CAM policy:
{
"version":"2.0",
"statement":
[
{
"effect":"effect",
"action":["action"],
"resource":["resource"],
"condition": {"key":{"value"}}
}
]
}
"2.0"
.
In a CAM policy statement, you can specify any API operation from any service that supports CAM. For CBS, use the APIs prefixed with name/cvm:
, for example, name/cvm:CreateDisks
or name/cvm:DescribeDisks
.
To specify multiple operations in a single statement, separate them with commas, as shown below.
"action":["name/cvm:action1","name/cvm:action2"]
You can also use a wildcard to specify multiple operations. For example, you can specify all operations whose names begin with "Describe", as shown below.
"action":["name/cvm:Describe*"]
To specify all operations in CVM, use the wildcard *
as follows.
"action":["name/cvm:*"]
Every CAM policy statement contains the resources applicable to the policy itself. The general format of a resource path is shown below.
qcs:project_id:service_type:region:account:resource
You can specify a CBS resource in the statement, for example, "disk-abcdefg", as shown below.
"resource":[ "qcs::cvm:bj:uin/164256472:volume/disk-abcdefg"]
You can also use the wildcard *
to specify all CBS resources under an account, as shown below.
"resource":[ "qcs::cvm:bj:uin/164256472:volume/*"]
To specify all resources, or if an API operation does not support resource-level permission control, you can use the wildcard *
in the resource element, as shown below.
"resource": ["*"]
To specify multiple resources in one statement, separate them with commas. In the following example, two resources are specified.
"resource":["resource1","resource2"]
In a policy statement, you can choose to specify the conditions for the policy to take effect. Each condition contains one or more key-value pairs. Condition keys are case-insensitive.
Condition Key | Reference Type | Key-Value Pair |
---|---|---|
cvm:region |
String |
cvm:region=
|
cvm:disk_type |
String |
cvm:disk_type=
|
Was this page helpful?