Authorizable Resource Types

Recent Pages

Authorizable Resource Types

Last updated: 2024-09-26 15:34:19

Resource-level permissions can be used to specify which resources a user can operate with. 
Tencent Smart Advisor-Chaotic Fault Generator (CFG) supports certain resource-level permissions. This means that for Chaotic Fault Generator operations that support resource-level permissions. You can control when to allow users to perform operations or use specified resources.
Authorizable resource types in Cloud Access Management (CAM) are as follows:
Resource Type
Resource Description Method in Authorization Policy
CFG Experiment Task Related
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
CFG Template Library Related
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
CFG Custom Action Related
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
The following table describes API operations that currently support resource-level permissions in the CFG policy and the resources and condition keys supported by each operation. When specifying resource paths, you can use the * wildcard in the paths.
List of APIs that support resource-level authorization
Experiment Related
API Call Sequence
Resource Path
DeleteTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskExecuteLogs
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskList
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskStatistics
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskStatisticsOperateCondition
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
EditTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ExecuteTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ExecuteTaskInstance
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ModifyTaskResult
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ModifyTaskStatus
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
Template Library Related
API Call Sequence
Resource Path
DeleteTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
DescribeTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
DescribeTemplateList
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
EditTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
ModifyTemplateIsUsed
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
Action Library Related
API Call Sequence
Resource Path
DescribeActionLibraryList
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
DeleteCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
UpdateCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
DescribeCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
List of APIs not Supporting Resource-level Authorization
For API operations that do not support resource-level permissions in the CFG policy, you can still grant user permissions to use these operations, but you must specify the resource element of the policy statement as *.
API Call Sequence
API Description
CreateTask
This API is used to create an experiment.
CreateTemplate
This API is used to create a template library.
CreateCustomAction
This API is used to create the custom action.
DescribeActionFieldConfigList
This API is used to obtain the action field configuration parameter list.
DescribeActionLibraryList
This API is used to obtain the action library list.
DescribeCamIdentity
This API is used to obtain user CAM service authorization information.
DescribeNoticeId
This API is used to obtain the user notification template ID.
DescribeObjectMetrics
This API is used to obtain monitoring metric information of object types.
DescribeObjectTypeList
This API is used to query the object type list.
DescribeRegionList
This API is used to query the region list.

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

Resource Type	Resource Description Method in Authorization Policy
CFG Experiment Task Related	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
CFG Template Library Related	`qcs::cfg::$account:template/*` `qcs::cfg::$account:template/$TemplateId`
CFG Custom Action Related	`qcs::cfg::$account:actionid/*` `qcs::cfg::$account:actionid/$ActionId`

API Call Sequence	Resource Path
DeleteTask	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
DescribeTask	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
DescribeTaskExecuteLogs	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
DescribeTaskList	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
DescribeTaskStatistics	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
DescribeTaskStatisticsOperateCondition	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
EditTask	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
ExecuteTask	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
ExecuteTaskInstance	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
ModifyTaskResult	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`
ModifyTaskStatus	`qcs::cfg:$region:$account:taskid/*` `qcs::cfg:$region:$account:taskid/$TaskId`

API Call Sequence	Resource Path
DeleteTemplate	`qcs::cfg::$account:template/*` `qcs::cfg::$account:template/$TemplateId`
DescribeTemplate	`qcs::cfg::$account:template/*` `qcs::cfg::$account:template/$TemplateId`
DescribeTemplateList	`qcs::cfg::$account:template/*` `qcs::cfg::$account:template/$TemplateId`
EditTemplate	`qcs::cfg::$account:template/*` `qcs::cfg::$account:template/$TemplateId`
ModifyTemplateIsUsed	`qcs::cfg::$account:template/*` `qcs::cfg::$account:template/$TemplateId`

API Call Sequence	Resource Path
DescribeActionLibraryList	`qcs::cfg::$account:actionid/*` `qcs::cfg::$account:actionid/$ActionId`
DeleteCustomAction	`qcs::cfg::$account:actionid/*` `qcs::cfg::$account:actionid/$ActionId`
UpdateCustomAction	`qcs::cfg::$account:actionid/*` `qcs::cfg::$account:actionid/$ActionId`
DescribeCustomAction	`qcs::cfg::$account:actionid/*` `qcs::cfg::$account:actionid/$ActionId`

tencent cloud

Recent Pages

Authorizable Resource Types

List of APIs that support resource-level authorization

Experiment Related

Template Library Related

Action Library Related

List of APIs not Supporting Resource-level Authorization

Was this page helpful?

Was this page helpful?

API Call Sequence	API Description
CreateTask	This API is used to create an experiment.
CreateTemplate	This API is used to create a template library.
CreateCustomAction	This API is used to create the custom action.
DescribeActionFieldConfigList	This API is used to obtain the action field configuration parameter list.
DescribeActionLibraryList	This API is used to obtain the action library list.
DescribeCamIdentity	This API is used to obtain user CAM service authorization information.
DescribeNoticeId	This API is used to obtain the user notification template ID.
DescribeObjectMetrics	This API is used to obtain monitoring metric information of object types.
DescribeObjectTypeList	This API is used to query the object type list.
DescribeRegionList	This API is used to query the region list.

tencent cloud

Sign Up

Log in

Recent Pages

Authorizable Resource Types

List of APIs that support resource-level authorization

Experiment Related

Template Library Related

Action Library Related

List of APIs not Supporting Resource-level Authorization

Was this page helpful?

Was this page helpful?