Product |
Abbreviation in CAM |
Console |
Authorization by Tag |
Authorization Granularity |
IP Restriction |
BatchCompute |
batch |
Supported |
Supported |
Resource level |
Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
AttachInstances |
Attach instances to ComputeEnv |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
CreateComputeEnv |
Create Compute Env |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/* |
Supported |
CreateCpmComputeEnv |
Create Cpm Compute Env |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/* |
not supported |
CreateTaskTemplate |
Create Task Template |
Resource level |
qcs::batch:${region}:uin/${uin}:tasktemplate/* |
Supported |
DeleteComputeEnv |
Delete Compute Env |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
DeleteJob |
Delete Job |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
DeleteTaskTemplates |
Delete Task Templates |
Resource level |
qcs::batch:${region}:uin/${uin}:tasktemplate/${taskTemplateId} |
Supported |
DetachInstances |
Detach instances from ComputeEnv |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
ModifyComputeEnv |
Modify Compute Env |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
ModifyTaskTemplate |
Modify Task Template |
Resource level |
qcs::batch:${region}:uin/${uin}:tasktemplate/${taskTemplateId} |
Supported |
RetryJobs |
Retry Jobs |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
SubmitJob |
Submit Job |
Resource level |
qcs::batch:${region}:uin/${uin}:job/* |
Supported |
TerminateComputeNode |
Terminate Compute Node |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
TerminateComputeNodes |
Terminate Compute Nodes |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
TerminateJob |
Terminate Job |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
TerminateTaskInstance |
Terminate Task Instance |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
Read operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
DescribeAvailableCvmInstanceTypes |
Describe Available Cvm Instance Types |
Operation level |
* |
Supported |
DescribeComputeEnv |
Describe Compute Env |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
DescribeComputeEnvActivities |
Describe Compute Env Activities |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
DescribeComputeEnvCreateInfo |
DescribeComputeEnvCreateInfo |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
DescribeCvmZoneInstanceConfigInfos |
Query batch calculation availability zone model configuration information |
Operation level |
* |
Supported |
DescribeInstanceCategories |
Describe instance classification information |
Operation level |
* |
Supported |
DescribeJob |
Describe Job |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
DescribeJobSubmitInfo |
Describe Job Submit Information |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
not supported |
DescribeRegions |
Query Region List |
Operation level |
* |
Supported |
DescribeTask |
Describe Task |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
DescribeTaskLogs |
Describe Task Logs |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
DescribeZones |
Query the list of available zones |
Operation level |
* |
Supported |
ValidateBatchAssumeRole |
Verify BATCH service role |
Operation level |
* |
Supported |
List Operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
DescribeComputeEnvCreateInfos |
Describe Compute Env Create Infos |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
DescribeComputeEnvs |
Describe Compute Envs |
Resource level |
qcs::batch:${region}:uin/${uin}:computeenv/${envId} |
Supported |
DescribeJobs |
Describe Jobs |
Resource level |
qcs::batch:${region}:uin/${uin}:job/${jobId} |
Supported |
DescribeTaskTemplates |
Describe Task Templates |
Resource level |
qcs::batch:${region}:uin/${uin}:tasktemplate/${taskTemplateId} |
Supported |
문제 해결에 도움이 되었나요?