プロダクトの概要

CAMの概要

製品機能

適用シーン

基本概念

使用制限

ユーザータイプ

購入ガイド

クイックスタート

管理者ユーザーを作成する

サブアカウントの作成と権限付与

サブアカウントのコンソールログイン

ユーザーガイド

概要

ユーザー

アクセスキー

ユーザーグループ

ロール

アイデンティティプロバイダー

ポリシー

権限境界

トラブルシューティング

セキュリティ分析レポートのダウンロード

CAM-Enabled Role

Overview

Compute

Container

Microservice

Essential Storage Service

Data Process and Analysis

Data Migration

Relational Database

Enterprise Distributed DBMS

NoSQL Database

Database SaaS Tool

Database SaaS Service

Networking

CDN and Acceleration

Network Security

Data Security

Application Security

Domains & Websites

Big Data

Middleware

Interactive Video Services

Real-Time Interaction

Media On-Demand

Media Process Services

Media Process

Cloud Real-time Rendering

Game Services

Cloud Resource Management

Management and Audit Tools

Developer Tools

Monitor and Operation

CAM-Enabled API

Overview

Compute

Edge Computing

Container

Distributed cloud

Microservice

Serverless

Essential Storage Service

Data Process and Analysis

Data Migration

Relational Database

Enterprise Distributed DBMS

NoSQL Database

Database SaaS Tool

Networking

CDN and Acceleration

Network Security

Endpoint Security

Data Security

Business Security

Application Security

Domains & Websites

Office Collaboration

Big Data

Voice Technology

Image Creation

Tencent Big Model

AI Platform Service

Natural Language Processing

Optical Character Recognition

Middleware

Communication

Interactive Video Services

Real-Time Interaction

Stream Services

Media On-Demand

Media Process Services

Media Process

Cloud Real-time Rendering

Game Services

Education Sevices

Medical Services

Cloud Resource Management

Management and Audit Tools

Developer Tools

Monitor and Operation

実践のチュートリアル

セキュリティの実践チュートリアル

複数アイデンティティ権限管理

Tag下の一部操作権限を付与する

従業員間のリソース分離アクセスのサポート

企業マルチアカウント権限管理

従業員のTencent Cloud操作ログを閲覧する

ABACによる従業員のリソースアクセス権限管理

タグ認証時にタグキーのみマッチをサポート

商用事例

MySQL関連ケース

CLB 関連ケース

CMQ関連ケース

COS 関連ケース

CVM関連ケース

VPC 関連ケース

VOD関連ケース

その他のケース

よくあるご質問

ロール関連問題

キー関連の問題

その他の問題

CAMユーザーと権限の問題

用語一覧

Cloud Object Storage

포커스 모드

폰트 크기

마지막 업데이트 시간: 2026-04-03 09:41:55

Fundamental information

Product	Abbreviation in CAM	Console	Authorization by Tag	Authorization Granularity	IP Restriction
COS	cos	Supported	Supported	Resource level	Supported

Note：
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.

Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.

Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

Resource level: It supports the authorization of a specific resource.
Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API	API Description	Authorization Granularity	Six-segment Resource Description	IP Restriction
AbortMultipartUpload	Abort multipart upload	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
AppendObject		Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path}	Supported
AppendObject	append object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
CompleteMultipartUpload	Complete multipart upload task	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
CreateAutoBackup	Create auto backup for lhcos	Operation level	*	Supported
CreateInstantBackup	Create instant backup for lhcos.	Operation level	*	Supported
CreateJob	Create a COS Batch job	Operation level	*	Supported
CreateMigrateUser	create user	Operation level	*	Supported
CreateMigrateVoucherTask	craete task	Operation level	*	Supported
CreateMounting	Create LH-COS mounting point.	Operation level	*	Supported
DeleteBucket	Delete bucket	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketCORS	Delete the cross-origin resource sharing (CORS) access control configuration from a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketDomain	Delete bucket domain configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketDomainCertificate	delete domain certificate	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketEncryption	Delete bucket encryption configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketInventory	Delete bucket inventory configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketLifecycle	Delete the lifecycle configuration of a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketOrigin		Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketOrigin		Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketOrigin	Delete bucket origin configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketPolicy	Delete a permission policy of a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketReferer	Delete bucket referer	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketReplication	Delete the cross-bucket replication configuration from a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketTagging	Delete the existing bucket tags from a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteBucketWebsite	Delete the static website configuration from a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteJob	Delete COS Batch Job configuration	Operation level	*	Supported
DeleteMigrateUser	del migrate user	Operation level	*	Supported
DeleteMultipleObjects	Delete objects in bulk	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
DeleteObject	Delete object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
DeleteObjectTagging	Delete object tagging	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
DeleteVectorBucket	Delete a vector bucket	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
DeleteVectorBucketPolicy	Delete a bucket policy on a vector bucket	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
DeleteVectorIndex	Delete a vector index and all its contents	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}/index/${indexname}	Supported
DeleteVectors	Delete specific vectors from an index	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}/index/${indexname}	Supported
InitiateMultipartUpload	Initiate multipart upload task	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PostBucketInventory	initiate instant inventory	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PostObject	Post object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PostObjectRestore	Restore an archive object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutBucket	Put bucket	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutBucketACL	Put bucket ACL	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketAccelerate	Put bucket accelerate configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketAccessMonitor	put bucket access monitor	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutBucketBandwidthQuota	PUT Bucket Bandwidth Quota	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutBucketCORS	Configure bucket cross-domain resource sharing	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketDomain	Put bucket domain configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketDomainCertificate	bind domain certificate	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutBucketEncryption	Put bucket encryption configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketIntelligentTiering	Enable intelligent tiered storage for buckets	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketInventory	Put bucket inventory configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketLifecycle	Put bucket lifecycle configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketLogging	Put bucket logging configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketLoggingAnalysis	Put bucket logging analysis configuration	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/* qcs::cls::uin/:topic/*	Supported
PutBucketNotification	Put bucket notification configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketObjectLock	Put bucket object lock configuration	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutBucketOrigin		Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketOrigin	Put bucket origin configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketPolicy	Put bucket policy	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketReferer	Put bucket referer	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketReplication	Put bucket replication configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketResponseControl	Put bucket response control	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutBucketTagging	Put bucket tagging	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketVersioning	Put bucket versioning configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutBucketWebsite	Put bucket website configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
PutObject	Put object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutObjectCopy	Copy object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutObjectLegalHold	Put object legal hold control	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutObjectRetention	Put object retention	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutObjectTagging	Put object tagging	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutSymlink	Create Symlink	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
PutVectorBucket	Create a new vector bucket.	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
PutVectorBucketPolicy	Configure a bucket policy on a vector bucket	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
PutVectorIndex	Create a new vector index with specified dimensions and metadata configuration	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
PutVectors	Add or update vectors in an index	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}/index/${indexname}	Supported
RenameObject	rename object, supported by ofs only	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
TruncateObject	truncate object, supported by ofs only	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
UpdateJobPriority	Update a COS Batch job priority	Operation level	*	Supported
UpdateJobStatus	Update a COS Batch job status	Operation level	*	Supported
UpgradeBucketBandwidthQuota	UPGRADE Bucket Bandwidth Quota	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
UploadPart	Upload part	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
UploadPartCopy	Copy upload parts	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported

Read operations

API	API Description	Authorization Granularity	Six-segment Resource Description	IP Restriction
DescribeAutoBackup	Describe auto backup for lhcos.	Operation level	*	Supported
DescribeBackupTask	Describe backup task for lhcos	Operation level	*	Supported
DescribeCosPackages	DescribeCosPackages	Operation level	*	Supported
DescribeCosUserStatus	get cos user stat	Operation level	*	Supported
DescribeGetOneYuanPackages	get one yuan pkg list	Resource level	qcs::cos:${Region}:uin/:TopicName/${TopicName}	Supported
DescribeGsPkgConfig	get gs config	Operation level	*	Supported
DescribeGsUinOverview	DescribeGsUinOverview	Operation level	*	Supported
DescribeGsUser	get user regist ingo	Operation level	*	Supported
DescribeJob	Describe a specified COS Batch job information	Operation level	*	Supported
DescribeLHPackages	Get lighthouse cos packages	Resource level	qcs::cos:${Region}:uin/:TopicName/${TopicName}	Supported
DescribeMigrateInfo	get user info	Operation level	*	Supported
DescribePkgUsedDetail	get pkg deduct info	Operation level	*	Supported
DescribeQueryUsedDetail	get pkg used detail	Resource level	qcs::cos:${Region}:uin/:TopicName/${TopicName}	Supported
GetBucketACL	Get bucket ACL	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketAccelerate	Get bucket accelerate configuration.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketAccessMonitor	Get bucket access monitor	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketBandwidthQuota	GET Bucket Bandwidth Quota	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketCORS	Query the cross-origin resource sharing (CORS) access control configuration of a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketDomain	Get bucket domain configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketDomainCertificate	get domain certificate status	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketEncryption	Get Bucket encryption configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketIntelligentTiering	Obtain storage bucket intelligent tiered storage configuration information	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketInventory	Get bucket inventory configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketInventoryJob	List bucket instant inventory job and get progress of instant inventory jobs.	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketLifecycle	Query the lifecycle configuration of a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketLocation	Get bucket location information	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketLogging	Query the logging configuration of the bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketLoggingAnalysis	Get bucket logging analysis configuration	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketNotification	Query the notification configuration of the bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketObjectLock	Get bucket object lock configuration	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketObjectVersions	List historical versions of objects in the bucket	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketOrigin		Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketOrigin		Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketOrigin	Get bucket origin configuration	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketPolicy	Read the permission policy of a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketReferer	Get bucket referer	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketReplication	Query the cross-bucket replication configuration of a bucket	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketResponseControl	Get bucket response control	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetBucketTagging	Query the existing bucket tags of a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketVersioning	Get the versioning information of a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetBucketWebsite	Query the configuration of static websites associated with a bucket.	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
GetObject	Get object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetObject		Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/${resource_path}	Supported
GetObjectACL	Get object ACL	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetObjectLegalHold	Get object legal hold status.	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetObjectRetention	Get object retention	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetObjectTagging	Get object tagging	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetSymlink	Get Symlink	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetVectorBucket	Get the detail information of a vector bucket.	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
GetVectorBucketPolicy	Query a bucket policy on a vector bucket	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
GetVectorIndex	View vector index properties and configuration	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}/index/${indexname}	Supported
GetVectors	Retrieve the data and metadata for some specific vectors by keys	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}/index/${indexname}	Supported
HeadBucket	Get basic information about the bucket	Resource level	qcs::cos:${Region}:uid/${uid}:${bucket-appid}/*	Supported
HeadObject	Get basic information about the object	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
InquirePriceCreateLHPackageByConfigIds	get price by configIds	Resource level	qcs::cos:${Region}:uin/:TopicName/${TopicName}	Supported
ListJobs	List COS Batch jobs of CAM user	Operation level	*	Supported
ListMultipartUploads	List multipart upload tasks	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
ListParts	List uploaded parts	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
OptionsObject	Preflight request for CORS	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
QueryVectors	Perform similarity queries on vectors in an index	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}/index/${indexname}	Supported

List Operations

API	API Description	Authorization Granularity	Six-segment Resource Description	IP Restriction
DescribeBucketList	get bucket list	Operation level	*	Supported
DescribePkgList	get pkg list for console	Operation level	*	Supported
DescribeStatCosPackage	get user\\\'s package ingo	Operation level	*	Supported
DescribeUinDayAmountByTime	DescribeUinDayAmountByTime	Operation level	*	Supported
GetBucket	List the objects in the bucket	Resource level	qcs::cos:${region}:uid/${appid}:${bucket-appid}/*	Supported
GetService	List buckets	Operation level	*	Supported
ListAutoBackups	List auto backups	Operation level	*	Supported
ListBackupTasks	List backup tasks for lhcos	Operation level	*	Supported
ListVectorBuckets	List all vector buckets in the account	Operation level	*	Supported
ListVectorIndexes	List all indexes in a vector bucket	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}	Supported
ListVectors	List the vector keys in an index	Resource level	qcs::cosvector:${region}:uid/${appid}:bucket/${bucketname}/index/${indexname}	Supported

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

tencent cloud

Cloud Access Management