- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Data Security APIs
- PutSecretValue
- RestoreSecret
- ListSecretVersionIds
- GetServiceStatus
- CreateSSHKeyPairSecret
- UpdateRotationStatus
- CreateSecret
- DeleteSecret
- DeleteSecretVersion
- DescribeSecret
- DisableSecret
- EnableSecret
- GetRegions
- GetSecretValue
- UpdateDescription
- UpdateSecret
- GetSSHKeyPairValue
- CreateProductSecret
- DescribeAsyncRequestInfo
- DescribeRotationDetail
- RotateProductSecret
- DescribeRotationHistory
- ListSecrets
- Other APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Data Security APIs
- PutSecretValue
- RestoreSecret
- ListSecretVersionIds
- GetServiceStatus
- CreateSSHKeyPairSecret
- UpdateRotationStatus
- CreateSecret
- DeleteSecret
- DeleteSecretVersion
- DescribeSecret
- DisableSecret
- EnableSecret
- GetRegions
- GetSecretValue
- UpdateDescription
- UpdateSecret
- GetSSHKeyPairValue
- CreateProductSecret
- DescribeAsyncRequestInfo
- DescribeRotationDetail
- RotateProductSecret
- DescribeRotationHistory
- ListSecrets
- Other APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Authorizable Resource Types
Resource-level permission refers to the capability to specify resources that an account can perform operations on. Some SSM APIs support operations on secrets using resource-level permissions. This can control when a user can perform operations and whether the user can use specific resources.
For example, if you allow a user to have access to secrets in the Guangzhou region, the authorizable resource type in CAM is as follows:
qcs::ssm:ap-guangzhou:uin/${uin}:*qcs::ssm:ap-guangzhou::*
If you authorize an API to access all secrets created by a certain UIN, the resource type is as follows:
qcs::ssm:$region:uin/$uin:secret/creatorUin/*
If you authorize an API to access a certain secret, the resource type is as follows:
qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName
Where,
$region: region$uin: root account ID$creatorUin: account ID of the creator of the resource$secretName: name of the secret that requires configurationResource-level Authorization APIs
The resource paths of the
DeleteSecretVersion, UpdateDescription, RestoreSecret, EnableSecret, PutSecretValue, DescribeSecret, UpdateSecret, DeleteSecret, GetSecretValue, DisableSecret, and ListSecretVersionIds APIs are as follows:qcs::ssm:$region:uin/$uin:secret/*qcs::ssm:$region:uin/$uin:secret/creatorUin/*qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName
API-level Authorization List
API | Description |
CreateSecret | Creates a secret |
GetRegions | Obtains the list of available regions to be displayed on the console |
GetServiceStatus | Obtains the service status, which can be used to determine whether the service is activated |
ListSecrets | Obtains the information list of all secrets |
Yes
No
Was this page helpful?