Updated on 2022-12-29 GMT+08:00

DSC Permissions and Supported Actions

This section describes how to use IAM for fine-grained DSC permissions management. If your account does not need individual IAM users, skip over this section.

By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

You can grant users permissions by using roles and policies. Roles are provided by IAM to define service-based permissions depending on user's job responsibilities. Policies are a type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions

Supported Actions

DSC provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.

  • Permissions: Statements in a policy that allow or deny certain operations
  • Actions: Added to a custom policy to control permissions for specific operations

Permission

Action

Querying the OBS asset list

dsc:obsAsset:list

Updating identification rules

scanRule:update

Adding big data assets

dsc:bigdataAsset:create

Viewing the identification rule list

dsc:scanRule:list

Adding OBS assets

dsc:obsAsset:create

Querying the RDS DB instance list

dsc:rds:list

Deleting databases

dsc:databaseAsset:delete

Adding identification rules

dsc:scanRule:create

Deleting identification tasks

dsc:scanTask:delete

Querying DSC permissions

dsc:authorization:get

Querying RDS database list

dsc:rdsDatabase:list

Modifying identification tasks

dsc:scanTask:update

Querying the Cloud Search Service (CSS) list

dsc:css:list

Creating identification tasks

dsc:scanTask:create

Granting operation permissions to DSC users

dsc:authorization:grant

Querying the big data asset list

dsc:bigdataAsset:list

Querying the identification task list

dsc:scanTask:list

Adding databases

dsc:databaseAsset:create

Deleting identification tasks

dsc:scanRule:delete

Querying the overview page of DSC

dsc:overview:list

Querying the database list

dsc:databaseAsset:list

Deleting OBS assets

dsc:obsAsset:delete

Deleting big data assets

dsc:bigdataAsset:delete