tencent cloud

Cloud Access Management

プロダクトの概要
CAMの概要
製品機能
適用シーン
基本概念
使用制限
ユーザータイプ
購入ガイド
クイックスタート
管理者ユーザーを作成する
サブアカウントの作成と権限付与
サブアカウントのコンソールログイン
ユーザーガイド
概要
ユーザー
アクセスキー
ユーザーグループ
ロール
アイデンティティプロバイダー
ポリシー
権限境界
トラブルシューティング
セキュリティ分析レポートのダウンロード
CAM-Enabled Role
Overview
Compute
Container
Microservice
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Database SaaS Service
Networking
CDN and Acceleration
Network Security
Data Security
Application Security
Domains & Websites
Big Data
Middleware
Interactive Video Services
Real-Time Interaction
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
CAM-Enabled API
Overview
Compute
Edge Computing
Container
Distributed cloud
Microservice
Serverless
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Networking
CDN and Acceleration
Network Security
Endpoint Security
Data Security
Business Security
Application Security
Domains & Websites
Office Collaboration
Big Data
Voice Technology
Image Creation
Tencent Big Model
AI Platform Service
Natural Language Processing
Optical Character Recognition
Middleware
Communication
Interactive Video Services
Real-Time Interaction
Stream Services
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Education Sevices
Medical Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
実践のチュートリアル
セキュリティの実践チュートリアル
複数アイデンティティ権限管理
Tag下の一部操作権限を付与する
従業員間のリソース分離アクセスのサポート
企業マルチアカウント権限管理
従業員のTencent Cloud操作ログを閲覧する
ABACによる従業員のリソースアクセス権限管理
タグ認証時にタグキーのみマッチをサポート
商用事例
MySQL関連ケース
CLB 関連ケース
CMQ関連ケース
COS 関連ケース
CVM関連ケース
VPC 関連ケース
VOD関連ケース
その他のケース
よくあるご質問
ロール関連問題
キー関連の問題
その他の問題
CAMユーザーと権限の問題
用語一覧
ドキュメントCloud Access ManagementCAM-Enabled APIContainerTencent Container Registry

Tencent Container Registry

フォーカスモード
フォントサイズ
最終更新日: 2026-04-03 09:46:58

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
Tencent Container Registry tcr Supported Supported Resource level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AuthorizeUserImageBuildConfig add coding certification Operation level * not supported
BatchDeleteImagePersonal Batch Delete Image Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame}/${Tags} Supported
BatchDeleteRepositoryPersonal Batch Delete Repository Personal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoNames} Supported
CreateApplicationTokenPersonal Create Application Token Operation level * Supported
CreateApplicationTriggerPersonal create application trigger personal Operation level * Supported
CreateGCJob Create GC Job Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
CreateHelmChart Create Helm Chart Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
CreateImageAccelerateService Create an image acceleration service Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
CreateImageAccelerationService Create Image Acceleration Service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
CreateImmutableTagRules CreateImmutable Tag Rule Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
CreateInstance Create Enterprise Registry Instance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
CreateInstanceCustomizedDomain Create Instance Customized Domain Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId}
qcs::ssl::uin/${uin}:certificate/${CertificateId}		 Supported
CreateInstanceToken CreateInstanceToken Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
CreateInternalEndpointDns CreateInternalEndpointDns Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
CreateMultipleSecurityPolicy CreateMultipleSecurityPolicy Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceid} Supported
CreateNamespace create namespace Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/* not supported
CreateNamespacePersonal Create Namespace Personal Resource level qcs::tcr:${Region}:uin/:repo/${Namespace} Supported
CreateReplicationInstance CreateReplicationInstance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
CreateRepo Create a shared image repository Resource level qcs::tcr:${region}:uin/${uin}:repo/${Reponame} Supported
CreateRepository create image repository Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
CreateRepositoryPersonal Create Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} Supported
CreateSecurityPolicy Create a whitelist policy for public network access to an instance Resource level qcs::tcr::uin/${uin}:instance/${RegistryId} Supported
CreateServiceAccount create service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
CreateSignature Create Signature Resource level qcs::tcr:${region}:uin/${uin}:repository/$instanceid/$namespacename/$repositoryname not supported
CreateTagRetentionRule Create Tag RetentionRule Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/* not supported
CreateUserPersonal Create CCR User Operation level * Supported
CreateWebhookTrigger CreateWebhookTrigger Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
CreateWebhookTriggerPersonal CreateWebhookTriggerPersonal Operation level * not supported
DeleteAIModel DeleteAIModel Operation level * not supported
DeleteApplicationTriggerPersonal delete application trigger Operation level * Supported
DeleteImageAccelerateService delete image accelerate service Resource level qcs::tcr:${Region}:uin/:instance/${InstanceId} Supported
DeleteImageLifecycleGlobalPersonal Delete global image tag lifecycle strategy Operation level * Supported
DeleteImagePersonal Delete Image Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame}/${Tag} Supported
DeleteImmutableTagRules DeleteImmutable Tag Rule Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DeleteInstance DeleteI instance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DeleteInstanceCustomizedDomain Delete Instance Customized Domain Operation level * Supported
DeleteInstanceToken Delete Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DeleteInternalEndpointDns DeleteInternalEndpointDns Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DeleteMultipleSecurityPolicy DeleteMultipleSecurityPolicy Resource level qcs::tcr:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteNamespace delete namespace Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/* not supported
DeleteNamespacePersonal Delete Namespace Personal Resource level qcs::tcr:${Region}:uin/:repo/${Namespace} Supported
DeleteReplicationInstance DeleteReplicationInstance Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DeleteRepository delete image repository Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
DeleteRepositoryPersonal Delete Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${Reponame} Supported
DeleteSecurityPolicy Delete Security Policy Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DeleteServiceAccount delete service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
DeleteSkill DeleteSkill Operation level * not supported
DeleteTagRetentionRule Delete Tag RetentionRule Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/* not supported
DeleteWebhookTrigger Deleting a Webhook Trigger Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/* not supported
DeleteWebhookTriggerPersonal DeleteWebhookTriggerPersonal Operation level * not supported
DownloadHelmChart Download Helm Chart Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${ChartName} not supported
DuplicateImagePersonal DuplicateImagePersonal Operation level * Supported
ManageExternalEndpoint Managing instance public network access Resource level qcs::tcr::uin/${uin}:instance/${RegistryId} Supported
ManageImageLifecycleGlobalPersonal Set global image tag lifecycle strategy Operation level * Supported
ManageInternalEndpoint Manage instance intranet access VPC link Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId}
qcs::vpc:${region}:uin/${uin}:subnet/${subnetId}		 Supported
ManageReplication Manage instance synchronization Resource level qcs::tcr::uin/${uin}:instance/${SourceRegistryId} Supported
ModifyApplicationTriggerPersonal ModifyApplicationTriggerPersonal Operation level * Supported
ModifyImmutableTagRules ModifyImmutable Tag Rules Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
ModifyInstance Modify Instance Resource level qcs::tcr:$regionid:$accountid:instance/* Supported
ModifyInstanceStorage Modify TCR instance storage configuration Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
ModifyInstanceToken Modify Instance Token Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
ModifyInstanceTokenValidTime Modify Instance Token Valid Time Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
ModifyNamespace Update namespace information Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/* not supported
ModifyRepository Update image repository Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
ModifyRepositoryAccessPersonal ModifyRepositoryAccessPersonal Resource level qcs::${ApiModule}:${Region}:uin/:repo/${RepoName} Supported
ModifyRepositoryInfoPersonal modify repo info personal Operation level * Supported
ModifySecurityPolicy ModifySecurityPolicy Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
ModifyServiceAccount update properties of service account Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
ModifyTagRetentionRule Modify Tag RetentionRule Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/* not supported
ModifyUserPasswordPersonal Modify CCR Password Operation level * Supported
ModifyWebhookTrigger Update Webhook Trigger Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/* not supported
PullRepository Pull Repository Resource level qcs::tcr:${region}:uin/${uin}:repository/${instanceid}/${namespacename}/${repositoryname} not supported
PullRepositoryPersonal Pull Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} not supported
PushRepository Push Repository Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/$repositoryname not supported
PushRepositoryPersonal Push Repository Personal Resource level qcs::tcr:${Region}:uin/:repo/${RepoName} not supported
RenewInstance Renewal of prepaid instances supports pay-as-you-go subscriptions to yearly and monthly subscriptions during the same period Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
TerminateGCJob terminate garbage collection job Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
UpdateApplicationTokenPermission Update Application Token Read Write Permission Operation level * not supported
UpdateApplicationTokenPermissionPersonal Update Application Token Read Write Permission Operation level * Supported
UpdateApplicationTokenPersonal Update Application Token Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckInstanceCustomizedDomains Check the custom domain name registration status Operation level * not supported
CheckInstanceName Check whether the instance name to be created conforms to the specification Operation level * not supported
DeleteReplicationRule DeleteReplicationRule Resource level qcs::tcr:${Region}:uin/:instance/${SourceRegistryId} Supported
DescribeAIModelVersionDetail DescribeAIModelVersionDetail Operation level * not supported
DescribeApplicationTokenPersonal Describe Application Token Operation level * Supported
DescribeApplicationTriggerLogPersonal describe application trigger Operation level * Supported
DescribeApplicationTriggerPersonal DescribeApplicationTriggerPersonal Operation level * Supported
DescribeChartDownloadInfo DescribeChartDownloadInfo Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DescribeChartUploadInfo DescribeChartUploadInfo Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DescribeCosInfo Describe Cos Info Resource level qcs::tcr:$regionid:$accountid:instance/${instanceid} not supported
DescribeDockerHubImagePersonal DescribeDockerHubImagePersonal Operation level * Supported
DescribeDockerHubRepositoryInfoPersonal DescribeDockerHubRepositoryInfoPersonal Operation level * Supported
DescribeDockerHubRepositoryPersonal DescribeDockerHubRepositoryPersonal Operation level * Supported
DescribeExternalEndpointStatus Describe External Endpoint Status Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DescribeFavorRepositoryPersonal DescribeFavorRepositoryPersonal Operation level * Supported
DescribeGCJobs Describe GC Latest 10 Jobs Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DescribeHelmCharts Describe Helm Charts Resource level qcs::tcr:$regionid:$accountid:repository/$instanceid/$namespacename/* not supported
DescribeImageAccelerateService describe image accelerate service Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DescribeImageConfigPersonal DescribeImageConfigPersonal Operation level * Supported
DescribeImageFilterPersonal DescribeImageFilterPersonal Operation level * Supported
DescribeImageLifecycleGlobalPersonal Describe Image Lifecycle Global Personal Operation level * Supported
DescribeImageLifecyclePersonal DescribeImageLifecyclePersonal Operation level * Supported
DescribeImageManifests describe image manifests info Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
DescribeImagePersonal Used to get the personal version of the mirror warehouse tag list Resource level qcs::tcr::uin/${uin}:repo/${Reponame} Supported
DescribeImageVulnerabilityDetails Query scanned image vulnerability information based on the image version Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
DescribeImages Query list or specify container list information Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
DescribeImmutableTagRules DescribeImmutable Tag Rules Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DescribeInstanceAllForCoding Coding only - query all instance information Operation level * not supported
DescribeInstanceStatus Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DescribeInstanceToken Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DescribeInstances Describe Instances Operation level * Supported
DescribeInternalEndpoints Describe Internal Endpoints Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DescribeNamespacePersonal DescribeNamespacePersonal Operation level * Supported
DescribeNamespaces describe namespace info Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/* not supported
DescribeRegions List TCR available areas Operation level * not supported
DescribeReplication Describe Replication Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid not supported
DescribeReplicationExecutions Instance synchronization/instance replication policy execution record list Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
DescribeReplicationInstanceCreateTasks DescribeReplicationInstanceCreateTasks Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DescribeReplicationInstanceSyncStatus DescribeReplicationInstanceSyncStatus Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DescribeReplicationPolicies Get the list of instance synchronization rules Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
DescribeReplicationTasks Instance synchronization/instance replication execution task list Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
DescribeRepositories describe instance repositories Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/${RepositoryName} not supported
DescribeRepositoryAllPersonal DescribeRepositoryAllPersonal Operation level * Supported
DescribeRepositoryFilterPersonal DescribeRepositoryFilterPersonal Operation level * Supported
DescribeRepositoryOwnerPersonal Describe Repository Owner Personal Operation level * not supported
DescribeRepositoryPersonal DescribeRepositoryPersonal Operation level * Supported
DescribeSecurityPolicies Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DescribeServiceAccounts describe service accounts Resource level qcs::tcr:${region}:uin/${uin}:instance/${RegistryId} Supported
DescribeSkillDetail DescribeSkillDetail Operation level * not supported
DescribeSkillDownloadInfo DescribeSkillDownloadInfo Operation level * not supported
DescribeSystemInfo return the system information of tcr instance Resource level qcs::tcr:${Region}:uin/:instance/${RegistryId} Supported
DescribeTagRetentionExecutionTask Query version retains execution tasks Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${NamespaceName}/* not supported
DescribeTagRetentionRules Describe Tag RetentionRules Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/* not supported
DescribeUserPersonal DescribeUserPersonal Operation level * Supported
DescribeUserQuotaPersonal DescribeUserQuotaPersonal Operation level * Supported
DescribeWebhookTrigger Query Webhook Trigger Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NamespaceName}/* not supported
DescribeWebhookTriggerLog query Webhook consumption logs Resource level qcs::tcr:${Region}:uin/${Uin}:repository/${RegistryId}/${Namespace}/* not supported
ListAIModelVersions ListAIModelVersions Operation level * not supported
ListAIModels ListAIModels Operation level * not supported
ListChartRelease Query the Chart version list Resource level qcs::tcr::uin/${uin}:repository/${RegistryId}/${NameSpaceName}/${RepositoryName} not supported
ListSkillVersions ListSkillVersions Operation level * not supported
ListSkills ListSkills Operation level * not supported
ValidateApplicationTokenPersonal Validate Application Token Operation level * Supported
ValidateNamespaceExistPersonal ValidateNamespaceExistPersonal Operation level * Supported
ValidateRepositoryExistPersonal ValidateRepositoryExistPersonal Operation level * Supported
ValidateUserPersonal ValidateUserPersonal Operation level * Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeInstanceCustomizedDomain Describe Instance Customized Domain Resource level qcs::tcr:$regionid:$accountid:instance/$RegistryId Supported
DescribeInternalEndpointDnsStatus DescribeInternalEndpointDnsStatus Operation level * Supported
DescribeReplicationInstances DescribeReplicationInstances Resource level qcs::tcr:$regionid:$accountid:instance/$instanceid Supported
DescribeWebhookTriggerPersonal DescribeWebhookTriggerPersonal Operation level * Supported
前の記事へ: Tencent Cloud Mesh次の記事へ: Tencent Kubernetes Engine Distributed Cloud Center

ヘルプとサポート

この記事はお役に立ちましたか?

フィードバック