Authorized resource types

Last updated: 2023-12-21 19:17:09

Last updated: 2023-12-21 19:17:09

Resource-level permissions refer to the ability to specify which resources users are allowed to perform operations on. CBS supports resource-level permissions. That is, you can specify when users are allowed to perform some CBS operations that support resource-level permissions or which resources users are allowed to use.
The types of resources that can be authorized in Cloud Access Management (CAM) are as follows:
Resource Type
Resource Description Method in Authorization Policy
CBS APIs
qcs::cvm:$region::volume/* 
CBS APIs describe CBS API operations that currently support resource-level permissions as well as resources and condition keys supported by each operation. When configuring the resource path, you need to replace variable parameters such as $region and $account with your actual parameters. You can also use the * wildcard in the path. For more information, see Console Example.
Caution:
CBS API operations not listed in the table do not support resource-level permissions. You can still authorize users to perform these operations, but the resource element of the policy statement must be specified as *.
CBS APIs
API Operation
Resource Path
Condition Key
Mount a cloud diskAttachDisks
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Create a cloud diskCreateDisks
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Query the list of cloud disk operation logsDescribeDiskOperationLogs
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Query the list of cloud disksDescribeDisks
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Unmount a cloud diskDetachDisks
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Modify the attributes of cloud disksModifyDiskAttributes
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Modify the billing mode of a cloud diskModifyDisksChargeType
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Modify the renewal flag of a cloud diskModifyDisksRenewFlag
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Renew a cloud diskRenewDisk
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Expand the capacity of a cloud diskResizeDisk
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
Return a cloud diskTerminateDisks
qcs::cvm:$region:$account:volume/*
qcs::cvm:$region:$account:volume/$diskId
cvm:region
cvm:zone
cvm:disk_type
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Resource Type	Resource Description Method in Authorization Policy
CBS APIs	`qcs::cvm:$region::volume/*`

API Operation	Resource Path	Condition Key
Mount a cloud diskAttachDisks	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Create a cloud diskCreateDisks	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Query the list of cloud disk operation logsDescribeDiskOperationLogs	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Query the list of cloud disksDescribeDisks	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Unmount a cloud diskDetachDisks	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Modify the attributes of cloud disksModifyDiskAttributes	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Modify the billing mode of a cloud diskModifyDisksChargeType	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Modify the renewal flag of a cloud diskModifyDisksRenewFlag	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Renew a cloud diskRenewDisk	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Expand the capacity of a cloud diskResizeDisk	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type
Return a cloud diskTerminateDisks	qcs::cvm:$region:$account:volume/* qcs::cvm:$region:$account:volume/$diskId	cvm:region cvm:zone cvm:disk_type

tencent cloud

CBS APIs