tencent cloud

피드백

Cloud HDFS

마지막 업데이트 시간:2024-11-26 09:52:07

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Cloud HDFS chdfs Supported Supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AssociateAccessGroups associate access groups Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
    CreateAccessGroup create access group Resource level qcs::chdfs:$region:$account:vpc/$vpcId
    qcs::chdfs:$region:$account:unVpcId/$unVpcId
    Supported
    CreateAccessRules batch create access rules Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
    CreateFileSystem create file system Operation level * Supported
    CreateInventoryConfig create inventory config Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    CreateLifeCycleRules batch create life cycle rules Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    CreateMountPoint create mount point Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    CreatePathProtectionRule create path protection rule Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    CreateRestoreTasks batch create restore tasks Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId not supported
    DeleteAccessGroup delete access group Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
    DeleteAccessRules batch delete access rules Resource level qcs::chdfs:${region}:uin/${uin}:accessgroup/$accessGroupId Supported
    DeleteFileSystem delete file system Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    DeleteInventoryConfig delete inventory config Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    DeleteLifeCycleRules batch delete life cycle rules Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    DeleteMountPoint delete mount point Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
    DeletePathProtectionRule delete path protection rule Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    DisassociateAccessGroups disassociate access groups Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
    ModifyAccessGroup modify access group Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
    ModifyAccessRules batch modify access rules Resource level qcs::chdfs:${region}:uin/${uin}:accessgroup/$accessGroupId Supported
    ModifyFileSystem modify file system Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    ModifyInventoryConfig modify inventory config Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    ModifyLifeCycleRules batch modify life cycle rules Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    ModifyMountPoint modify mount point Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
    ModifyPathProtectionRule modify path protection rule Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId not supported
    ModifyResourceTags modify resource tags Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAccessGroup describe access group Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
    DescribeFileSystem describe file system Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    DescribeMountPoint decribe mount point Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
    DescribeOverview describe overview Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAccessGroups describe access groups Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
    DescribeAccessRules describe access rules Resource level qcs::chdfs:$region:$account:accessgroup/$accessGroupId Supported
    DescribeFileSystems describe file systems Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    DescribeInventoryConfigs describe inventory configs Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    DescribeLifeCycleRules describe life cycle rules Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    DescribeMountPoints describe mount points Resource level qcs::chdfs:$region:$account:mountpoint/$mountPointId Supported
    DescribePathProtectionRules describe path protection rules Resource level qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId Supported
    DescribeResourceTags describe resource tags Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId Supported
    DescribeRestoreTasks describe restore tasks Resource level qcs::chdfs:$region:$account:filesystem/$fileSystemId not supported
    문의하기

    고객의 업무에 전용 서비스를 제공해드립니다.

    기술 지원

    더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

    연중무휴 24시간 전화 지원