资源级权限指的是能够指定用户对哪些资源具有执行操作的能力。云服务器(Cloud Virtual Machine,CVM)部分支持资源级权限,即表示针对支持资源级权限的 CVM 操作,控制何时允许用户执行操作或是允许用户使用的特定资源。例如,您 授权用户拥有广州地域的 CVM 操作权限。
在访问管理(Cloud Access Management,CAM)中可授权的资源类型如下:
资源类型 | 授权策略中的资源描述方法 |
云服务器实例相关 | qcs::cvm:$region::instance/* |
云服务器密钥相关 | qcs::cvm:$region::keypair/* |
云服务器镜像相关 | qcs::cvm:$region:$account:image/* |
云服务器实例相关、云服务器密钥相关 和 云服务器镜像相关 分别介绍了当前支持资源级权限的 CVM API 操作,以及每个操作支持的资源和条件密钥。设置资源路径时,您需要将$region
、$account
等变量参数修改为您实际的参数信息,同时您也可以在路径中使用 * 通配符。相关操作示例可参见 访问管理示例。注意表中未列出的 CVM API 操作即表示该 CVM API 操作不支持资源级权限。针对不支持资源级权限的 CVM API 操作,您仍可以向用户授予使用该操作的权限,但是策略语句的资源元素必须指定为 *。
云服务器实例相关
API 操作 | 资源路径 | 条件密钥 |
DescribeInstanceInternetBandwidthConfigs | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ModifyInstanceInternetChargeType | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ModifyInstancesAttribute | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ModifyInstancesProject | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ModifyInstancesRenewFlag | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
RebootInstances | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
RenewInstances | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ResetInstance | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId qcs::cvm:$region:$account:image/* qcs::cvm:$region:$account:image/$imageId qcs::cvm:$region:$account:keypair/* qcs::cvm:$region:$account:keypair/$keyId qcs::cvm:$region:$account:systemdisk/* |
cvm:regioncvm:zonecvm:instance_type |
ResetInstancesInternetMaxBandwidth | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ResetInstancesPassword | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ResetInstancesType | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
ResizeInstanceDisks | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
RunInstances | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:image/* qcs::cvm:$region:$account:image/$imageId qcs::cvm:$region:$account:keypair/* qcs::cvm:$region:$account:keypair/$keyId qcs::cvm:$region:$account:sg/* qcs::cvm:$region:$account:sg/$sgId qcs::vpc:$region:$account:subnet/* qcs::vpc:$region:$account:subnet/$subnetId qcs::cvm:$region:$account:systemdisk/* qcs::cvm:$region:$account:datadisk/* qcs::vpc:$region:$account:vpc/* qcs::vpc:$region:$account:vpc/$vpcId |
cvm:regioncvm:zonecvm:instance_type |
StartInstances | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
StopInstances | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
TerminateInstances | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId |
cvm:regioncvm:zonecvm:instance_type |
云服务器密钥相关
API 操作 | 资源路径 | 条件密钥 |
AssociateInstancesKeyPairs | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId qcs::cvm:$region:$account:keypair/* qcs::cvm:$region:$account:keypair/$keyId |
– |
CreateKeyPair | qcs::cvm:$region:$account:keypair/* |
– |
DeleteKeyPairs | qcs::cvm:$region:$account:keypair/* qcs::cvm:$region:$account:keypair/$keyId |
– |
DescribeKeyPairs | qcs::cvm:$region:$account:keypair/* |
– |
DescribeKeyPairsAttribute | qcs::cvm:$region:$account:keypair/* qcs::cvm:$region:$account:keypair/$keyId |
– |
DisassociateInstancesKeyPairs | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId qcs::cvm:$region:$account:keypair/* qcs::cvm:$region:$account:keypair/$keyId |
– |
ImportKeyPair | qcs::cvm:$region:$account:keypair/* |
– |
ModifyKeyPairAttribute | qcs::cvm:$region:$account:keypair/* qcs::cvm:$region:$account:keypair/$keyId |
– |
云服务器镜像相关
API 操作 | 资源路径 | 条件密钥 |
CreateImage | qcs::cvm:$region:$account:instance/* qcs::cvm:$region:$account:instance/$instanceId qcs::cvm:$region:$account:image/* |
cvm:region |
DeleteImages | qcs::cvm:$region:$account:image/* qcs::cvm:$region:$account:image/$imageId |
cvm:region |
DescribeImages | qcs::cvm:$region:$account:image/* |
cvm:region |
DescribeImagesAttribute | qcs::cvm:$region:$account:image/* qcs::cvm:$region:$account:image/$imageId |
cvm:region |
DescribeImageSharePermission | qcs::cvm:$region:$account:image/* |
cvm:region |
ModifyImageAttribute | qcs::cvm:$region:$account:image/* qcs::cvm:$region:$account:image/$imageId |
cvm:region |
ModifyImageSharePermission | qcs::cvm:$region:$account:image/* qcs::cvm:$region:$account:image/$imageId |
cvm:region |
SyncImages | qcs::cvm:$region:$account:image/* qcs::cvm:$region:$account:image/$imageId |
cvm:region |
对腾讯云CVM服务器有疑惑?想了解产品收费? 联系解决方案专家
腾讯云限时活动1折起,即将结束: 马上收藏
同尘科技为腾讯云授权服务中心,购买腾讯云享受折上折,更有现金返利:同意关联,立享优惠
阿里云解决方案也看看?: 点击对比阿里云的解决方案
本文来自投稿,不代表新手站长_郑州云淘科技有限公司立场,如若转载,请注明出处:https://www.cnzhanzhang.com/16072.html