Content Delivery Network
Content Delivery Network
- What's New
- Function Overview
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
- Domain Name Management
- Custom Domain Name Configuration
- Cache Prefetch and Purge
- Analytics
- Resource Package Management
- Log Management
- Domain Certificate Management
- Diagnosis
- Permissions Management
- Enterprise Projects
- Best Practices
- API Reference
-
FAQs
-
Functions and Usage
-
Functions
- What Service Types Does CDN Support?
- Which Protocols Does CDN Support?
- Does On-Demand Service Acceleration Support HLS and RTMP?
- Can CDN Identify Whether a User Is on a Desktop or Mobile Device?
- Does CDN Support Acceleration for a Single Web Page?
- Does CDN Support Binary File Acceleration?
- Does CDN Support Level-2 Domain Name Acceleration?
- Does CDN Accelerate POST Requests?
- What Origin Types Does CDN Support?
- Does Huawei Cloud CDN Support HTTP/3?
- Does Huawei Cloud CDN Support Content Encryption Before Distribution?
- Does Huawei Cloud CDN Support Intranet Acceleration?
-
Usage
- How Do I Grant CDN Permissions to IAM Users?
- How Do I Obtain the IP Address of a User?
- Does CDN Support Acceleration by Region?
- What Is the Conversion Rule for Traffic and Bandwidth?
- Does CDN Accelerate the Origin Server of a Website, or Accelerate the Domain Name?
- Can Wildcards Be Used as Part of an Acceleration Domain Name?
- Is CDN Necessary If My Services Are Deployed Within a City?
- How Does CDN Determine the Region to Which a User Belongs?
- How Do I Direct Traffic from a Third-party Platform to CDN?
- Can an Acceleration Domain Name Be Configured with Multiple Origin Servers?
- Can I Use CDN If the Origin Port Is Not 80?
- How Do I Configure an Origin Server When It Is a Non-Huawei Cloud Object Storage Bucket?
- Does CDN Accelerate User Access from a Specified Line?
- What Are the Differences Between an Acceleration Domain Name and an Origin Domain?
- Can CDN Provide Acceleration for a Domain Name That Houses Different Types of Services (Website, VOD, and File Download)?
-
Functions
- Purchase and Billing
-
Domain Name Settings
- Does CDN Support the Configuration of Domain Names with Ports?
- Can a Subdomain Name Be Used as an Acceleration Domain Name?
- Can the CNAME of an Acceleration Domain Name Be Directly Accessed?
- Do I Need to Configure a Certificate for the Origin Server After Adding a Security Certificate to CDN?
- How Do I Check Whether the CNAME Record Has Taken Effect?
- Can I Limit Access to Domain Names Based on QPS?
- Does Huawei Cloud CDN Accelerate Content Redirected from VPN?
- Does My Domain Name Have to Be Resolved on Huawei Cloud?
- Why Do My Domain Requests Still Go to CDN PoPs After My Domain Name Has Been Disabled and Domain Resolution Has Been Changed?
- How Do I Configure a Certificate If My Domain Name Is a Wildcard Domain?
- Does CDN Support Modification to Acceleration Service Types?
- Why Am I Seeing the "Incomplete certificate chain" Message?
- Why Am I Seeing a Message Indicating that the Certificate Format Is Incorrect?
- Are Self-Signed HTTPS Certificates Supported?
- Does CDN Support Force HTTPS?
- Can I Use HTTP After HTTPS Is Configured?
-
Cache Settings
- Will the Cache on CDN PoPs Be Updated in Real Time?
- Does CDN Cache Status Codes 404 and 403?
- What Are the Default Cache Rules? Can I Modify the Cache Age?
- Does the Path in Cache Settings Refer to a Web Address or File Path on the Server?
- Why Is the CDN Cache Hit Ratio Low?
- How Do I Cache the Homepage (Root Directory)?
- How Do I Check Whether a Cache Is Hit?
- Why Is the Latest Content Inaccessible Even When the Maximum Cache Age Is Set to 0?
- Does Huawei Cloud CDN Support Caching octet-stream Stream Files?
- Why Are Certain Files Not Downloadable Even Though They Have Not Expired (365 Days)?
- How Do I Configure Cache for Resources That Do Not Need to Be Cached?
- How Do I Synchronize Content Cached on CDN PoPs with That on the Origin Server?
- Why Does a Cache Rule Not Take Effect?
-
Troubleshooting
- Why Am I Seeing a Message Indicating that the Domain Name Already Exists When I Add a Domain Name for CDN Acceleration?
- Why Is My Domain Name Inaccessible After HTTPS Secure Acceleration Is Configured?
- Why Is Data Obtained from a CDN PoP Not the Updated Data?
- Why Is 304 Returned When a User Accesses a Resource Under My Acceleration Domain Name?
- Why Is the Accelerated Page Incorrect Even Though I Can Access the Origin Server?
- Why Can't a Web Page Be Properly Displayed After the Origin Server's IP Address Is Changed?
- Why Do I Get an Access Failure and Access-Control-Allow-Origin Error?
- Why Does the System Always Display "301" After HTTPS Is Configured for a Domain Name?
- Why Do I Get Request Timed Out When Trying to Ping an Acceleration Domain Name?
- Why Are Incorrect Resources Being Pulled from My Origin Server?
- Why Is My Site Slow the First Time I Access It After CDN Is Configured?
-
Cache Purge and Prefetch
- What Are the Differences Between Cache Purge and Cache Prefetch?
- Why Am I Seeing Insufficient Permission for Cache Purge and Prefetch?
- Why Does a Cache Prefetch Operation Fail?
- Does Cache Purge Refresh Content Cached on All PoPs?
- Should I Enter an Origin URL or Domain Name URL for Cache Purge and Prefetch?
- Why Does a Prefetch Task Remain in the Being Processed Status for a Long Time?
- How Do I Purge the CDN Cache Where the Domain Name Includes a Wildcard?
- Why Is the Content Not Updated Even After I Prefetched and Purged the Cache?
- Does CDN Support Directory Prefetch?
- Are Cache Purge and Prefetch Mandatory?
- Do I Need to Purge or Prefetch the Cache of Both HTTP and HTTPS URLs?
- Can I Prefetch M3U8 Files?
- Which Should I Do First, Purge or Prefetch, When I Want to Update Cache?
-
Security
- What Security Capabilities Does CDN Provide?
- Can I Configure Referer Validation to Prevent Hotlinking?
- Does CDN Support IP Address Filtering?
- How Does CDN Respond to CC Attacks?
- Does CDN Have Anti-DDoS Capabilities?
- Can Certificates Be Updated Without Service Interruption?
- Does CDN Detect Viruses in an Acceleration File?
- Can Multiple Certificates Be Configured for a Domain Name?
- Statistics and Logs
-
Origin Pull
- In What Scenarios Does CDN Pull Content from an Origin Server?
- What Do I Fix Origin Pull Failures?
- How Do I Check Whether Range Requests Are Supported for Origin Pull?
- If a Domain Name Is Attacked, Will Access Requests Be Directed to the Origin Server?
- What Are the Benefits of Configuring a Standby Origin Server?
- Does CDN Support Direct Origin Pull Through Crawler Access?
- What Is the Difference Between a Host and an Origin Server?
- How Is Origin Pull If the Origin Server Has Multiple IP Addresses?
- Why Are Incorrect Resources Being Pulled?
- How Do I View Origin Pull Records?
- Will CDN Download All Files If I Send a Status Code 206 to Request 100-Byte Content?
- Change History
-
Functions and Usage
-
Troubleshooting
- Why Can't I Access a Web Page or Play a Video After I Enable CDN?
- Why Is It Still Slow to Access a Domain Name That Has Been Added for CDN Acceleration?
- Why Is the Displayed or Downloaded Content Incorrect After CDN Acceleration Is Used?
- Why Is a 4XX Status Code Returned When I Request Resources from My Acceleration Domain Name?
- Why Is a 5XX Status Code Returned When I Request Resources from My Acceleration Domain Name?
- Why Does a 301/302 Redirect Loop Occur When I Request Resources from My Acceleration Domain Name?
- Status Code and Handling Suggestions
- Why Can't I Log In to My Domain Name or Why Is the Information of Other Users Displayed?
- How Do I Check Whether an Access Fault Is Caused by a CDN PoP or Origin Server?
- Why Is the Cache of a Resource Inconsistent on Different PoPs?
On this page
Show all
Help Center/
Content Delivery Network/
API Reference/
Permissions Policies and Supported Actions/
Introduction
Introduction
Updated on 2023-12-18 GMT+08:00
This chapter describes fine-grained permissions management for your CDN. If your HUAWEI ID does not need individual IAM users, then you may skip over this chapter.
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on CDN based on the permissions.
You can grant users permissions using roles and policies. Roles are a type of service-based, coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.
NOTE:
If you want to allow or deny the access to an API, fine-grained authorization is a good choice.
An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully.
Supported Actions
CDN provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: Statements in a policy that allow or deny certain operations.
- APIs: REST APIs that can be called in a custom policy.
- Actions: Added to a custom policy to control permissions for specific operations.
- IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Management. For details about the differences between IAM and enterprise projects, see Differences Between IAM Projects and Enterprise Projects.
NOTE:
The check mark (√) indicates that an action takes effect. The cross mark (x) indicates that an action does not take effect.
CDN supports the following actions that can be defined in custom policies:
- [Example] Statistics Analysis, including the authorization items corresponding to CDN statistics APIs, such as querying basic domain name statistics and querying data by region and carrier.
- [Example] CDN Billing, including the authorization items corresponding to CDN billing APIs, such as querying and setting the billing option.
Parent topic: Permissions Policies and Supported Actions
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
