tencent cloud

PrevNext

피드백

키워드를 검색하세요

Recent Pages

문서
Cloud Access Management
    문서
    Download PDF

    Tencent Cloud Organization

    마지막 업데이트 시간:2024-06-29 09:54:23
    PDF 다운로드

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Tencent Cloud Organization organization Supported not supported Operation level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      AcceptJoinShareUnitInvitation AcceptJoinShareUnitInvitation Operation level * Supported
      AcceptMemberChangePermission AcceptMemberChangePermission Operation level * Supported
      AcceptOrganizationInvitation Accept Organization Invitation Operation level * Supported
      AddExternalSAMLIdPCertificate Add SAML signing certificate Operation level * not supported
      AddOrganizationCloudApplication AddOrganizationCloudApplication Operation level * Supported
      AddOrganizationCloudApplicationAccount AddOrganizationCloudApplicationAccount Operation level * Supported
      AddOrganizationMemberEmail AddOrganizationMemberEmail Operation level * Supported
      AddOrganizationNode Add Organization Node Operation level * Supported
      AddOrganizationNodeTags AddOrganizationNodeTags Operation level * Supported
      AddPermissionPolicyToRoleConfiguration Add policies for permission configuration Operation level * not supported
      AddShareUnit AddShareUnit Operation level * Supported
      AddShareUnitMembers AddShareUnitMembers Operation level * Supported
      AddShareUnitResources AddShareUnitResources Operation level * Supported
      AddUserToGroup Add users to user groups Operation level * not supported
      AttachPolicy Attach policy. Operation level * Supported
      BatchAddUserToGroup Batch add users to user groups Operation level * not supported
      BatchCreateUser Batch Create Users Operation level * not supported
      BatchRemoveUserFromGroup Batch remove users from user groups Operation level * not supported
      BindOrganizationMemberAuthAccount BindOrganizationMemberAuthAccount Operation level * Supported
      BindOrganizationPolicyGroup BindOrganizationPolicyGroup Operation level * Supported
      BindOrganizationPolicySubAccount BindOrganizationPolicySubAccount Operation level * Supported
      CancelMemberChangePermission CancelMemberChangePermission Operation level * Supported
      CancelOrganizationInvitation Cancel Organization Invitation Operation level * Supported
      CancelOrganizationMemberAuthAccount CancelOrganizationMemberAuthAccount Operation level * Supported
      CancelOrganizationPolicyGroup CancelOrganizationPolicyGroup Operation level * Supported
      ClearExternalSAMLIdentityProvider Clear SAML identity provider configuration information Operation level * not supported
      CreateGroup Create user groups Operation level * not supported
      CreateMemberOperateProcess CreateMemberOperateProcess Operation level * Supported
      CreateOrgMemberProductServiceRole CreateOrgMemberProductServiceRole Operation level * Supported
      CreateOrgServiceAssign CreateOrgServiceAssign Operation level * Supported
      CreateOrganization CreateOrganization Operation level * Supported
      CreateOrganizationAuthRelationApply CreateOrganizationAuthRelationApply Operation level * Supported
      CreateOrganizationIdentity CreateOrganizationIdentity Operation level * Supported
      CreateOrganizationMember CreateOrganizationMember Operation level * Supported
      CreateOrganizationMemberAuthIdentity CreateOrganizationMemberAuthIdentity Operation level * Supported
      CreateOrganizationMemberPolicy CreateOrganizationMemberPolicy Operation level * Supported
      CreateOrganizationMembersPolicy CreateOrganizationMembersPolicy Operation level * Supported
      CreatePolicy Create policy. Operation level * Supported
      CreateResourceTypeInYeHe CreateResourceTypeInYeHe Operation level * Supported
      CreateRoleAssignment Authorize on member accounts Operation level * not supported
      CreateRoleConfiguration Create role configuration Operation level * not supported
      CreateSCIMCredential Create SCIM Credential Operation level * not supported
      CreateUser create user Operation level * not supported
      CreateUserSyncProvisioning Create sub user synchronization task Operation level * not supported
      DeleteAccount DeleteAccount Operation level * Supported
      DeleteGroup Delete User Group Operation level * not supported
      DeleteMemberOperateProcess DeleteMemberOperateProcess Operation level * Supported
      DeleteOrgServiceAssign DeleteOrgServiceAssign Operation level * Supported
      DeleteOrganization DeleteOrganization Operation level * Supported
      DeleteOrganizationAuthRelation DeleteOrganizationAuthRelation Operation level * Supported
      DeleteOrganizationCloudApplication DeleteOrganizationCloudApplication Operation level * Supported
      DeleteOrganizationCloudApplicationAccount DeleteOrganizationCloudApplicationAccount Operation level * Supported
      DeleteOrganizationIdentity DeleteOrganizationIdentity Operation level * Supported
      DeleteOrganizationMemberAuthIdentity DeleteOrganizationMemberAuthIdentity Operation level * Supported
      DeleteOrganizationMemberFromNode DeleteOrganizationMemberFromNode Operation level * Supported
      DeleteOrganizationMembers DeleteOrganizationMembers Operation level * Supported
      DeleteOrganizationMembersPolicy DeleteOrganizationMembersPolicy Operation level * Supported
      DeleteOrganizationNodeMembers DeleteOrganizationNodeMembers Operation level * Supported
      DeleteOrganizationNodeTags DeleteOrganizationNodeTags Operation level * Supported
      DeleteOrganizationNodes DeleteOrganizationNodes Operation level * Supported
      DeletePolicy Delete policy. Operation level * Supported
      DeleteRoleAssignment Remove authorization from member accounts Operation level * not supported
      DeleteRoleConfiguration Delete role configuration Operation level * not supported
      DeleteSCIMCredential Delete SCIM Credential Operation level * not supported
      DeleteShareUnit DeleteShareUnit Operation level * Supported
      DeleteShareUnitMembers DeleteShareUnitMembers Operation level * Supported
      DeleteShareUnitResources DeleteShareUnitResources Operation level * Supported
      DeleteUser Delete user Operation level * not supported
      DeleteUserSyncProvisioning Delete CAM user synchronization Operation level * not supported
      DenyMemberChangePermission DenyMemberChangePermission Operation level * Supported
      DenyOrganizationCreateRecord DenyOrganizationCreateRecord Operation level * Supported
      DenyOrganizationInvitation DenyOrganizationInvitation Operation level * Supported
      DetachPolicy Detach policy. Operation level * Supported
      DisablePolicyType Disable policy type. Operation level * Supported
      DismantleRoleConfiguration Deploy access configuration to member accounts Operation level * not supported
      EnablePolicyType Enable policy type. Operation level * Supported
      ExitShareUnit ExitShareUnit Operation level * Supported
      InviteOrganizationMember InviteOrganizationMember Operation level * Supported
      MoveOrganizationMembersToNode MoveOrganizationMembersToNode Operation level * Supported
      MoveOrganizationNode MoveOrganizationNode Operation level * Supported
      MoveOrganizationNodeMembers MoveOrganizationNodeMembers Operation level * Supported
      ProvisionRoleConfiguration Deploy access configuration to member accounts Operation level * not supported
      QuitOrganization QuitOrganization Operation level * Supported
      RejectJoinShareUnitInvitation RejectJoinShareUnitInvitation Operation level * Supported
      RemoveExternalSAMLIdPCertificate Remove SAML signing certificate Operation level * not supported
      RemovePermissionPolicyFromRoleConfiguration Configure removal policies for permissions Operation level * not supported
      RemoveUserFromGroup Remove users from user groups Operation level * not supported
      RetryUserSyncProvisioningEvent Deploy permission configuration to member accounts Operation level * not supported
      SendOrgMemberAccountBindEmail SendOrgMemberAccountBindEmail Operation level * Supported
      SendOrganizationInvitation SendOrganizationInvitation Operation level * Supported
      SetExternalSAMLIdentityProvider Configure SAML identity provider information Operation level * not supported
      SetMemberDeletionPermission SetMemberDeletionPermission Operation level * Supported
      SetOrganizationAuthRelationManage SetOrganizationAuthRelationManage Operation level * Supported
      SetOrganizationCloudApplicationStatus SetOrganizationCloudApplicationStatus Operation level * Supported
      UpdateGroup Modify user group information Operation level * not supported
      UpdateMemberOperateProcess UpdateMemberOperateProcess Operation level * Supported
      UpdateMemberOperateProcessStatus UpdateMemberOperateProcessStatus Operation level * Supported
      UpdateOrganizationIdentity UpdateOrganizationIdentity Operation level * Supported
      UpdateOrganizationMember UpdateOrganizationMember Operation level * Supported
      UpdateOrganizationMemberEmailBind UpdateOrganizationMemberEmailBind Operation level * Supported
      UpdateOrganizationMembersPolicy UpdateOrganizationMembersPolicy Operation level * Supported
      UpdateOrganizationNode UpdateOrganizationNode Operation level * Supported
      UpdateOrganizationNodeTag UpdateOrganizationNodeTag Operation level * Supported
      UpdatePolicy Update policy. Operation level * Supported
      UpdateResourceTypeInYeHe UpdateResourceTypeInYeHe Operation level * Supported
      UpdateRoleConfiguration Update role configuration Operation level * not supported
      UpdateSCIMCredentialStatus enable or disable SCIM credential Operation level * not supported
      UpdateSCIMSynchronizationStatus Enable or disable SCIM synchronization status Operation level * not supported
      UpdateShareUnit UpdateShareUnit Operation level * Supported
      UpdateUser Modifying User Information Operation level * not supported
      UpdateUserStatus Modify user status Operation level * not supported
      UpdateUserSyncProvisioning Update CAM user synchronization Operation level * not supported
      UpdateZone Update user\'s zoneName Operation level * not supported

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      CheckAccountDelete CheckAccountDelete Operation level * Supported
      CheckAccountStatus CheckAccountStatus Operation level * Supported
      CheckChangeMemberAuthName CheckChangeMemberAuthName Operation level * Supported
      DescribeCloudApplicationToMember DescribeCloudApplicationToMember Operation level * Supported
      DescribeEventByProduct DescribeEventByProduct Operation level * Supported
      DescribeIdentityCenter Describe user cam identity center Operation level * not supported
      DescribeManagerShareMembers DescribeManagerShareMembers Operation level * Supported
      DescribeManagerShareResources DescribeManagerShareResources Operation level * Supported
      DescribeMemberChangePermissionRecords DescribeMemberChangePermissionRecords Operation level * Supported
      DescribeMemberDeletionPermission DescribeMemberDeletionPermission Operation level * Supported
      DescribeOrganization DescribeOrganization Operation level * Supported
      DescribeOrganizationAuthNode DescribeOrganizationAuthNode Operation level * Supported
      DescribeOrganizationAuthPolicies DescribeOrganizationAuthPolicies Operation level * Supported
      DescribeOrganizationAuthRelationApplies DescribeOrganizationAuthRelationApplies Operation level * Supported
      DescribeOrganizationAuthRelations DescribeOrganizationAuthRelations Operation level * Supported
      DescribeOrganizationBeInviteRecord DescribeOrganizationBeInviteRecord Operation level * Supported
      DescribeOrganizationCollPolicies get Organization Control Policies Operation level * Supported
      DescribeOrganizationCreateRecord DescribeOrganizationCreateRecord Operation level * Supported
      DescribeOrganizationFinancialByMember DescribeOrganizationFinancialByMember Operation level * Supported
      DescribeOrganizationFinancialByMonth DescribeOrganizationFinancialByMonth Operation level * Supported
      DescribeOrganizationFinancialByProduct DescribeOrganizationFinancialByProduct Operation level * Supported
      DescribeOrganizationFinancialMemberNum DescribeOrganizationFinancialMemberNum Operation level * Supported
      DescribeOrganizationIdentity DescribeOrganizationIdentity Operation level * Supported
      DescribeOrganizationInviteRecord DescribeOrganizationInviteRecord Operation level * Supported
      DescribeOrganizationMember DescribeOrganizationMember Operation level * Supported
      DescribeOrganizationMemberAuthAccounts DescribeOrganizationMemberAuthAccounts Operation level * Supported
      DescribeOrganizationMemberAuthIdentities DescribeOrganizationMemberAuthIdentities Operation level * Supported
      DescribeOrganizationMemberEmailBind DescribeOrganizationMemberEmailBind Operation level * Supported
      DescribeOrganizationMemberNodes DescribeOrganizationMemberNodes Operation level * Supported
      DescribeOrganizationMemberPolicies DescribeOrganizationMemberPolicies Operation level * Supported
      DescribeOrganizationMembers DescribeOrganizationMembers Operation level * Supported
      DescribeOrganizationMembersCanAuthIdentities DescribeOrganizationMembersCanAuthIdentities Operation level * Supported
      DescribeOrganizationNode DescribeOrganizationNode Operation level * Supported
      DescribeOrganizationNodeByName DescribeOrganizationNodeByName Operation level * Supported
      DescribeOrganizationNodeMemberRecords DescribeOrganizationNodeMemberRecords Operation level * Supported
      DescribeOrganizationNodeMembers DescribeOrganizationNodeMembers Operation level * Supported
      DescribeOrganizationNodeRecords DescribeOrganizationNodeRecords Operation level * Supported
      DescribeOrganizationNodeTags DescribeOrganizationNodeTags Operation level * Supported
      DescribeOrganizationNodes DescribeOrganizationNodes Operation level * Supported
      DescribeOrganizationNodesByParent DescribeOrganizationNodesByParent Operation level * Supported
      DescribeOrganizationOverView Get Organization OverView Operation level * Supported
      DescribeOrganizationPendingCreateRecord DescribeOrganizationPendingCreateRecord Operation level * Supported
      DescribeOrganizationPolicy DescribeOrganizationPolicy Operation level * Supported
      DescribeOrganizationRecords DescribeOrganizationRecords Operation level * Supported
      DescribeOrganizationServiceRole DescribeOrganizationServiceRole Operation level * Supported
      DescribeOrganizationSubAccountByDay DescribeOrganizationSubAccountByDay Operation level * Supported
      DescribeOrganizationSubAccountByMonth DescribeOrganizationSubAccountByMonth Operation level * Supported
      DescribePolicy DescribePolicy Operation level * Supported
      DescribePolicyConfig DescribePolicyConfig Operation level * Supported
      DescribeProductUsedInEvent DescribeProductUsedInEvent Operation level * Supported
      DescribeResourceToShareMember DescribeResourceToShareMember Operation level * Supported
      DescribeResourceToShareMemberByType DescribeResourceToShareMemberByType Operation level * Supported
      DescribeResourceTypes DescribeResourceTypes Operation level * Supported
      DescribeShareAreas DescribeShareAreas Operation level * Supported
      DescribeShareUnit DescribeShareUnit Operation level * Supported
      DescribeShareUnitMemberRecords DescribeShareUnitMemberRecords Operation level * Supported
      DescribeShareUnitMembers DescribeShareUnitMembers Operation level * Supported
      DescribeShareUnitResources DescribeShareUnitResources Operation level * Supported
      DescribeShareUnits DescribeShareUnits Operation level * Supported
      DescribeUnitToShareMember DescribeUnitToShareMember Operation level * Supported
      GetExternalSAMLIdentityProvider Query SAML identity provider configuration information Operation level * not supported
      GetGroup Query user group information Operation level * not supported
      GetOrganization GetOrganization Operation level * Supported
      GetOrganizationMember GetOrganizationMember Operation level * Supported
      GetRoleConfiguration Query role configuration information Operation level * not supported
      GetSCIMSynchronizationStatus Get SCIM Synchronization Status Operation level * not supported
      GetTaskStatus Query the status of asynchronous tasks Operation level * not supported
      GetUser Query user information Operation level * not supported
      GetUserSyncProvisioning Query CAM user synchronization Operation level * not supported
      GetUserSyncProvisioningEvent Query CAM user synchronization events Operation level * not supported
      GetZoneSAMLServiceProviderInfo Query SAML service provider information Operation level * not supported
      GetZoneStatistics Query zone statistics Operation level * not supported
      ListExternalSAMLIdPCertificates Query SAML signing certificate list Operation level * not supported
      ListGroupMembers Query user list in user group Operation level * not supported
      ListGroups Query user group list Operation level * not supported
      ListJoinedGroupsForUser Query user groups joined by users Operation level * not supported
      ListNonCompliantResource ListNonCompliantResource Operation level * Supported
      ListOrganizationCloudApplication ListOrganizationCloudApplication Operation level * Supported
      ListOrganizationInvitations ListOrganizationInvitations Operation level * Supported
      ListOrganizationMembers ListOrganizationMembers Operation level * Supported
      ListOrganizationNodeMembers ListOrganizationNodeMembers Operation level * Supported
      ListOrganizationNodes ListOrganizationNodes Operation level * Supported
      ListPermissionPoliciesInRoleConfiguration Obtain the policy list in the permission configuration Operation level * not supported
      ListPoliciesForTarget ListPoliciesForTarget Operation level * Supported
      ListRoleAssignments Query authorization list Operation level * not supported
      ListRoleConfigurationProvisionings Query permission configuration deployment list Operation level * not supported
      ListRoleConfigurations Query permission configuration list Operation level * not supported
      ListTasks Query asynchronous task list Operation level * not supported
      ListUserSyncProvisioningEvents Query CAM user synchronization event list Operation level * not supported
      ListUserSyncProvisionings Query CAM user synchronization list Operation level * not supported
      ListUsers Query user list Operation level * not supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeMemberBeChangePermissionRecords DescribeMemberBeChangePermissionRecords Operation level * Supported
      DescribeOrganizationMembersAuthAccount DescribeOrganizationMembersAuthAccount Operation level * Supported
      DescribeOrganizationMembersAuthPolicy DescribeOrganizationMembersAuthPolicy Operation level * Supported
      DescribeShareResourceUsageRecords DescribeShareResourceUsageRecords Operation level * Supported
      DescribeShareResourcesByType DescribeShareResourcesByType Operation level * not supported
      ListMemberOperateProcess ListMemberOperateProcess Operation level * Supported
      ListOrgMemberSubAccount ListOrgMemberSubAccount Operation level * Supported
      ListOrgServiceAssignMember ListOrgServiceAssignMember Operation level * Supported
      ListOrganizationIdentity ListOrganizationIdentity Operation level * Supported
      ListOrganizationService ListOrganizationService Operation level * Supported
      ListPolicies ListPolicies Operation level * Supported
      ListSCIMCredentials List User SCIM Credentials Operation level * not supported
      ListTargetsForPolicy ListTargetsForPolicy Operation level * Supported
      문의하기

      고객의 업무에 전용 서비스를 제공해드립니다.

      문의하기
      기술 지원

      더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

      티켓 제출
      연중무휴 24시간 전화 지원
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      개인정보 처리방침서비스 약관쿠키 정책