Product |
Abbreviation in CAM |
Console |
Authorization by Tag |
Authorization Granularity |
IP Restriction |
Media Processing Service |
mps |
Supported |
not supported |
Resource level |
Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
CreateResource |
create new resource |
Resource level |
qcs::mps::uin/${uin}:vts/* |
Supported |
DeleteAdaptiveDynamicStreamingTemplate |
DeleteAdaptiveDynamicStreamingTemplate |
Operation level |
* |
Supported |
DisassociateSecurityGroup |
Unbind security groups in batches. |
Operation level |
* |
Supported |
ModifyAdaptiveDynamicStreamingTemplate |
ModifyAdaptiveDynamicStreamingTemplate |
Operation level |
* |
Supported |
ModifyResource |
modify resource |
Resource level |
qcs::mps::uin/${uin}:vts/${ResourceId} |
Supported |
ModifyUserInfo |
ModifyUserInfo |
Operation level |
* |
Supported |
ProcessMedia |
ProcessMedia |
Resource level |
qcs::mps::uin/${uin}:vts/* |
Supported |
ResumeResource |
resume resource |
Resource level |
qcs::mps::uin/${uin}:vts/${ResourceId} |
Supported |
Read operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
DescribeAdaptiveDynamicStreamingTemplates |
DescribeAdaptiveDynamicStreamingTemplates |
Operation level |
* |
Supported |
DescribeGroupAttachFlowsById |
Process information associated with security group contrast. |
Operation level |
* |
Supported |
DescribeResourceList |
query resource list |
Resource level |
qcs::mps::uin/${uin}:vts/* |
Supported |
ParseLiveStreamProcessNotification |
ParseLiveStreamProcessNotification |
Resource level |
qcs::mps::uin/${uin}:subAppId/${SubAppId} |
Supported |
Other Operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
IsolateResource |
isolate user resource |
Resource level |
qcs::mps::uin/${uin}:vts/${ResourceId} |
Supported |
Was this page helpful?