CHDFS 预设授权策略如下:
策略 | 说明 |
---|---|
QcloudCHDFSReadOnlyAccess | 只读访问 CHDFS 的权限 |
QcloudCHDFSFullAccess | 管理 CHDFS 的权限 |
Action | Resouce | 说明 |
---|---|---|
chdfs:CreateFileSystem | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/* | 创建 CHDFS |
chdfs:DeleteFileSystem | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 删除 CHDFS |
chdfs:ModifyFileSystem | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 修改 CHDFS 属性 |
chdfs:DescribeFileSystem | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 查看 CHDFS 详细信息 |
chdfs:DescribeFileSystems | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 查看 CHDFS 列表 |
chdfs:CreateMountPoint | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 创建挂载点 |
chdfs:DeleteMountPoint | qcs::chdfs:${region-id}:uin/${account-uin}:mountpoint/${mount-point-id} | 删除挂载点 |
chdfs:ModifyMountPoint | qcs::chdfs:${region-id}:uin/${account-uin}:mountpoint/${mount-point-id} | 修改挂载点属性 |
chdfs:DescribeMountPoint | qcs::chdfs:${region-id}:uin/${account-uin}:mountpoint/${mount-point-id} | 查看挂载点详细信息 |
chdfs:DescribeMountPoints | qcs::chdfs:${region-id}:uin/${account-uin}:mountpoint/${mount-point-id} | 查看挂载点列表 |
chdfs:AssociateAccessGroups | qcs::chdfs:${region-id}:uin/${account-uin}:mountpoint/${mount-point-id} | 绑定权限组列表 |
chdfs:DisassociateAccessGroups | qcs::chdfs:${region-id}:uin/${account-uin}:mountpoint/${mount-point-id} | 解绑权限组列表 |
chdfs:CreateAccessGroup | qcs::chdfs:${region-id}:uin/${account-uin}:vpc/${vpc-id} 或qcs::chdfs:${region-id}:uin/${account-uin}:unVpcId/${unVpcId} |
创建权限组 |
chdfs:DeleteAccessGroup | qcs::chdfs:${region-id}:uin/${account-uin}:accessgroup/${access-group-id} | 删除权限组 |
chdfs:ModifyAccessGroup | qcs::chdfs:${region-id}:uin/${account-uin}:accessgroup/${access-group-id} | 修改权限组属性 |
chdfs:DescribeAccessGroup | qcs::chdfs:${region-id}:uin/${account-uin}:accessgroup/${access-group-id} | 查看权限组详细信息 |
chdfs:DescribeAccessGroups | qcs::chdfs:${region-id}:uin/${account-uin}:accessgroup/${access-group-id} | 查看权限组列表 |
chdfs:CreateAccessRules | qcs::chdfs:${region-id}:uin/${account-uin}:accessgroup/${access-group-id} | 批量创建权限规则 |
chdfs:DeleteAccessRules | qcs::chdfs:${region-id}:uin/${account-uin}:accessrule/${access-rule-id} | 批量删除权限规则 |
chdfs:ModifyAccessRules | qcs::chdfs:${region-id}:uin/${account-uin}:accessrule/${access-rule-id} | 批量修改权限规则属性 |
chdfs:DescribeAccessRules | qcs::chdfs:${region-id}:uin/${account-uin}:accessgroup/${access-group-id} | 查看权限规则列表 |
chdfs:CreateLifeCycleRules | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 批量创建生命周期规则 |
chdfs:DeleteLifeCycleRules | qcs::chdfs:${region-id}:uin/${account-uin}:lifecyclerule/${life-cycle-rule-id} | 批量删除生命周期规则 |
chdfs:ModifyLifeCycleRules | qcs::chdfs:${region-id}:uin/${account-uin}:lifecyclerule/${life-cycle-rule-id} | 批量修改生命周期规则属性 |
chdfs:DescribeLifeCycleRules | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 查看生命周期规则列表 |
chdfs:CreateRestoreTasks | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 批量创建回热任务 |
chdfs:DescribeRestoreTasks | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 查看回热任务列表 |
chdfs:ModifyResourceTags | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 修改资源标签列表 |
chdfs:DescribeResourceTags | qcs::chdfs:${region-id}:uin/${account-uin}:filesystem/${file-system-id} | 查看资源标签列表 |
授予子账号 CHDFS 管控系统只读权限的策略示例如下:
{
"version": "2.0",
"statement": [{
"effect": "allow",
"action": [
"name/chdfs:Describe*"
],
"resource": [
"*"
]
}]
}
授予子账号查看 CHDFS 的策略示例如下:
{
"version": "2.0",
"statement": [{
"effect": "allow",
"action": [
"name/chdfs:DescribeFileSystem"
],
"resource": [
"qcs::chdfs::uin/ownerUin:filesystem/fileSystemId"
]
}]
}
本页内容是否解决了您的问题?