CloudAudit
最終更新日:2025-12-14 09:03:29
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Cloud Audit | cloudaudit | Supported | not supported | Operation level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CreateAudit | CreateAudit | Operation level | * | Supported |
| CreateAuditTrack | CreateAuditTrack | Operation level | * | Supported |
| CreateEventBridgeTrack | CreateEventBridgeTrack | Operation level | * | Supported |
| CreateEventsAuditTrack | CreateEventsAuditTrack | Operation level | * | Supported |
| DeleteAudit | DeleteAudit | Operation level | * | Supported |
| DeleteAuditTrack | DeleteAuditTrack | Operation level | * | Supported |
| DeleteExport | DeleteExport | Operation level | * | Supported |
| ModifyAuditTrack | ModifyAuditTrack | Operation level | * | Supported |
| ModifyEventsAuditTrack | ModifyEventsAuditTrack | Operation level | * | Supported |
| StartLogging | Operation level | * | Supported | |
| UpdateAudit | UpdateAudit | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAuditTrack | DescribeAuditTrack | Operation level | * | Supported |
| DescribeAuditTracks | DescribeAuditTracks | Operation level | * | Supported |
| DescribeAudits | DescribeAudits | Operation level | * | not supported |
| DescribeEventBridgeTracks | DescribeEventBridgeTracks | Operation level | * | Supported |
| DescribeEventParams | DescribeEventParams | Operation level | * | not supported |
| DescribeEvents | DescribeEvents | Operation level | * | Supported |
| DescribeExports | DescribeExports | Operation level | * | Supported |
| DescribeInterfaces | DescribeInterfaces | Operation level | * | Supported |
| DescribeProducts | DescribeProducts | Operation level | * | Supported |
| DescribeRecentlyLoginExcludeMina | DescribeRecentlyLoginExcludeMina | Operation level | * | Supported |
| GetAttributeKey | GetAttributeKey | Operation level | * | Supported |
| GetEventNameSearchValue | Get the range of events that can be retrieved | Operation level | * | Supported |
| GetSearchValueRange | GetSearchValueRange | Operation level | * | Supported |
| ListAudits | ListAudits | Operation level | * | Supported |
| ListCosBuckets | Operation level | * | not supported | |
| ListCosEnableRegion | ListCosEnableRegion | Operation level | * | Supported |
| ListDetectors | ListDetectors | Operation level | * | Supported |
| ListIpSets | ListIpSets | Operation level | * | Supported |
| LookUpEvents | LookUpEvents | Operation level | * | Supported |
| LookupEvents | search log | Operation level | * | Supported |
| LookupSensitiveEvents | Search sensitive operation records | Operation level | * | not supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeTrackLogExportTasks | DescribeTrackLogExportTasks | Operation level | * | Supported |
フィードバック