tencent cloud

Cloud Access Management

Product Introduction
CAM Overview
Features
Scenarios
Basic Concepts
Use Limits
User Types
Purchase Guide
Getting Started
Creating Admin User
Creating and Authorizing Sub-account
Logging In to Console with Sub-account
User Guide
Overview
Users
Access Key
User Groups
Role
Identity Provider
Policies
Permissions Boundary
Troubleshooting
Downloading Security Analysis Report
CAM-Enabled Role
Overview
Compute
Container
Microservice
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Database SaaS Service
Networking
CDN and Acceleration
Network Security
Data Security
Application Security
Domains & Websites
Big Data
Middleware
Interactive Video Services
Real-Time Interaction
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
CAM-Enabled API
Overview
Compute
Edge Computing
Container
Distributed cloud
Microservice
Serverless
Essential Storage Service
Data Process and Analysis
Data Migration
Relational Database
Enterprise Distributed DBMS
NoSQL Database
Database SaaS Tool
Networking
CDN and Acceleration
Network Security
Endpoint Security
Data Security
Business Security
Application Security
Domains & Websites
Office Collaboration
Big Data
Voice Technology
Image Creation
Tencent Big Model
AI Platform Service
Natural Language Processing
Optical Character Recognition
Middleware
Communication
Interactive Video Services
Real-Time Interaction
Stream Services
Media On-Demand
Media Process Services
Media Process
Cloud Real-time Rendering
Game Services
Education Sevices
Medical Services
Cloud Resource Management
Management and Audit Tools
Developer Tools
Monitor and Operation
More
Use Cases
Security Practical Tutorial
Multi-Identity Personnel Permission Management
Authorizing Certain Operations by Tag
Supporting Isolated Resource Access for Employees
Enterprise Multi-Account Permissions Management
Reviewing Employee Operation Records on Tencent Cloud
Implementing Attribute-Based Access Control for Employee Resource Permissions Management
During tag-based authentication, only tag key matching is supported
Business Use Cases
TencentDB for MySQL
CLB
CMQ
COS
CVM
VPC
VOD
Others
API Documentation
History
Introduction
API Category
Making API Requests
User APIs
Policy APIs
Role APIs
Identity Provider APIs
Data Types
Error Codes
FAQs
Role
Key
Others
CAM Users and Permissions
Glossary
문서Cloud Access ManagementCAM-Enabled APIBusiness SecurityCustomer Identity and Access Management

Customer Identity and Access Management

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2026-04-03 09:41:18

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
Customer Identity Access Management ciam Supported not supported Operation level Supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AddUsersToUserGroup Add Users To User Group Operation level * Supported
ControlApplication Control Application Operation level * Supported
ControlAuthSource Control Auth Source Operation level * Supported
ControlLogPushConfig Control LogPush Config Operation level * Supported
CreateApiImportUserJob create api import user job Operation level * Supported
CreateApplication Create Application Operation level * Supported
CreateBillingResources Create Billing Resources Operation level * Supported
CreateFileExportUserJob Create File Export User Job Operation level * Supported
CreateFileImportUserJob Create FileImport User Job Operation level * Supported
CreateLogPushConfig Create LogPush Config Operation level * Supported
CreateSocialAuthSource Create Social Auth Source Operation level * Supported
CreateSyncConfig Create Sync Config Operation level * Supported
CreateUniversalAuthSource Create Universal Auth Source Operation level * Supported
CreateUser Create User Operation level * Supported
CreateUserGroup Create User Group Operation level * Supported
CreateUserProperty Create User Property Operation level * Supported
CreateUserStore Create User Store Operation level * Supported
CreateUserStoreAndDemoData Create User Store And Demo Data Operation level * Supported
DeleteApplications Delete Applications Operation level * Supported
DeleteAuthSource Delete Auth Source Operation level * Supported
DeleteLogPushConfig Delete LogPush Config Operation level * Supported
DeleteSyncConfigs Delete Sync Configs Operation level * Supported
DeleteUserGroups Delete User Groups Operation level * Supported
DeleteUserProperty Delete User Property Operation level * Supported
DeleteUserStore Delete User Store Operation level * Supported
DeleteUsers Delete Users Operation level * Supported
ExecuteAction Execute Action Operation level * Supported
ExecuteActionProcessor Execute Action Processor Operation level * Supported
LinkAccount Link Account Operation level * Supported
RemoveUsersFromUserGroup Remove Users From User Group Operation level * Supported
ResetPassword Reset Password Operation level * Supported
SendTestEmail Send Test Email Operation level * Supported
SendTestSms Send Test Sms Operation level * Supported
SetPassword Set Password Operation level * Supported
SetUserStore Set User Store Operation level * Supported
SwitchUserStore Switch User Store Operation level * Supported
UpdateAppFlow Update App Flow Operation level * Supported
UpdateApplicationAgreementFlow Update Application Agreement Flow Operation level * Supported
UpdateApplicationBaseConfig Update Application Base Config Operation level * Supported
UpdateApplicationForgetPwdFlow Update Application Forget Password Flow Operation level * Supported
UpdateApplicationForgetUsernameFlow Update Application Forget Username Flow Operation level * Supported
UpdateApplicationLoginFlow Update Application Login Flow Operation level * Supported
UpdateApplicationMfaFlow Update Application Mfa Flow Operation level * Supported
UpdateApplicationParamConfig Update Application Param Config Operation level * Supported
UpdateApplicationSecurityDomain Update Application Security Domain Operation level * Supported
UpdateApplicationSignupFlow Update Application Signup Flow Operation level * Supported
UpdateApplicationWxAppletLoginFlow Update Application Weixin Applet Login Flow Operation level * Supported
UpdateBillingResources Update Billing Resources Operation level * Supported
UpdateCaptureTemplateConfig update capture template config Operation level * Supported
UpdateEmailTemplateConfig update email template config Operation level * Supported
UpdateHostConfig Update Host Config Operation level * Supported
UpdateLogPushConfig Update LogPush Config Operation level * Supported
UpdatePolicy Update Policy Operation level * Supported
UpdateRealNameTemplateConfig update real name template config Operation level * Supported
UpdateScimSyncConfig Update Scim Sync Config Operation level * Supported
UpdateSmsTemplateConfig uodate sms template config Operation level * Supported
UpdateSocialAuthSource Update Social Auth Source Operation level * Supported
UpdateSyncConfigStatus Update Sync Config Status Operation level * Supported
UpdateTemplateConfig Update Template Config Operation level * Supported
UpdateUniversalAuthSource Update Universal Auth Source Operation level * Supported
UpdateUser Update User Operation level * Supported
UpdateUserGroup Update User Group Operation level * Supported
UpdateUserProperty Update User Property Operation level * Supported
UpdateUserStatus Update User Status Operation level * Supported
UpdateUserStore Update User Store Operation level * Supported

Other Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckEmailTemplateConfig check email templateConfig Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckLogin Check Login Operation level * Supported
CheckSmsTemplateConfig check sms template config Operation level * Supported
CheckUserStoreAsync Check User Store Async Operation level * Supported
DescribeActionByIds Describe Action By Ids Operation level * Supported
DescribeActionManagerView Describe Action Manager View Operation level * Supported
DescribeAllActionConfig Describe All Action Config Operation level * Supported
DescribeAllAdminViewConfig Describe All Admin View Config Operation level * Supported
DescribeAllFormConfig Describe All Form Config Operation level * Supported
DescribeAppFlowById Describe App Flow By Id Operation level * Supported
DescribeApplicationById Describe Application By Id Operation level * Supported
DescribeBillingResources Describe Billing Resources Operation level * Supported
DescribeDashboardCounts Describe Dashboard Counts Operation level * Supported
DescribeDataByContains Describe Data By Contains Operation level * Supported
DescribeDataByEquals Describe Data By Equals Operation level * Supported
DescribeDataByFinder Describe Data By Finder Operation level * Supported
DescribeDataByIds Describe Data By Ids Operation level * Supported
DescribeForm Describe Form Operation level * Supported
DescribeHostConfig Describe Host Config Operation level * Supported
DescribeLogPushConfigById Describe LogPush Config By Id Operation level * Supported
DescribeManageViewConfiguration Describe Manage View Configuration Operation level * Supported
DescribeManageViewData Describe Manage View Data Operation level * Supported
DescribeMenuTree Describe Menu Tree Operation level * Supported
DescribeMetaTypeDetail Describe Meta Type Detail Operation level * Supported
DescribeRecentLoginUsers Describe Recent Login Users Operation level * Supported
DescribeRecentRegisterUsers Describe Recent Register Users Operation level * Supported
DescribeRegionalDistribution Describe Regional Distribution Operation level * Supported
DescribeRsaPublicKey Describe Rsa Public Key Operation level * Supported
DescribeSocialAuthSourceById Describe Social Auth Source By Id Operation level * Supported
DescribeSyncConfigById Describe Sync Config By Id Operation level * Supported
DescribeTemplateConfig Describe Template Config Operation level * Supported
DescribeTreeDataByEquals Describe Tree Data By Equals Operation level * Supported
DescribeUniversalAuthSourceById Describe Universal Auth Source By Id Operation level * Supported
DescribeUser Describe User Operation level * Supported
DescribeUserById Describe User By Id Operation level * Supported
DescribeUserDetailById Describe User Detail By Id Operation level * Supported
DescribeUserGroupById Describe User Group By Id Operation level * Supported
DescribeUserGrowthTrend Describe User Growth Trend Operation level * Supported
DescribeUserPropertyById Describe User Property By Id Operation level * Supported
ListAttributeWithDefault List Attribute With Default Operation level * Supported
ListAuthSource List Auth Source Operation level * Supported
ListComponentType List Component Type Operation level * Supported
ListCustomUserAttr List Custom Use rAttr Operation level * Supported
ListInheritAttributes List Inherit Attributes Operation level * Supported
ListPartyThirdUserProperties List Party Third User Properties Operation level * Supported
ListSyncConfigs List Sync Configs Operation level * Supported
ListUserGroup List User Group Operation level * Supported
VerifyHostConfig Verify Host Config Operation level * Supported
VerifyTemplateConfig Verify Template Config Operation level * Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
ListApplicationByCondition List Application By Condition Operation level * Supported
ListJobs List Jobs Operation level * Supported
ListLogMessageByCondition List Log Message By Condition Operation level * Supported
ListLogPushConfig List LogPush Config Operation level * Supported
ListLogs List Logs Operation level * Supported
ListSocialAuthSourceByCondition List Social Auth Source By Condition Operation level * Supported
ListUniversalAuthSourceByCondition List Universal Auth Source By Condition Operation level * Supported
ListUser List User Operation level * Supported
ListUserAddEditPage List User Add Edit Page Operation level * Supported
ListUserByProperty List User By Property Operation level * Supported
ListUserGroups List User Groups Operation level * Supported
ListUserPropertyByCondition List User Property By Condition Operation level * Supported
ListUserStore List User Store Operation level * Supported
이전 주제: Video Moderation System다음 주제: Risk Control Engine

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백