tencent cloud

Feedback

Granting Policy

Last updated: 2024-08-07 22:06:37

    Custom Policy for TMP

    If preset policies cannot meet your needs, you can click Create Custom Policy to create custom policies.
    
    
    
    For the method of custom policy creation, please see Setting Policy.

    Policy Authorization

    A configured policy can grant permissions by associating user groups or sub-users.
    
    
    

    Resource Types Authorizable by Custom Policy

    Resource-Level permission can be used to specify which resources a user can manipulate. TMP supports certain resource-level permissions. This means that for TMP operations that support resource-level permission, you can control the time when a user is allowed to perform operations or to use specified resources. The following table describes the types of resources that can be authorized in CAM.
    Resource Type
    Resource Description Method in Authorization Policy
    TMP
    qcs::monitor:$region:$account:prom-instance/*
    qcs::monitor:$region:$account:prom-instance/$instanceId
    The following table describes the TMP API operations that currently support resource-level permissions. When setting a policy, you can enter the API operation name in the action field to control the individual API. You can also use * as a wildcard to set the action.

    List of APIs supporting resource-level authorization

    API Operation
    API Description
    DescribePrometheusInstances
    Lists all TMP instances of the user
    TerminatePrometheusInstances
    Terminates TMP instance
    RecreatePrometheusInstance
    Reboots TMP instance
    ModifyPrometheusInstanceAttributes
    Modifies TMP instance attributes
    ChangeGrafanaAdminPassword
    Changes Grafana admin Password
    UpgradeGrafanaDashboard
    Upgrades Grafana dashboard
    DescribePrometheusKubeClusters
    Lists TKE clusters that can be integrated with TMP
    InstallPrometheusAgent
    Installs Prometheus agent
    UninstallPrometheusAgent
    Uninstalls Prometheus agent
    DescribeServiceDiscovery
    Lists TMP scrape configurations
    CreateServiceDiscovery
    Creates TMP scrape configuration
    UpdateServiceDiscovery
    Updates TMP scrape configuration
    DeleteServiceDiscovery
    Deletes TMP scrape configuration
    DescribePrometheusKubeBasicMonitor
    Queries basic monitoring status
    EnablePrometheusKubeBasicMonitor
    Enables basic monitoring
    DisablePrometheusKubeBasicMonitor
    Disables basic monitoring
    DescribePrometheusAgentRuntime
    Gets the runtime status of Prometheus agent
    DescribePrometheusJobTargets
    Lists the status information of TMP metric scrape tasks
    DescribeRecordingRules
    Queries recording rules
    CreateRecordingRule
    Creates recording rule
    UpdateRecordingRule
    Updates recording rule
    DeleteRecordingRules
    Deletes recording rule
    DescribeAlertRules
    Queries alarming rules
    DeleteAlertRules
    Deletes alarming rule
    UpdateAlertRuleState
    Updates alarming rule status
    CreateAlertRule
    Creates alarming rule
    UpdateAlertRule
    Updates alarming rule

    List of APIs not supporting resource-level authorization

    For TMP API operations that don't support resource-level authorization, you can still authorize a user to perform them, but you must specify * as the resource element in the policy statement.
    API Operation
    API Description
    CreatePrometheusInstance
    Creates TMP instance
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support