search by keyword

Recent Pages

Documentation
Cloud Virtual Machine
    Documentation

    Authorizable Resource Type

    Last updated: 2020-04-20 18:33:14

    Resource-level permission refers to the ability to specify which resources users are allowed to operate on. Cloud Virtual Machine(CVM) has partial support for resource-level permission. This means that for certain CVMs, you can control when users are allowed to operate on them, and what specific resources users are allowed to use. For example, you [authorize users to perform operations on specific CVMs in Guangzhou] (https://intl.cloud.tencent.com/document/product/213/10312).
    The types of resources can be authorized in Cloud Access Management (CAM) are as follows:

    Resource Type Resource Description Method in Authorization Policy
    CVM Instance qcs::cvm:$region::instance/*
    CVM Key qcs::cvm:$region::keypair/*
    CVM Image qcs::cvm:$region:$account:image/*

    CVM Instance, CVM Key and CVM Image introduce CVM API operations that currently support resource-level permission, as well as resources and condition keys supported by these CVM API operations. When configuring the resource path, you need to change variable parameters such as $ region, $ account into your actual parameter information. You can also use wildcard * in the path. For more information, see Operation Examples.

    CVM API operations not listed in the table do not support resource-level permission. You can still authorize a user to perform these operations, but you must specify * as the resource element in the policy statement.

    CVM Instance

    API Operation Resource Path Condition Key
    DescribeInstanceInternetBandwidthConfigs qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ModifyInstanceInternetChargeType qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ModifyInstancesAttribute qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ModifyInstancesProject qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ModifyInstancesRenewFlag qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    RebootInstances qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    RenewInstances qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ResetInstance qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId
    qcs::cvm:$region:$account:image/*
    qcs::cvm:$region:$account:image/$imageId
    qcs::cvm:$region:$account:keypair/*
    qcs::cvm:$region:$account:keypair/$keyId
    qcs:::cvm:$region:$account:systemdisk/*    		 cvm:region
    cvm:zone
    cvm:instance_type
    ResetInstancesInternetMaxBandwidth qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ResetInstancesPassword qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ResetInstancesType qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    ResizeInstanceDisks qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    RunInstances qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:image/*
    qcs::cvm:$region:$account:image/$imageId
    qcs::cvm:$region:$account:keypair/*
    qcs::cvm:$region:$account:keypair/$keyId
    qcs::cvm:$region:$account:sg/*
    qcs::cvm:$region:$account:sg/$sgId
    qcs::vpc:$region:$account:subnet/*
    qcs::vpc:$region:$account:subnet/$subnetId
    qcs:::cvm:$region:$account:systemdisk/*
    qcs::cvm:$region:$account:datadisk/*
    qcs::vpc:$region:$account:vpc/*
    qcs::vpc:$region:$account:vpc/$vpcId    		 cvm:region
    cvm:zone
    cvm:instance_type
    StartInstances qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    StopInstances qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type
    TerminateInstances qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId    		 cvm:region
    cvm:zone
    cvm:instance_type

    CVM Key

    API Operation Resource Path Condition Key
    AssociateInstancesKeyPairs qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId
    qcs::cvm:$region:$account:keypair/*
    qcs::cvm:$region:$account:keypair/$keyId    		 -
    CreateKeyPair qcs::cvm:$region:$account:keypair/* -
    DeleteKeyPairs qcs::cvm:$region:$account:keypair/*
    qcs::cvm:$region:$account:keypair/$keyId    		 -
    DescribeKeyPairs qcs::cvm:$region:$account:keypair/* -
    DescribeKeyPairsAttribute qcs::cvm:$region:$account:keypair/*
    qcs::cvm:$region:$account:keypair/$keyId    		 -
    DisassociateInstancesKeyPairs qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId
    qcs::cvm:$region:$account:keypair/*
    qcs::cvm:$region:$account:keypair/$keyId    		 -
    ImportKeyPair qcs::cvm:$region:$account:keypair/* -
    ModifyKeyPairAttribute qcs::cvm:$region:$account:keypair/*
    qcs::cvm:$region:$account:keypair/$keyId    		 -

    CVM Image

    API Operation Resource Path Condition Key
    CreateImage qcs::cvm:$region:$account:instance/*
    qcs::cvm:$region:$account:instance/$instanceId
    qcs::cvm:$region:$account:image/*    		 cvm:region
    DeleteImages qcs::cvm:$region:$account:image/*
    qcs::cvm:$region:$account:image/$imageId    		 cvm:region
    DescribeImages qcs::cvm:$region:$account:image/* cvm:region
    DescribeImagesAttribute qcs::cvm:$region:$account:image/*
    qcs::cvm:$region:$account:image/$imageId    		 cvm:region
    DescribeImageSharePermission qcs::cvm:$region:$account:image/* cvm:region
    ModifyImageAttribute qcs::cvm:$region:$account:image/*
    qcs::cvm:$region:$account:image/$imageId    		 cvm:region
    ModifyImageSharePermission qcs::cvm:$region:$account:image/*
    qcs::cvm:$region:$account:image/$imageId    		 cvm:region
    SyncImages qcs::cvm:$region:$account:image/*
    qcs::cvm:$region:$account:image/$imageId    		 cvm:region

    Was this page helpful?

    Confirm

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Hide
    Submit a TicketContact Sales
    Help
    tencent
    Copyright © 2013-2020 Tencent Cloud. All Rights Reserved.
    Terms of ServicePrivacy PolicyCookie Policy