Tencent Smart Advisor
- Product Introduction
- Getting Started
- Quick Start to TSA - Chaotic Fault Generator
- Operation Guide
- Operation Guide to TSA - Cloud Risk Assessment
- Operation Guide to TSA - Chaotic Fault Generator
- Template Library
- Experiments
- Fault Action
- Guardrail Monitoring
- Fault Action Library
- Compute
- Database
- Container
- Big Data
- Cloud Load Balancer
- Message Queue
- Direct Connect
- Custom Actions
- Permission Management
- Permission Management Guide to TSA - Chaotic Fault Generator
- Related Protocol
DocumentationTencent Smart AdvisorOperation GuidePermission ManagementPermission Management Guide to TSA - Chaotic Fault GeneratorAuthorizable Resource Types
Authorizable Resource Types
Last updated: 2025-03-24 15:29:52
Resource-level permissions can be used to specify which resources a user can operate with.
Tencent Cloud Smart Advisor-Chaotic Fault Generator (CFG) supports certain resource-level permissions. This means that for Chaotic Fault Generator operations that support resource-level permissions. You can control when to allow users to perform operations or use specified resources.
Authorizable resource types in Cloud Access Management (CAM) are as follows:
Resource Type | Resource Description Method in Authorization Policy |
CFG Experiment Task Related | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
CFG Template Library Related | qcs::cfg::$account:template/*qcs::cfg::$account:template/$TemplateId |
CFG Custom Action Related | qcs::cfg::$account:actionid/*qcs::cfg::$account:actionid/$ActionId |
The following table describes API operations that currently support resource-level permissions in the CFG policy and the resources and condition keys supported by each operation. When specifying resource paths, you can use the * wildcard in the paths.
List of APIs that support resource-level authorization
Experiment Related
API Call Sequence | Resource Path |
DeleteTask | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
DescribeTask | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
DescribeTaskExecuteLogs | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
DescribeTaskList | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
DescribeTaskStatistics | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
DescribeTaskStatisticsOperateCondition | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
EditTask | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
ExecuteTask | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
ExecuteTaskInstance | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
ModifyTaskResult | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
ModifyTaskStatus | qcs::cfg:$region:$account:taskid/*qcs::cfg:$region:$account:taskid/$TaskId |
Template Library Related
API Call Sequence | Resource Path |
DeleteTemplate | qcs::cfg::$account:template/*qcs::cfg::$account:template/$TemplateId |
DescribeTemplate | qcs::cfg::$account:template/*qcs::cfg::$account:template/$TemplateId |
DescribeTemplateList | qcs::cfg::$account:template/*qcs::cfg::$account:template/$TemplateId |
EditTemplate | qcs::cfg::$account:template/*qcs::cfg::$account:template/$TemplateId |
ModifyTemplateIsUsed | qcs::cfg::$account:template/*qcs::cfg::$account:template/$TemplateId |
Action Library Related
API Call Sequence | Resource Path |
DescribeActionLibraryList | qcs::cfg::$account:actionid/*qcs::cfg::$account:actionid/$ActionId |
DeleteCustomAction | qcs::cfg::$account:actionid/*qcs::cfg::$account:actionid/$ActionId |
UpdateCustomAction | qcs::cfg::$account:actionid/*qcs::cfg::$account:actionid/$ActionId |
DescribeCustomAction | qcs::cfg::$account:actionid/*qcs::cfg::$account:actionid/$ActionId |
List of APIs not Supporting Resource-level Authorization
For API operations that do not support resource-level permissions in the CFG policy, you can still grant user permissions to use these operations, but you must specify the resource element of the policy statement as *.
API Call Sequence | API Description |
CreateTask | This API is used to create an experiment. |
CreateTemplate | This API is used to create a template library. |
CreateCustomAction | This API is used to create the custom action. |
DescribeActionFieldConfigList | This API is used to obtain the action field configuration parameter list. |
DescribeActionLibraryList | This API is used to obtain the action library list. |
DescribeCamIdentity | This API is used to obtain user CAM service authorization information. |
DescribeNoticeId | This API is used to obtain the user notification template ID. |
DescribeObjectMetrics | This API is used to obtain monitoring metric information of object types. |
DescribeObjectTypeList | This API is used to query the object type list. |
DescribeRegionList | This API is used to query the region list. |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No