Product |
Abbreviation in CAM |
Console |
Authorization by Tag |
Authorization Granularity |
IP Restriction |
EventBridge |
eb |
Supported |
Supported |
Resource level |
Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
List Operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
CheckRule |
This API is used to check rule |
Operation level |
* |
Supported |
ListConnections |
ListConnections |
Operation level |
* |
Supported |
ListEventBuses |
ListEventBuses |
Resource level |
qcs::${ApiModule}:${Region}:uin/:eventbusid/${EventBusId} |
Supported |
ListPlatformEventPatterns |
ListPlatformEventPatterns |
Operation level |
* |
Supported |
ListPlatformProducts |
ListPlatformProducts |
Operation level |
* |
Supported |
ListRules |
ListRules |
Resource level |
qcs::${ApiModule}:${Region}:uin/:ruleid/${EventBusId}/${RuleId} |
Supported |
ListTargets |
ListTargets |
Resource level |
qcs::eb:${region}:uin/${uin}:targetid/${EventBusId}/${RuleId}/${TargetId} |
Supported |
Write operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
CreateConnection |
CreateConnection |
Resource level |
qcs::eb:${region}:uin/${uin}:connectionid/${EventBusId}/${ConnectionId} |
Supported |
CreateEventBus |
CreateEventBus |
Resource level |
qcs::eb:${region}:uin/${uin}:eventbusid/${EventBusId} |
Supported |
CreateRule |
CreateRule |
Resource level |
qcs::eb:${region}:uin/${uin}:eventbusid/${EventBusId} |
Supported |
CreateTarget |
CreateTarget |
Resource level |
qcs::eb:${region}:uin/${uin}:targetid/${EventBusId}/${RuleId}/${TargetId} |
Supported |
CreateTransformation |
CreateTransformation |
Operation level |
* |
Supported |
DeleteConnection |
DeleteConnection |
Resource level |
qcs::eb:${region}:uin/${uin}:connectionid/${EventBusId}/${ConnectionId} |
Supported |
DeleteEventBus |
DeleteEventBus |
Resource level |
qcs::eb:${region}:uin/${uin}:eventbusid/${EventBusId} |
Supported |
DeleteRule |
DeleteRule |
Resource level |
qcs::eb:${region}:uin/${uin}:ruleid/${EventBusId}/${RuleId} |
Supported |
DeleteTarget |
DeleteTarget |
Resource level |
qcs::eb:${region}:uin/${uin}:targetid/${EventBusId}/${RuleId}/${TargetId} |
Supported |
PutEvents |
This API is used to put events |
Resource level |
qcs::${ApiModule}:${Region}:uin/:eventbusid/${EventBusId} |
Supported |
UpdateConnection |
UpdateConnection |
Resource level |
qcs::eb:${region}:uin/${uin}:connectionid/${EventBusId}/${ConnectionId} |
Supported |
UpdateEventBus |
UpdateEventBus |
Resource level |
qcs::eb:${region}:uin/${uin}:eventbusid/${EventBusId} |
Supported |
UpdateRule |
UpdateRule |
Resource level |
qcs::eb:${region}:uin/${uin}:ruleid/${EventBusId}/${RuleId} |
Supported |
UpdateTarget |
UpdateTarget |
Resource level |
qcs::eb:${region}:uin/${uin}:tagetid/${EventBusId}/${RuleId}/${TargetId} |
Supported |
Read operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
DescribeLogStats |
Query log aggregation statistics interface |
Operation level |
* |
Supported |
DescribeLogTagValue |
Query log index dimension value |
Operation level |
* |
Supported |
GetAccountLimit |
GetAccountLimit |
Operation level |
* |
Supported |
GetConnection |
GetConnection |
Resource level |
qcs::eb:${region}:uin/${uin}:connectionid/${EventBusId}/${ConnectionId} |
not supported |
GetEventBus |
GetEventBus |
Resource level |
qcs::eb:${region}:uin/${uin}:eventbusid/${EventBusId} |
Supported |
GetPlatformEventTemplate |
GetPlatformEventTemplate |
Operation level |
* |
Supported |
GetRule |
GetRule |
Resource level |
qcs::eb:${region}:uin/${uin}:ruleid/${EventBusId}/${RuleId} |
Supported |
SearchLog |
Search Event Log |
Operation level |
* |
Supported |
문제 해결에 도움이 되었나요?