Resource-level Permission refers to the ability to specify which resources users have the ability to perform operations on. HDD cloud disk (CBS) supports resource-level Permission, which means to control when users are allowed to perform operations or specific resources that users are allowed to use for CBS operations that support resource-level Permission.
The types of resources that can be authorized in Access's management (Cloud Access Management,CAM) are as follows:
| Resource Type | Resource description method in Authorization Policy |
|---|---|
| HDD cloud disk is related to an example. | qcs::cvm:$region::volume/*HDD cloud disk is related to an example. This paper introduces the CBS API operations that currently support resource-level Permission, as well as the resources and conditional keys supported by each operation. ** When setting the resource path, ** You need to set the $region 、 $account The parameters of variables such as those can be modified to your actual parameter information, and you can also use the * Wildcards. For examples of related operations, see Access Management example . |
The CBS API operation not listed in the table indicates that the API operation does not support resource-level Permission. For a API operation that does not support resource-level Permission, you can still grant Permission to the user who uses the operation, but the resource element of the policy statement must be specified as
*.
HDD cloud disk is related to an example.
| API operation | Resource path | Conditional key |
|---|---|---|
| AttachDisks | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| CreateDisks | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| DescribeDiskOperationLogs | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| DescribeDisks | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| DetachDisks | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| ModifyDiskAttributes | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| ModifyDisksChargeType | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| ModifyDisksRenewFlag | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| RenewDisk | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| ResizeDisk | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
| TerminateDisks | qcs::cvm:$region:$account:volume/*qcs::cvm:$region:$account:volume/$diskId |
cvm:region cvm:zone cvm:disk_type |
