInstancesDetail | DescribeInstancesDetail | Operation level | * | not supported |
| DescribeTopic | DescribeTopic | Resource level | qcs::ckafka::uin/${uin}:ckafkaId/${instanceId} | not supported |
| ListConsumerGroup | ListConsumerGroup | Operation level | * | not supported |
| ListInstance | ListInstance | Operation level | * | not supported |
| ListRoute | ListRoute | Operation level | * | not supported |
| ListTopic | ListTopic | Operation level | * | not supported |
예
아니오
문제 해결에 도움이 되었나요?