Help Center/ Cloud Application Engine/ API Reference/ Permissions and Supported Actions/ Actions Supported by Policy-based Authorization
Updated on 2025-12-19 GMT+08:00
View PDF
Share

Actions Supported by Policy-based Authorization

This section describes the actions supported by CAE in policy-based authorization.

Supported Actions

CAE provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The common concepts related to policies are as follows:

  • Permissions: statements in a policy that allow or deny certain operations
  • APIs: APIs that can be called by a custom policy
  • Actions: specific operations that are allowed or denied.
  • Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
  • IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Custom policies that contain actions for both IAM projects and enterprise projects can be assigned to user groups and be applied in both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.

CAE supports the following actions in custom policies.

Environment Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the environment list

GET /v1/{project_id}/cae/environments

cae:environment:list

×

Creating an environment

POST /v1/{project_id}/cae/environments

cae:environment:create

Deleting an environment

Delete /v1/{project_id}/cae/environments/{environment_id}

cae:environment:delete

Application Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the application list

GET /v1/{project_id}/cae/applications

cae:application:list

×

Creating an application

POST /v1/{project_id}/cae/applications

cae:application:create

Obtaining the details of an application

GET /v1/{project_id}/cae/applications/{application_id}

cae:application:get

×

Deleting an application

DELETE /v1/{project_id}/cae/applications/{application_id}

cae:application:delete

Component Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Creating a component

Post /v1/{project_id}/cae/applications/{application_id}/components

cae:application:create

Obtaining the component list

Get /v1/{project_id}/cae/applications/{application_id}/components

cae:application:list

Obtaining the details of a component

Get /v1/{project_id}/cae/applications/{application_id}/components/{component_id}

cae:application:get

Updating a component

Put /v1/{project_id}/cae/applications/{application_id}/components/{component_id}

cae:application:modify

Deleting a component

Delete /v1/{project_id}/cae/applications/{application_id}/components/{component_id}

cae:application:delete

Creating, validating, and deploying a component

Post /v1/{project_id}/cae/applications/{application_id}/component-with-configurations

cae:application:create

Performing operations on a component

Post /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/action

cae:application:modify

Obtaining the component snapshot list

Get /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/snapshots

cae:application:list

×

Obtaining the component instance list

Get /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/instances

cae:application:list

×

Component Configuration Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the component configuration list

GET /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/configurations

cae:application:get

Adding a component configuration

POST /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/configurations

cae:application:create

Deleting a component configuration

DELETE /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/configurations

cae:application:delete

Querying the comparison information of historical versions

Get /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/configuration-history

cae:application:list

×

Querying the change time of a historical version

Get /v1/{project_id}/cae/applications/{application_id}/components/{component_id}/configuration-history-time

cae:application:get

×

Cloud Storage Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the cloud storage list

GET /v1/{project_id}/cae/volumes

cae:environment:list

Authorizing cloud storage

POST /v1/{project_id}/cae/volumes

cae:environment:create

Unbinding cloud storage

DELETE /v1/{project_id}/cae/volumes/{id}

cae:environment:delete

Task Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the details about a task

GET /v1/{project_id}/cae/jobs/{job_id}

cae:environment:get

×

Retrying a task

POST /v1/{project_id}/cae/jobs/{job_id}

cae:environment:create

×

Domain Name Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the domain name list

GET /v1/{project_id}/cae/domains

cae:environment:get

Creating a domain name

POST /v1/{project_id}/cae/domains

cae:environment:create

Deleting a domain name

DELETE /v1/{project_id}/cae/domains/{domain_id}

cae:environment:delete

Certificate Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the certificate list

GET /v1/{project_id}/cae/certificates

cae:environment:get

Creating a certificate

POST /v1/{project_id}/cae/certificates

cae:environment:create

Modifying a certificate

PUT /v1/{project_id}/cae/certificates/{certificate_id}

cae:environment:update

Deleting a certificate

DELETE /v1/{project_id}/cae/certificates/{certificate_id}

cae:environment:delete

Scheduled Start/Stop Policy Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the scheduled start/stop policy list

GET /v1/{project_id}/cae/timer-rules

cae:environment:get

Creating a scheduled start/stop policy

POST /v1/{project_id}/cae/timer-rules

cae:environment:create

Deleting a scheduled start/stop policy

DELETE /v1/{project_id}/cae/timer-rules/{timer_rule_id}

cae:environment:delete

Modifying a scheduled start/stop policy

PUT /v1/{project_id}/cae/timer-rules/{timer_rule_id}

cae:environment:update

Obtaining the last execution status of a scheduled start/stop policy

GET /v1/{project_id}/cae/timer-rules/{timer_rule_id}/execution-results

cae:environment:get

EIP Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the EIP list of cluster nodes

GET /v1/{project_id}/cae/eips

cae:environment:get

Modifying the inbound and outbound bandwidth and enabling status

PUT /v1/{project_id}/cae/eips

cae:environment:update

Monitoring System Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining a monitoring system configuration

GET /v1/{project_id}/cae/monitor-system

cae:environment:get

Creating a monitoring system configuration

POST /v1/{project_id}/cae/monitor-system

cae:environment:create

Updating a monitoring system configuration

PUT /v1/{project_id}/cae/monitor-system/{monitor_system_id}

cae:environment:update

VPC Access from the CAE Environment

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the configuration for the CAE environment to access the VPC

GET /v1/{project_id}/cae/vpc-egress

cae:environment:get

Creating the configuration for the CAE environment to access the VPC

POST /v1/{project_id}/cae/vpc-egress

cae:environment:create

Deleting the configuration for the CAE environment to access VPC

DELETE /v1/{project_id}/cae/vpc-egress/{vpc_egress_id}

cae:environment:delete

Event Notification Rule Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Creating an event notification rule

POST /v1/{project_id}/cae/notice-rules

cae:environment:create

Querying the event notification rule list

GET /v1/{project_id}/cae/notice-rules

cae:environment:get

Modifying an event notification rule

PUT /v1/{project_id}/cae/notice-rules/{rule_id}

cae:environment:update

Querying an event notification rule

GET /v1/{project_id}/cae/notice-rules/{rule_id}

cae:environment:get

Deleting an event notification rule

DELETE /v1/{project_id}/cae/notice-rules/{rule_id}

cae:environment:delete

VPC Access to the CAE Environment

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Obtaining the configuration for the VPC to access the CAE environment

GET /v1/{project_id}/cae/vpc-ingress

cae:environment:get

Creating the configuration for the VPC to access the CAE environment

POST /v1/{project_id}/cae/vpc-ingress

cae:environment:create

Deleting the configuration for VPC to access the CAE environment

DELETE /v1/{project_id}/cae/vpc-ingress/{vpc_ingress_id}

cae:environment:delete

Secret Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Associating a secret registered by the tenant

POST /v1/{project_id}/cae/dew-secrets

cae:environment:create

Obtaining user secrets

GET /v1/{project_id}/cae/dew-secrets

cae:environment:get

Modifying the version of a secret registered with DEW

PUT /v1/{project_id}/cae/dew-secrets/{secret_id}

cae:environment:update

Deleting a secret registered with DEW

DELETE /v1/{project_id}/cae/dew-secrets/{secret_id}

cae:environment:delete

Obtaining the components that are using a specific secret

GET /v1/{project_id}/cae/dew-secrets/{secret_id}/effective-components

cae:environment:get

URL Monitoring Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Modifying URL monitoring configurations

PUT /v1/{project_id}/cae/url-monitor/configurations

cae:environment:update

Obtaining URL monitoring configurations

GET /v1/{project_id}/cae/url-monitor/configurations

cae:environment:get

Egress Configuration Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Querying egress configurations

GET /v1/{project_id}/cae/egress-config

cae:environment:get

Ingress Configuration Management

Permission

API

Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Creating an ingress domain name suffix

POST /v1/{project_id}/cae/ingress-configs

cae:environment:create

Querying the suffix list of ingress domain names

GET /v1/{project_id}/cae/ingress-configs

cae:environment:get

Modifying an ingress domain name suffix

PUT /v1/{project_id}/cae/ingress-configs/{ingress_config_id}

cae:environment:update

Deleting an ingress domain name suffix

DELETE /v1/{project_id}/cae/ingress-configs/{ingress_config_id}

cae:environment:delete