Product |
Abbreviation in CAM |
Console |
Authorization by Tag |
Authorization Granularity |
IP Restriction |
Private DNS |
privatedns |
Supported |
not supported |
Resource level |
Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Read operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
CheckDomainVpcConflict |
Check for conflicts between VPCs bound to private domains |
Operation level |
* |
Supported |
CheckRoleAuthorize |
Query whether the role is authorized. |
Operation level |
* |
Supported |
DescribeAccountVpcList |
Query the VPC list of PrivateDNS binded accounts |
Operation level |
* |
Supported |
DescribeCreateRecordListResult |
Query batch add private domain resolution records results. |
Operation level |
* |
Supported |
DescribeCreateZoneListResult |
Query batch created private domains results. |
Operation level |
* |
Supported |
DescribeDashboard |
Describe Product Dashboard |
Operation level |
* |
Supported |
DescribeDefaultCLSLog |
Query the default CLS log set |
Operation level |
* |
Supported |
DescribeEndPointRegion |
Query the enabled region of the terminal node |
Operation level |
* |
Supported |
DescribeForwardRule |
Query forwarding rule details |
Operation level |
* |
Supported |
DescribeImportRecordsResult |
Query file import parsing record results |
Operation level |
* |
Supported |
DescribeImportTemplateUrl |
Query file import parsing record template |
Operation level |
* |
Supported |
DescribePrivateZone |
Describe Private Zone |
Resource level |
qcs::privatedns::zone/1036 |
Supported |
DescribeQuotaUsage |
Query quota usage (including TLD quota at present) |
Operation level |
* |
Supported |
DescribeRecordsExportFileUrl |
Batch export of resolution records according to private domain ID |
Operation level |
* |
Supported |
DescribeRegionList |
Describe Region List |
Operation level |
* |
Supported |
DescribeRequestData |
Describe Record Request Statistics Data |
Resource level |
qcs::privatedns::zone/${ZoneId} |
not supported |
DescribeSupportRecordDetailList |
Query Record Details List |
Operation level |
* |
Supported |
DescribeUploadUrl |
Query temporary upload URL |
Operation level |
* |
Supported |
DescribeUserConfig |
Get User Current Config |
Operation level |
* |
Supported |
DescribeZoneCLSLog |
Querying CLS log sets bound to private dns |
Operation level |
* |
Supported |
Write operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
CreateDefaultCLSLog |
Create a default CLS log set, log subject, and index, and enable log push for the current private domain. |
Operation level |
* |
Supported |
CreateEndPoint |
Create a end point |
Operation level |
* |
Supported |
CreateEndPointAndEndPointService |
Simultaneously create an endpoint service and an endpoint. |
Operation level |
* |
Supported |
CreateForwardRule |
Create a custom forwarding rule |
Operation level |
* |
Supported |
CreatePrivateDNSAccount |
Create PrivateDNS account |
Operation level |
* |
Supported |
CreatePrivateZone |
Create Private Zone |
Operation level |
* |
Supported |
CreatePrivateZoneList |
Batch add PrivateDNS. |
Operation level |
* |
Supported |
CreatePrivateZoneRecord |
Create Private Zone Record |
Resource level |
qcs::privatedns::uin/${uin}:uin/${uin} |
Supported |
CreatePrivateZoneRecordList |
Batch add PrivateDNS resolution records. |
Operation level |
* |
Supported |
DeleteEndPoint |
Delete end point |
Operation level |
* |
Supported |
DeleteForwardRule |
Delete forwarding rule |
Operation level |
* |
Supported |
DeletePrivateDNSAccount |
delete PrivateDNS bound account |
Operation level |
* |
Supported |
DeletePrivateZone |
Delete Private Zone |
Resource level |
qcs::privatedns::zone/${ZoneId} |
Supported |
DeletePrivateZoneRecord |
Delete Private Zone Record |
Resource level |
qcs::privatedns::zone/${ZoneId} |
Supported |
ModifyForwardRule |
Modify forwarding rules |
Operation level |
* |
Supported |
ModifyPrivateZone |
Modify Private Zone |
Resource level |
qcs::privatedns::zone/1036 |
Supported |
ModifyPrivateZoneRecord |
Modify Private Zone Record |
Resource level |
qcs::privatedns::uin/${uin}:uin/${uin} |
Supported |
ModifyPrivateZoneVpc |
Modify Private Zone Binded VPC |
Resource level |
qcs::privatedns::zone/${ZoneId} |
Supported |
ModifyRecordsStatus |
Modify resolution record status |
Operation level |
* |
Supported |
ModifyResourcePackage |
Modify Resource Package Status |
Resource level |
qcs::privatedns::uin/${uin}:resource/${resourceId} |
Supported |
ModifyUserConfig |
Modify User Config |
Operation level |
* |
not supported |
ModifyZoneCLSLog |
Modify the log set of the private dns binding. |
Operation level |
* |
Supported |
SubscribePrivateZoneService |
Subscribe Private Zone Service |
Operation level |
* |
Supported |
List Operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
DescribeAuditLog |
Describe User Audit Log List |
Operation level |
* |
Supported |
DescribeEndPointList |
Query end point list |
Operation level |
* |
Supported |
DescribeForwardRuleList |
Query forwarding rule list |
Operation level |
* |
Supported |
DescribePrivateDNSAccountList |
query the account list bound to the PrivateDNS |
Operation level |
* |
Supported |
DescribePrivateZoneList |
Describe Private Zone List |
Resource level |
qcs::privatedns::zone/${ZoneId} |
Supported |
DescribePrivateZoneRecordList |
Describe Private Zone Record List |
Resource level |
qcs::privatedns::zone/1036 |
Supported |
DescribeResourcePackageList |
Describe Resource Package List |
Resource level |
qcs::privatedns::uin/${uin}:resource/${resourceId} |
Supported |
문제 해결에 도움이 되었나요?