策略授权参考

本章节介绍SecMaster基于策略授权场景下支持的策略授权项。

支持的授权项

策略包含系统策略和自定义策略，如果系统策略不满足授权要求，管理员可以创建自定义策略，并通过给用户组授予自定义策略来进行精细的访问控制。策略支持的操作与API相对应，授权项列表说明如下：

权限：允许或拒绝对指定资源在特定条件下进行某项操作。
对应API接口：自定义策略实际调用的API接口。
授权项：自定义策略中支持的Action，在自定义策略中的Action中写入授权项，可以实现授权项对应的权限功能。
依赖的授权项：部分Action存在对其他Action的依赖，需要将依赖的Action同时写入授权项，才能实现对应的权限功能。
IAM项目(Project)/企业项目(Enterprise Project)：自定义策略的授权范围，包括IAM项目与企业项目。授权范围如果同时支持IAM项目和企业项目，表示此授权项对应的自定义策略，可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目，不支持企业项目，表示仅能在IAM中给用户组授权并生效，如果在企业管理中授权，则该自定义策略不生效。管理员可以在授权项列表中查看授权项是否支持IAM项目或企业项目，“√”表示支持，“×”表示暂不支持。关于IAM项目与企业项目的区别，详情请参见：IAM与企业管理的区别。

SecMaster的支持自定义策略授权项如下所示：

【示例】表1，包含SecMaster所有工作空间接口对应的授权项，如查询工作空间列表、创建工作空间、更新工作空间、获取工作空间详情、删除工作空间。
【示例】表2，包括安全报告管理接口对应的授权项，如列出报告、查看报告、创建报告、更新报告、删除报告等接口。

工作空间管理

表1 工作空间管理
权限	对应API接口	授权项（Action）	IAM项目 (Project)	企业项目 (Enterprise Project)
查询工作空间列表	GET /v1/{project_id}/workspaces	secmaster:workspace:list	√	×
创建工作空间	POST /v1/{project_id}/workspaces	secmaster:workspace:create	√	×
更新工作空间	PUT /v1/{project_id}/workspaces/{workspace_id}	secmaster:workspace:update	√	×
获取工作空间详情	GET /v1/{project_id}/workspaces/{workspace_id} GET /v1/{project_id}/workspaces/{workspace_id}/recollect	secmaster:workspace:get	√	×
删除工作空间	DELETE /v1/{project_id}/workspaces/{workspace_id}	secmaster:workspace:delete	√	×

安全报告管理

表2 安全报告管理
权限	对应API接口	授权项（Action）	IAM项目 (Project)	企业项目 (Enterprise Project)
列出报告	GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports	secmaster:report:list	√	×
查看报告	GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:get	√	×
创建报告	POST /v1/{project_id}/workspaces/{workspace_id}/sa/reports	secmaster:report:create	√	×
更新报告	PUT /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:update	√	×
删除报告	DELETE /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:delete	√	×

SecMaster支持的授权项

表3 SecMaster支持的授权项
权限	对应API接口	授权项（Action）	IAM项目 (Project)	企业项目 (Enterprise Project)
授予权限获取剧本详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}	secmaster:playbook:get	√	×
授予权限创建剧本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks	secmaster:playbook:create	√	×
授予权限删除剧本	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}	secmaster:playbook:delete	√	×
授予权限更新剧本	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}	secmaster:playbook:update	√	×
授予权限获取剧本列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks	secmaster:playbook:list	√	×
授予权限获取剧本统计数据	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/statistics	secmaster:playbook:getStatistics	√	×
授予权限获取剧本运行监控数据	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/monitor	secmaster:playbook:getMonitor	√	×
授予权限克隆剧本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/clone	secmaster:playbook:copyVersion	√	×
授予权限审核剧本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/approve	secmaster:playbook:approve	√	×
授予权限查询审核列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/approval	secmaster:playbook:listApproves	√	×
授予权限查询实例列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances	secmaster:playbook:listInstances	√	×
授予权限查询实例审计日志列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/auditlogs	secmaster:playbook:getInstanceAuditlog	√	×
授予权限创建剧本版本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions	secmaster:playbook:createVersion	√	×
授予权限获取剧本版本	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}	secmaster:playbook:getVersion	√	×
授予权限删除剧本版本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}	secmaster:playbook:deleteVersion	√	×
授予权限更新剧本版本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}	secmaster:playbook:updateVersion	√	×
授予权限获取剧本版本列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/versions	secmaster:playbook:listVersions	√	×
授予权限查询实例详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}	secmaster:playbook:getInstance	√	×
授予权限查询实例拓扑详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/topology	secmaster:playbook:getInstanceTopology	√	×
授予权限操作剧本实例	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/operation	secmaster:playbook:operateInstance	√	×
授予权限查询流程列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows	secmaster:workflow:list	√	×
授予权限获取流程的详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}	secmaster:workflow:get	√	×
授予权限删除流程	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}	secmaster:workflow:delete	√	×
授予权限创建流程	GET /v1/{project_id}/workspacesPOST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows	secmaster:workflow:create	√	×
授予权限更新流程	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}	secmaster:workflow:update	√	×
授予权限获取流程版本的列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions	secmaster:workflow:listVersions	√	×
授予权限获取流程的版本详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}	secmaster:workflow:getVersion	√	×
授予权限删除流程的版本	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}	secmaster:workflow:deleteVersion	√	×
授予权限创建流程版本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions	secmaster:workflow:createVersion	√	×
授予权限更新流程的版本	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}	secmaster:workflow:updateVersion	√	×
授予权限审核流程版本	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/approval	secmaster:workflow:approveVersion	√	×
授予权限校验流程的版本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/validation	secmaster:workflow:validate	√	×
授予权限更新流程版本调试结果	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/debug/result	secmaster:workflow:simulate	√	×
授予权限流程实例拓扑图	GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/instances/{instance_id}/topology	secmaster:workflow:getInstance	√	×
授予权限更新或创建流程实例	POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/instances	secmaster:workflow:operateInstance	√	×
授予权限查询资产连接列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials	secmaster:connection:list	√	×
授予权限创建资产连接	POST /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials	secmaster:connection:create	√	×
授予权限获取资产连接详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id}	secmaster:connection:get	√	×
授予权限删除资产连接	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id}	secmaster:connection:delete	√	×
授予权限更新资产连接	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id}	secmaster:connection:update	√	×
授予权限查询待办列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks	secmaster:task:list	√	×
授予权限创建待办	POST /v1/{project_id}/workspaces/{workspace_id}/soc/tasks	secmaster:task:create	√	×
授予权限更新待办	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id}	secmaster:task:update	√	×
授予权限获取待办详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id}	secmaster:task:get	√	×
授予权限获取情报详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id}	secmaster:indicator:get	√	×
授予权限创建情报	POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators	secmaster:indicator:create	√	×
授予权限更新情报	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id}	secmaster:indicator:update	√	×
授予权限删除情报	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id}	secmaster:indicator:delete	√	×
授予权限查询情报列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/search	secmaster:indicator:list	√	×
授予权限查询情报类型列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types	secmaster:indicator:listTypes	√	×
授予权限绑定情报类型与布局关联	POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types/layout	secmaster:indicator:bindLayout	√	×
授予权限获取告警详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id}	secmaster:alert:get	√	×
授予权限创建告警	POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts	secmaster:alert:create	√	×
授予权限更新告警	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id}	secmaster:alert:update	√	×
授予权限搜索告警列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/search	secmaster:alert:list	√	×
授予权限删除告警	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts	secmaster:alert:delete	√	×
授予权限告警转事件	POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order	secmaster:alert:batchOrders	√	×
授予权限查询告警类型列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types	secmaster:alert:listTypes	√	×
授予权限查询告警类别列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/category	secmaster:alert:listCategories	√	×
授予权限创建告警类型	POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types	secmaster:alert:createType	√	×
授予权限修改告警类型	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/{dataclass_type_id}	secmaster:alert:updateType	√	×
授予权限删除告警类型	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types	secmaster:alert:deleteType	√	×
授予权限启用/禁用告警类型	POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/enable	secmaster:alert:enableType	√	×
授予权限绑定告警类型与布局关联	POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/layout	secmaster:alert:bindLayout	√	×
授予权限获取事件详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id}	secmaster:incident:get	√	×
授予权限创建事件	POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents	secmaster:incident:create	√	×
授予权限更新事件	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id}	secmaster:incident:update	√	×
授予权限搜索事件列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/search	secmaster:incident:list	√	×
授予权限获取事件的类型列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types	secmaster:incident:listTypes	√	×
授予权限删除事件	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents	secmaster:incident:delete	√	×
授予权限查询事件类别列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/category	secmaster:incident:listCategories	√	×
授予权限创建事件类型	POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types	secmaster:incident:createType	√	×
授予权限修改事件类型	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/{dataclass_type_id}	secmaster:incident:updateType	√	×
授予权限删除事件类型	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types	secmaster:incident:deleteType	√	×
授予权限启用/禁用事件类型	POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/incidents/enable	secmaster:incident:enableType	√	×
授予权限绑定事件类型与布局的关联	POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/layout	secmaster:incident:bindLayout	√	×
授予权限创建对象关系	POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}	secmaster:dataobject:createRelation	√	×
授予权限删除对象关系	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}	secmaster:dataobject:deleteRelation	√	×
授予权限搜索对象关系列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}/search	secmaster:dataobject:listRelation	√	×
授予权限查询漏洞组列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/search	secmaster:vulnerability:listGroup	√	×
授予权限获取漏洞组详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/{vul_id}	secmaster:vulnerability:getGroup	√	×
授予权限导出漏洞组列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/export	secmaster:vulnerability:exportGroup	√	×
授予权限查询漏洞类型列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types	secmaster:vulnerability:listType	√	×
授予权限绑定漏洞类型与布局关联	POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/layout	secmaster:vulnerability:bindLayout	√	×
授予权限创建漏洞类型	POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types	secmaster:vulnerability:createType	√	×
授予权限修改漏洞类型	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/{dataclass_type_id}	secmaster:vulnerability:updateType	√	×
授予权限删除漏洞类型	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types	secmaster:vulnerability:deleteType	√	×
授予权限启用/禁用漏洞类型	POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/enable	secmaster:vulnerability:enableType	√	×
授予权限删除按需订单	DELETE /v1/{project_id}/subscriptions/orders	secmaster:subscription:deletePostPaidOrder	√	×
授予权限创建按需订单	POST /v1/{project_id}/subscriptions/orders	secmaster:subscription:createPostPaidOrder	√	×
授予权限创建包周期订单	POST /v1/{project_id}/subscriptions/orders/{order_id}	secmaster:subscription:createPrePaidOrder	√	×
授予权限查看订购版本	GET /v1/{project_id}/subscriptions/version	secmaster:subscription:getVersion	√	×
授予权限查看指标结果	GET /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/{metric_id}/result	secmaster:metric:getResult	√	×
授予权限列出指标结果	POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/results	secmaster:metric:listResults	√	×
授予权限列出指标Hits结果	POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/hits	secmaster:metric:listHits	√	×
授予权限查看委托	GET /v1/{project_id}/agency	secmaster:agency:get	√	×
授予权限创建委托	POST /v1/{project_id}/agency	secmaster:agency:create	√	×
授予权限查看资源统计	GET /v1/{project_id}/workspaces/{workspace_id}/resource-statistics	secmaster:resource:getStatistics	√	×
授予权限列出资源	GET /v1/{project_id}/workspaces/{workspace_id}/resources	secmaster:resource:list	√	×
授予权限导入资源	POST /v1/{project_id}/workspaces/{workspace_id}/sa/resources/import	secmaster:resource:import	√	×
授予权限获取资源导入模板	GET /v1/{project_id}/workspaces/{workspace_id}/sa/resource/template	secmaster:resource:getTemplate	√	×
授予权限列出报告	GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports	secmaster:report:list	√	×
授予权限查看报告	GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:get	√	×
授予权限创建报告	POST /v1/{project_id}/workspaces/{workspace_id}/sa/reports	secmaster:report:create	√	×
授予权限更新报告	PUT /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:update	√	×
授予权限删除报告	DELETE /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:delete	√	×
授予权限设置应急漏洞读取状态	POST /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/read-status	secmaster:emergencyVulnerability:updateReadStatus	√	×
授予权限列出应急漏洞	GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/list	secmaster:emergencyVulnerability:list	√	×
授予权限导出应急漏洞	GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/export	secmaster:emergencyVulnerability:export	√	×
授予权限查询数据空间列表	GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces	secmaster:dataspace:list	√	×
授予权限创建数据空间	POST /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces	secmaster:dataspace:create	√	×
授予权限查询数据空间详情	GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id}	secmaster:dataspace:get	√	×
授予权限更新数据空间	PUT /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id}	secmaster:dataspace:update	√	×
授予权限删除数据空间	DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id}	secmaster:dataspace:delete	√	×
授予权限查询数据管道列表	GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes	secmaster:pipe:list	√	×
授予权限创建数据管道	POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes	secmaster:pipe:create	√	×
授予权限查询数据管道详情	GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}	secmaster:pipe:get	√	×
授予权限更新数据管道	PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}	secmaster:pipe:update	√	×
授予权限删除数据管道	DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}	secmaster:pipe:delete	√	×
授予权限查询数据管道索引	GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index	secmaster:pipe:getIndex	√	×
授予权限更新数据管道索引	PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index	secmaster:pipe:updateIndex	√	×
授予权限查询数据管道消费	GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption	secmaster:pipe:getConsumption	√	×
授予权限创建数据管道消费	POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption	secmaster:pipe:createConsumption	√	×
授予权限删除数据管道消费	DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption	secmaster:pipe:deleteConsumption	√	×
授予权限查询数据	POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/logs	secmaster:search:listLogs	√	×
授予权限查询数据分布直方图	POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/histograms	secmaster:search:listHistograms	√	×
授予权限执行分析	POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/analysis	secmaster:search:createAnalysis	√	×
授予权限查询检索条件列表	GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions	secmaster:searchCondition:list	√	×
授予权限创建检索条件	POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions	secmaster:searchCondition:create	√	×
授予权限查询检索条件详情	GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id}	secmaster:searchCondition:get	√	×
授予权限更新检索条件	PUT /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id}	secmaster:searchCondition:update	√	×
授予权限删除检索条件	DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id}	secmaster:searchCondition:delete	√	×
授予权限查询告警模型	GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules	secmaster:alertRule:list	√	×
授予权限创建告警模型	POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules	secmaster:alertRule:create	√	×
授予权限查询告警模型详情	GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}	secmaster:alertRule:get	√	×
授予权限修改告警模型	PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}	secmaster:alertRule:update	√	×
授予权限删除告警模型	DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules	secmaster:alertRule:delete	√	×
授予权限启用告警模型	POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/enable	secmaster:alertRule:enable	√	×
授予权限停用告警模型	POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/disable	secmaster:alertRule:disable	√	×
授予权限查询告警模型总览	GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/metrics	secmaster:alertRule:listMetrics	√	×
授予权限模拟告警模型	POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/simulation	secmaster:alertRule:createSimulation	√	×
授予权限查询告警模板	GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates	secmaster:alertRuleTemplate:list	√	×
授予权限查询告警模板详情	GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/{template_id}	secmaster:alertRuleTemplate:get	√	×
授予权限查询告警模板总览	GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/metrics	secmaster:alertRuleTemplate:listMetrics	√	×
授予权限创建数据类	POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses	secmaster:dataclass:create	√	×
授予权限更新数据类	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}	secmaster:dataclass:update	√	×
授予权限删除数据类	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}	secmaster:dataclass:delete	√	×
授予权限获取数据类详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}	secmaster:dataclass:get	√	×
授予权限查询数据类列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses	secmaster:dataclass:list	√	×
授予权限创建字段	POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields	secmaster:dataclass:createField	√	×
授予权限更新字段	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id}	secmaster:dataclass:updateField	√	×
授予权限删除字段	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields	secmaster:dataclass:deleteField	√	×
授予权限获取字段详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id}	secmaster:dataclass:getField	√	×
授予权限查询字段列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields	secmaster:dataclass:listFields	√	×
授予权限获取类型详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types/{dataclass_type_id}	secmaster:dataclass:getType	√	×
授予权限查询类型列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types	secmaster:dataclass:listTypes	√	×
授予权限更新分类映射状态	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/status	secmaster:mapping:update	√	×
授予权限搜索分类映射列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/search	secmaster:mapping:list	√	×
授予权限获取分类映射数据源	GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/data-source	secmaster:mapping:getDatasource	√	×
授予权限获取分类映射函数	GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/functions	secmaster:mapping:listFunctions	√	×
授予权限删除分类映射	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}	secmaster:mapping:delete	√	×
授予权限复制分类映射	GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/clone	secmaster:mapping:copy	√	×
授予权限创建分类	POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers	secmaster:mapping:createClassifier	√	×
授予权限更新分类	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id}	secmaster:mapping:updateClassifier	√	×
授予权限获取分类信息	GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id}	secmaster:mapping:getClassifier	√	×
授予权限删除分类	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id}	secmaster:mapping:deleteClassifier	√	×
授予权限创建映射	POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers	secmaster:mapping:createMapper	√	×
授予权限更新映射	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id}	secmaster:mapping:updateMapper	√	×
授予权限查询映射列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/search	secmaster:mapping:listMappers	√	×
授予权限获取映射信息	POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id}	secmaster:mapping:getMapper	√	×
授予权限删除映射	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id}	secmaster:mapping:deleteMapper	√	×
授予权限获取布局类型列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/business-type	secmaster:layout:listBusinessTypes	√	×
授予权限查询布局列表	POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/search	secmaster:layout:list	√	×
授予权限创建布局	POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts	secmaster:layout:create	√	×
授予权限删除布局	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts	secmaster:layout:delete	√	×
授予权限更新布局	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}	secmaster:layout:update	√	×
授予权限查询布局	GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}	secmaster:layout:get	√	×
授予权限另存为模板	POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/template	secmaster:layout:createTemplate	√	×
授予权限创建布局字段	POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields	secmaster:layout:createField	√	×
授予权限获取布局字段列表	GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields	secmaster:layout:listFields	√	×
授予权限获取布局字段详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields/{field_id}	secmaster:layout:getField	√	×
授予权限删除布局字段	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields	secmaster:layout:deleteField	√	×
授予权限获取页面	GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards	secmaster:layout:listWizards	√	×
授予权限创建页面	POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards	secmaster:layout:createWizard	√	×
授予权限获取页面详情	GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id};/v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards	secmaster:layout:getWizard	√	×
授予权限删除页面	DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id}	secmaster:layout:deleteWizard	√	×
授予权限更新页面	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards	secmaster:layout:updateWizard	√	×
授予权限目录列表查询	POST /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/search;/v1/{project_id}/workspaces/{workspace_id}/soc/catalogues	secmaster:catalogue:list	√	×
授予权限更新目录	PUT /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/{catalogue_id}	secmaster:catalogue:update	√	×
授予权限导出剧本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/export	secmaster:playbook:export	√	×
授予权限导入剧本	POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/import	secmaster:playbook:import	√	×
授予权限下载指标模板	GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/template/download	secmaster:indicator:downloadTemplate	√	×
授予权限导出指标	POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/export	secmaster:indicator:export	√	×
授予权限导入指标	POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/import	secmaster:indicator:import	√	×
授予权限查询表	GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables	secmaster:table:list	√	×
授予权限创建表	-POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables	secmaster:table:create	√	×
授予权限查询表详情	GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}	secmaster:table:get	√	×
授予权限修改表	PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}	secmaster:table:update	√	×
授予权限删除表	DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}	secmaster:table:delete	√	×
授予权限锁止表	POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock	secmaster:table:createLock	√	×
授予权限解锁表	DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock	secmaster:table:deleteLock	√	×
授予权限查询表总览	GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/metrics	secmaster:table:listMetrics	√	×
授予权限设计表	PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/schema	secmaster:table:updateSchema	√	×

父主题： 权限和授权项

上一篇：权限及授权项说明

下一篇：身份策略授权参考

意见反馈

文档内容是否对您有帮助？

有帮助没帮助

提供反馈

提交成功！非常感谢您的反馈，我们会继续努力做到更好！您可在我的云声建议查看反馈及问题处理状态。

系统繁忙，请稍后重试

在使用文档中是否遇到以下问题

内容与产品页面不一致

内容不易理解

缺失示例代码

步骤不可操作

搜不到想要的内容

缺少最佳实践

意见反馈（选填）

0/500

请至少选择一项反馈信息并填写问题反馈

字符长度不能超过500

直接提交取消

如您有其它疑问，您也可以通过华为云社区问答频道来与我们联系探讨

盘古Doer提问云社区提问