有奖捉虫:云通信与企业服务文档专题,速来> HOT
资源级权限指的是能够指定用户对哪些资源具有执行操作的能力。云服务器(Cloud Virtual Machine,CVM)部分支持资源级权限,即表示针对支持资源级权限的 CVM 操作,控制何时允许用户执行操作或是允许用户使用的特定资源。例如,您 授权用户拥有广州地域的 CVM 操作权限。 在访问管理(Cloud Access Management,CAM)中可授权的资源类型如下:
资源类型
授权策略中的资源描述方法
qcs::cvm:$region::instance/*
qcs::cvm:$region::keypair/*
qcs::cvm:$region:$account:image/*
云服务器实例相关云服务器密钥相关云服务器镜像相关 分别介绍了当前支持资源级权限的 CVM API 操作,以及每个操作支持的资源和条件密钥。设置资源路径时,您需要将$region$account等变量参数修改为您实际的参数信息,同时您也可以在路径中使用 * 通配符。相关操作示例可参见 访问管理示例
注意:
表中未列出的 CVM API 操作即表示该 CVM API 操作不支持资源级权限。针对不支持资源级权限的 CVM API 操作,您仍可以向用户授予使用该操作的权限,但是策略语句的资源元素必须指定为 *

云服务器实例相关

API 操作
资源路径
条件密钥
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
ModifyInstanceInternetChargeType
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
qcs::cvm:$region:$account:systemdisk/*
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
qcs::cvm:$region:$account:sg/*
qcs::cvm:$region:$account:sg/$sgId
qcs::vpc:$region:$account:subnet/*
qcs::vpc:$region:$account:subnet/$subnetId
qcs::cvm:$region:$account:systemdisk/*
qcs::cvm:$region:$account:datadisk/*
qcs::vpc:$region:$account:vpc/*
qcs::vpc:$region:$account:vpc/$vpcId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
cvm:region
cvm:zone
cvm:instance_type

云服务器密钥相关

API 操作
资源路径
条件密钥
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
qcs::cvm:$region:$account:keypair/*
-
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
qcs::cvm:$region:$account:keypair/*
-
DescribeKeyPairsAttribute
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-
qcs::cvm:$region:$account:keypair/*
-
qcs::cvm:$region:$account:keypair/*
qcs::cvm:$region:$account:keypair/$keyId
-

云服务器镜像相关

API 操作
资源路径
条件密钥
qcs::cvm:$region:$account:instance/*
qcs::cvm:$region:$account:instance/$instanceId
qcs::cvm:$region:$account:image/*
cvm:region
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
qcs::cvm:$region:$account:image/*
cvm:region
DescribeImagesAttribute
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
qcs::cvm:$region:$account:image/*
cvm:region
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region
qcs::cvm:$region:$account:image/*
qcs::cvm:$region:$account:image/$imageId
cvm:region