Tencent Cloud

Recent Pages

Authorized resource types

Last updated: 2020-07-09 18:32:22

Resource-level permissions specify which resources a user can manipulate. Cloud Block Storage (CBS) supports resource-level permission on some CBS operations that control which resources and when a user can manipulate.
The following table describes the types of resources that can be authorized in Cloud Access Management (CAM):

Resource Type	Resource Description Method in the Authorization Policy
CBS APIs	`qcs::cvm:$region::volume/*`

The CBS APIs describe the CBS API operations which currently support resource-level permission control as well as the resources and condition keys supported by each operation. When setting the resource path, you need to replace the variable parameters such as $region and $account with your actual parameters. You can also use the * wildcard in the path. For related operation examples, see Console Example.

Note：
CBS API operations not listed in the table do not support resource-level permission. You can still authorize a user to perform these operations, but you must specify * as the resource element in the policy statement.

CBS APIs

API Operation	Resource Path	Condition Key
Mount a cloud disk AttachDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Create a cloud disk CreateDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Query the list of cloud disk operation logs DescribeDiskOperationLogs	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Query the list of cloud disks DescribeDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Unmount a cloud disk DetachDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Modify the attributes of cloud disks ModifyDiskAttributes	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Change the billing mode of an elastic cloud disk ModifyDisksChargeType	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Modify the renewal flag of a cloud disk ModifyDisksRenewFlag	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Renew a cloud disk RenewDisk	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Expand the capacity of a cloud disk ResizeDisk	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Return a cloud disk TerminateDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type