Authorizable Resource Type

Last updated: 2024-01-08 09:12:28

Resource-level permission refers to the ability to specify which resources users are allowed to operate on. Cloud Virtual Machine(CVM) has partial support for resource-level permission. This means that for certain CVMs, you can control when users are allowed to operate on them, and what specific resources users are allowed to use. For example, you authorize users to perform operations on specific CVMs in Guangzhou.
The types of resources can be authorized in Cloud Access Management (CAM) are as follows:
Resource Type
Resource Description Method in Authorization Policy
CVM Instance
qcs::cvm:$region::instance/* 
CVM Key
qcs::cvm:$region::keypair/*
CVM Image
qcs::cvm:$region:$account:image/*
CVM Instance, CVM Key and CVM Image introduce CVM API operations that currently support resource-level permission, as well as resources and condition keys supported by these CVM API operations. When configuring the resource path, you need to change variable parameters such as $ region,  $ account into your actual parameter information. You can also use wildcard * in the path. For more information, see Operation Examples.
Note:
CVM API operations not listed in the table do not support resource-level permission. You can still authorize a user to perform these operations, but you must specify * as the resource element in the policy statement.
CVM Instance
API Operation
Resource Path
Condition Key
DescribeInstanceInternetBandwidthConfigs
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ModifyInstanceInternetChargeType
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ModifyInstancesAttribute
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ModifyInstancesProject
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ModifyInstancesRenewFlag
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
RebootInstances
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
RenewInstances
qcs::cvm:$region:$account:instance/* 
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ResetInstance
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
qcs::cvm:$region:$account:systemdisk/*
cvm:region
cvm:zone
cvm:instance_type
ResetInstancesInternetMaxBandwidth
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ResetInstancesPassword
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ResetInstancesType
qcs::cvm:$region:$account:instance/* 
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ResizeInstanceDisks
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
RunInstances
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
qcs::cvm:$region:$account:sg/*
qcs::cvm:$region:$account:sg/$sgId
qcs::vpc:$region:$account:subnet/* 
qcs::vpc:$region:$account:subnet/$subnetId
qcs::cvm:$region:$account:systemdisk/*
qcs::cvm:$region:$account:datadisk/*
qcs::vpc:$region:$account:vpc/* 
qcs::vpc:$region:$account:vpc/$vpcId
cvm:region
cvm:zone
cvm:instance_type
StartInstances
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
StopInstances
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
TerminateInstances
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
CVM Key
API Operation
Resource Path
Condition Key
AssociateInstancesKeyPairs
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
CreateKeyPair
qcs::cvm:$region:$account:keypair/*
-
DeleteKeyPairs
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
DescribeKeyPairs
qcs::cvm:$region:$account:keypair/*
-
DescribeKeyPairsAttribute
qcs::cvm:$region:$account:keypair/*
 qcs::cvm:$region:$account:keypair/$keyId
-
DisassociateInstancesKeyPairs
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
ImportKeyPair
qcs::cvm:$region:$account:keypair/*
-
ModifyKeyPairAttribute
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
CVM Image
API Operation
Resource Path
Condition Key
CreateImage
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:image/*
cvm:region
DeleteImages
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
DescribeImages
qcs::cvm:$region:$account:image/*
cvm:region
DescribeImagesAttribute
qcs::cvm:$region:$account:image/*
 qcs::cvm:$region:$account:image/$imageId
cvm:region
DescribeImageSharePermission
qcs::cvm:$region:$account:image/*
cvm:region
ModifyImageAttribute
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
ModifyImageSharePermission
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
SyncImages
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
﻿

tencent cloud

Recent Pages

Authorizable Resource Type

CVM Instance

CVM Key

CVM Image

Was this page helpful?

Was this page helpful?

Resource Type	Resource Description Method in Authorization Policy
CVM Instance	`qcs::cvm:$region::instance/*`
CVM Key	`qcs::cvm:$region::keypair/*`
CVM Image	`qcs::cvm:$region:$account:image/*`

API Operation	Resource Path	Condition Key
DescribeInstanceInternetBandwidthConfigs	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ModifyInstanceInternetChargeType	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ModifyInstancesAttribute	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ModifyInstancesProject	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ModifyInstancesRenewFlag	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
RebootInstances	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
RenewInstances	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ResetInstance	`qcs::cvm:$region:$account:instance/` `qcs::cvm:$region:$account:instance/$instanceId` `qcs::cvm:$region:$account:image/` `qcs::cvm:$region:$account:image/$imageId` `qcs::cvm:$region:$account:keypair/` `qcs::cvm:$region:$account:keypair/$keyId` `qcs::cvm:$region:$account:systemdisk/`	cvm:region cvm:zone cvm:instance_type
ResetInstancesInternetMaxBandwidth	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ResetInstancesPassword	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ResetInstancesType	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
ResizeInstanceDisks	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
RunInstances	`qcs::cvm:$region:$account:instance/` `qcs::cvm:$region:$account:image/` `qcs::cvm:$region:$account:image/$imageId` `qcs::cvm:$region:$account:keypair/` `qcs::cvm:$region:$account:keypair/$keyId` `qcs::cvm:$region:$account:sg/` `qcs::cvm:$region:$account:sg/$sgId` `qcs::vpc:$region:$account:subnet/` `qcs::vpc:$region:$account:subnet/$subnetId` `qcs::cvm:$region:$account:systemdisk/` `qcs::cvm:$region:$account:datadisk/` `qcs::vpc:$region:$account:vpc/` `qcs::vpc:$region:$account:vpc/$vpcId`	cvm:region cvm:zone cvm:instance_type
StartInstances	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
StopInstances	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type
TerminateInstances	`qcs::cvm:$region:$account:instance/*` `qcs::cvm:$region:$account:instance/$instanceId`	cvm:region cvm:zone cvm:instance_type

tencent cloud

Sign Up

Log in

Recent Pages

Authorizable Resource Type

CVM Instance

CVM Key

CVM Image

Was this page helpful?

Was this page helpful?