tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation
    Download PDF

    Cloud HDFS

    Last updated: 2024-11-20 09:29:38
    Download PDF

      Fundamental information

      Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
      Cloud HDFS chdfs Supported Supported Resource level Partially supported

      Note:

      The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

      • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
      • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
      • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

      API authorization granularity

      Two authorization granularity levels of API are supported: resource level, and operation level.

      • Resource level: It supports the authorization of a specific resource.
      • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

      Write operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      AssociateAccessGroups associate access groups Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
      CreateAccessGroup create access group Resource level qcs::chdfs:$region:$account:vpc/$vpcId
      qcs::chdfs:$region:$account:unVpcId/$unVpcId      		 Supported
      CreateAccessRules batch create access rules Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
      CreateFileSystem create file system Operation level * Supported
      CreateInventoryConfig create inventory config Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      CreateLifeCycleRules batch create life cycle rules Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      CreateMountPoint create mount point Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      CreatePathProtectionRule create path protection rule Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      CreateRestoreTasks batch create restore tasks Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId not supported
      DeleteAccessGroup delete access group Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
      DeleteAccessRules batch delete access rules Resource level qcs::chdfs:${region}:uin/${uin}:accessgroup/$accessGroupId Supported
      DeleteFileSystem delete file system Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      DeleteInventoryConfig delete inventory config Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      DeleteLifeCycleRules batch delete life cycle rules Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      DeleteMountPoint delete mount point Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
      DeletePathProtectionRule delete path protection rule Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      DisassociateAccessGroups disassociate access groups Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
      ModifyAccessGroup modify access group Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
      ModifyAccessRules batch modify access rules Resource level qcs::chdfs:${region}:uin/${uin}:accessgroup/$accessGroupId Supported
      ModifyFileSystem modify file system Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      ModifyInventoryConfig modify inventory config Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      ModifyLifeCycleRules batch modify life cycle rules Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      ModifyMountPoint modify mount point Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
      ModifyPathProtectionRule modify path protection rule Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId not supported
      ModifyResourceTags modify resource tags Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported

      Read operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeAccessGroup describe access group Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
      DescribeFileSystem describe file system Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      DescribeMountPoint decribe mount point Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
      DescribeOverview describe overview Operation level * Supported

      List Operations

      API API Description Authorization Granularity Six-segment Resource Description IP Restriction
      DescribeAccessGroups describe access groups Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
      DescribeAccessRules describe access rules Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
      DescribeFileSystems describe file systems Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      DescribeInventoryConfigs describe inventory configs Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      DescribeLifeCycleRules describe life cycle rules Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      DescribeMountPoints describe mount points Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
      DescribePathProtectionRules describe path protection rules Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
      DescribeResourceTags describe resource tags Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
      DescribeRestoreTasks describe restore tasks Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId not supported
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy