Project-level Permission explanation

Last updated: 2020-03-19 17:57:05


Policy creation

If you need to refine the authorization operations at the project level, such as data query, Purge and Prefetch, and domain name management operations to different sub-accounts, you can use the following steps to create a policy:

  1. Login Access Management console Click the Policy of Directory on the left.

  2. Click [Create Custom Policy], and then select [create by Features or project Permission]

  3. Fill in the policy name as required, and check "content Distribution Network" in the service type below.

  4. Open the action set that needs to be authorized and the Associate project (the default project cannot be authorized), and then associate with sub-users.

Resource level & project level

Currently, the operation sets are classified and the corresponding OPEN API2.0 and OPEN API3.0 APIs are shown below. Sub-users with the operation set Permission can call the 2.0 and 3.0 APIs in the list for any domain name in the Permission project:

Permission assemble API2.0 API3.0 Whether authorization is required
Query consumption data and statistics DescribeCdnHostInfo DescribeCdnHostDetailedInfo GetCdnStatusCode
DescribeCdnData DescribeOriginData
Query domain name information GetHostInfoById
Query CDN log download link GenerateLogList
DescribeCdnDomainLogs Yes
Add Domain Name AddCdnHost AddCdnDomain Yes
Activate / deactivate domain name OnlineHost OfflineHost StartCdnDomain
Delete domain name DeleteCdnHost DeleteCdnDomain Yes
Modify domain name configuration UpdateCdnConfig UpdateDomainConfig Yes
Purge and Prefetch RefreshCdnDir
Service query QueryCdnIp (no authorization required) DescribeCdnIp Yes

Console Permission

  • View consumption data and statistics: if the policy enables "View consumption data and Statistics" and Associate project, you can view the following module information on the console:
    • Overview page: data display module only
    • Statistical analysis: real-time monitoring
    • Statistical analysis: data analysis
    • Entire network data monitoring
  • Query domain name information: if the policy enables "query Domain name Information" and Associate project, view the list of domain names and detailed configuration information in Permission's project on the "Domain name Management" page of the console.
  • Query CDN log download link: if the policy enables [query CDN Log download Link] and Associate project, you can query the Access log download link on the Log Service page in the console.
  • Add domain name: if the policy enables "add Domain name" and Associate project, you can add a domain name to the specified project.
  • Activate / deactivate domain name: if the strategy enables the [Activate / deactivate domain name] and Associate project, you can specify the accelerated domain name in the project by Activate / deactivate.
  • Delete domain name: if the policy enables "Delete Domain name" and Associate project, you can delete the accelerated domain name in the specified project. The domain name must be deactivate. Therefore, if you need to delete a domain name with Activate status, you need to have [Activate / deactivate domain name] Permission.
  • Modify domain name configuration: if the policy enables "modify Domain name configuration" and Associate project, you can modify the accelerated domain name configuration in the specified project.
  • Purge and Prefetch: if the strategy opens the [Purge and Prefetch] and Associate project, you can submit the corresponding refresh, prefetch (whitelist) job on the "Refresh Cache" page, and query the execution status of Purge and Prefetch and job.