Product |
Abbreviation in CAM |
Console |
Authorization by Tag |
Authorization Granularity |
IP Restriction |
Cloud Dedicated Cluster |
cdc |
Supported |
not supported |
Resource level |
Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
CreateDedicatedCluster |
CreateDedicatedCluster |
Operation level |
* |
Supported |
CreateDedicatedClusterOrder |
CreateDedicatedClusterOrder |
Operation level |
* |
Supported |
CreateDedicatedClusterUserDefinedOrder |
create user defined order |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${DedicatedClusterId} |
Supported |
CreateSite |
Create Site |
Operation level |
* |
Supported |
DeleteDedicatedClusters |
DeleteDedicatedClusters |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${clusterId} |
Supported |
DeleteSites |
DeleteSites |
Resource level |
qcs::cdc:${region}:uin/${uin}:site/${site} |
Supported |
ModifyDedicatedClusterInfo |
Modify dedicated cluster info |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${DedicatedClusterId} |
Supported |
ModifyDedicatedClusterOrder |
Modify Dedicated Cluster Order |
Operation level |
* |
not supported |
ModifyOrderStatus |
Modify order status |
Operation level |
* |
not supported |
ModifySiteDeviceInfo |
modify site device info |
Resource level |
qcs::cdc:${region}:uin/${uin}:site/${SiteId} |
Supported |
ModifySiteInfo |
modify site info |
Resource level |
qcs::cdc:${region}:uin/${uin}:site/${SiteId} |
Supported |
SyncDedicatedClusterImage |
sync cdc image |
Operation level |
* |
Supported |
Read operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
DescribeDedicatedClusterAlarms |
describe dedicated cluster alarm list |
Operation level |
* |
Supported |
DescribeDedicatedClusterCbsStatistics |
describe dedicated cluster CBS statistics |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${DedicatedClusterId} |
Supported |
DescribeDedicatedClusterConfigs |
describe dedicated cluster config infos |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${DedicatedClusterId} |
Supported |
DescribeDedicatedClusterCosCapacity |
Describe dedicated cluster cos capacity |
Operation level |
* |
Supported |
DescribeDedicatedClusterHostsVcpuMultiple |
Query CPU overclocking information by host id |
Operation level |
* |
Supported |
DescribeDedicatedClusterOrderDetail |
describe dedicated cluster order detail |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${DedicatedClusterId} |
Supported |
DescribeDedicatedClusterOrderServices |
Describe dedicated cluster order services |
Operation level |
* |
Supported |
DescribeDedicatedClusterOverview |
describe dedicated cluster overview |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${DedicatedClusterId} |
Supported |
DescribeUserDefinedOrderDefaultValues |
describe user defined order default values |
Operation level |
* |
Supported |
DescribeUserPermission |
query user permissions |
Operation level |
* |
Supported |
InquirePriceCreateDedicatedClusterOrder |
InquirePriceCreateDedicatedClusterOrder |
Operation level |
* |
Supported |
InquirePriceCreateDedicatedClusterUserDefinedOrder |
InquirePriceCreateDedicatedClusterUserDefinedOrder |
Operation level |
* |
Supported |
List Operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
DescribeDedicatedClusterHostStatistics |
DescribeDedicatedClusterHostStatistics |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${cluster} |
Supported |
DescribeDedicatedClusterHosts |
describe dedicated cluster host info list |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${cluster} |
Supported |
DescribeDedicatedClusterInstanceTypes |
DescribeDedicatedClusterInstanceTypes |
Operation level |
* |
Supported |
DescribeDedicatedClusterLoginAudit |
Query the login audit data of the parent and child machines of a specific cluster |
Operation level |
* |
Supported |
DescribeDedicatedClusterOrders |
DescribeDedicatedClusterOrders |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${cluster} |
Supported |
DescribeDedicatedClusterReleaseLogs |
Query dedicated cluster change log information |
Operation level |
* |
Supported |
DescribeDedicatedClusters |
DescribeDedicatedClusters |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${cluster} |
Supported |
DescribeDedicatedSupportedZones |
DescribeDedicatedSupportedZones |
Resource level |
qcs::cdc:${region}:uin/${uin}:cluster/${cluster} |
not supported |
DescribeSites |
DescribeSites |
Resource level |
qcs::cdc:${region}:uin/${uin}:site/${site} |
Supported |
DescribeSitesDetail |
DescribeSitesDetail |
Resource level |
qcs::cdc:${region}:uin/${uin}:site/${site} |
Supported |
Other Operations
API |
API Description |
Authorization Granularity |
Six-segment Resource Description |
IP Restriction |
ModifyDedicatedClusterHostsAttribute |
modify the properties of the host in the CDC |
Operation level |
* |
Supported |
문제 해결에 도움이 되었나요?