tencent cloud

Feedback

Authorizable Resource Types

Last updated: 2022-04-18 15:02:55

    Overview

    CLS provides various types of resources. Some of its APIs allow you to configure user permissions based on resources. See here for examples.
    The following table lists the types of resources that can be authorized in Cloud Access Management (CAM). Note that authorization by tag indicates whether a tag can be used to specify the range of resources on which users have operation permissions.

    Resource Type Resource Description Method in Access Policies Authorization by Tag
    Logset qcs::cls:$region:$account:logset/*
    qcs::cls:$region:$account:logset/$logsetId
    Supported
    Log topic qcs::cls:$region:$account:topic/*
    qcs::cls:$region:$account:topic/$topicId
    Supported
    Machine group qcs::cvm:$region:$account:machinegroup/*
    qcs::cvm:$region:$account:machinegroup/$machinegroupId
    Supported
    Collection configuration qcs::cls:$region:$account:config/*
    qcs::cls:$region:$account:config/$configId
    Not supported
    Dashboard qcs::cls:$region:$account:dashboard/*
    qcs::cls:$region:$account:dashboard/$dashboardId
    Supported
    Alarm policy qcs::cls:$region:$account:alarm/*
    qcs::cls:$region:$account:alarm/$alarmId
    Not supported
    Notification channel group qcs::cls:$region:$account:alarmNotice/*
    qcs::cls:$region:$account:alarmNotice/$alarmNoticeId
    Not supported
    Data processing task qcs::cls:$region:uin/$account:datatransform/*
    qcs::cls:$region:uin/$account:datatransform/$TaskId
    Not supported
    Shipping task (COS) qcs::cls:$region:$account:shipper/*
    qcs::cls:$region:$account:shipper/$shipperId
    Not supported
    Other resource types (disused; used by APIs of earlier versions only) Single chart in the dashboard:
    qcs::cls:$region:$account:chart/*
    qcs::cls:$region:$account:chart/$chartId
    Not supported

    You need to change the variable parameters such as $region and $account to your actual parameter information.

    For all the APIs supported by CLS and their resource description methods, see here. APIs adopting the authorization granularity of resource support user permission configuration by using the methods of the corresponding resource types described above. For APIs adopting the authorization granularity of API, the corresponding resource range in a CAM permission policy must be *.

    Practice

    Different types of resources in CLS are associated with each other. For example, log sets contain log topics, and log topics must apply collection configuration to machine groups. Directly configuring user permissions in CAM permission policies according to resource IDs results in difficult management and is likely to cause the error where users do not have permissions on some APIs. Therefore, you are advised to configure CAM permission policies as follows:

    For more use cases, see Examples of Custom Access Policies.

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support