Updated on 2024-12-25 GMT+08:00

Authorization Records

You can view all authorization records under your account on the Permissions > Authorization page. You can filter records by policy/role name, username, user group name, agency name, IAM project, enterprise project (if it is enabled), and principal type (user, user group, or agency).

  • Enterprise Project function enabled: View authorization records by IAM or enterprise project.
    Figure 1 Enterprise Project function enabled
  • Enterprise Project function not enabled: View authorization records by IAM project. To enable Enterprise Project, see Enabling the Enterprise Project Function.
    Figure 2 Enterprise Project function not enabled

Viewing Authorization Records by IAM Project

When viewing authorization records by IAM project, select the following filter conditions:

  • Policy/Role name:

    To view the authorization records of a policy or role, select Policy/Role name, and enter a name. For details about the permissions of all cloud services, see System-defined Permissions.

  • Username/User group name/Agency name:

    To view the IAM project permissions assigned to a specific IAM user, user group, or agency, select Username, User group name, or Agency name, and enter a name.

    For IAM project-based authorization, you assign permissions by user group. If you query the authorization records of a specific user, the authorization records of the group which the user belongs to are displayed.

  • IAM project: The application scope of permissions. If you want to view authorization records of an IAM project, select IAM project and any of the following options:
    • Global services: View authorization records of all global services.
    • All resources: View authorization records of all projects, that is, the global services and all region-specific projects (including projects created later).
    • Region-specific projects: View authorization records of a default project or subproject (such as ap-southeast-1)
  • Principal type: The type of objects that are authorized. There are three principal types: user, user group, and agency. In the IAM project view, you can filter records by user group or agency. If you select User, no records will be displayed.
  • Enterprise projects: The name of an enterprise project. If you select Enterprise project and enter an enterprise project name, the enterprise project view is displayed.

Viewing Authorization Records by Enterprise Project

When viewing authorization records by enterprise project, select the following filter conditions:

  • Policy/Role name:

    To view the authorization records of a policy or role, select Policy/Role name, and enter a name. For details about the cloud service permissions supported by enterprise projects, see Cloud Service Permissions.

  • Username/User group name/Agency name:

    To view the enterprise project permissions assigned to a specific IAM user or user group, select Username or User group name, and enter a name.

    • For enterprise project-based authorization, you assign permissions by user. If you query the authorization records of a specific user, the authorization records of the user and the user group which the user belongs to are displayed.
  • Enterprise project: The name of an enterprise project, that is, the application scope of permissions. To view the authorization records of a specific enterprise project, select Enterprise project, and enter an enterprise project name.
  • Principal type: The type of objects that are authorized. There are three principal types: user, user group, and agency.
  • IAM project: The name of an IAM project or region. If you select IAM project and enter a project name, the IAM project view is displayed.