Documentation | Tencent Cloud

Recent Pages

Authorized resource types

Last updated: 2020-07-20 11:03:27

Resource-level permissions refer to the ability to specify which resources users are allowed to perform operations on. CBS supports resource-level permissions. That is, you can specify when users are allowed to perform some CBS operations that support resource-level permissions or which resources users are allowed to use.
The types of resources that can be authorized in Cloud Access Management (CAM) are as follows:

Resource Type	Resource Description Method in Authorization Policy
CBS APIs	`qcs::cvm:$region::volume/*`

CBS APIs describe CBS API operations that currently support resource-level permissions as well as resources and condition keys supported by each operation. When configuring the resource path, you need to replace variable parameters such as $region and $account with your actual parameters. You can also use the * wildcard in the path. For more information, see Console Example.

Note：
CBS API operations not listed in the table do not support resource-level permissions. You can still authorize users to perform these operations, but the resource element of the policy statement must be specified as *.

CBS APIs

API Operation	Resource Path	Condition Key
Mount a cloud disk AttachDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Create a cloud disk CreateDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Query the list of cloud disk operation logs DescribeDiskOperationLogs	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Query the list of cloud disks DescribeDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Unmount a cloud disk DetachDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Modify the attributes of cloud disks ModifyDiskAttributes	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Modify the billing mode of a cloud disk ModifyDisksChargeType	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Modify the renewal flag of a cloud disk ModifyDisksRenewFlag	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Renew a cloud disk RenewDisk	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Expand the capacity of a cloud disk ResizeDisk	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type
Return a cloud disk TerminateDisks	`qcs::cvm:$region:$account:volume/*` `qcs::cvm:$region:$account:volume/$diskId`	cvm:region cvm:zone cvm:disk_type