Help Center/ Cloud Backup and Recovery/ API Reference/ Permissions and Supported Actions/ Actions Supported by Policy-based Authorization
Updated on 2025-12-09 GMT+08:00
View PDF
Share

Actions Supported by Policy-based Authorization

This section describes the actions supported by CBR in role/policy-based authorization.

Supported Actions

CBR provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:

  • Permissions: statements in a policy that allow or deny certain operations
  • APIs: REST APIs that can be called by a user who has been granted specific permissions
  • Actions: specific operations that are allowed or denied
  • Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
  • IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.

CBR supports the following actions in custom policies:

  • [Example] Vault actions (Vaults), including all of the actions supported by CBR vault APIs, such as the APIs for creating, modifying, and deleting a vault, querying the vault list, as well as adding and removing resources.
  • [Example] Backup sharing actions (Backup Sharing), including actions supported by CBR backup sharing APIs, such as APIs for adding share members, obtaining the share member list, and updating the share member status.

Tasks

Permission

API

Action

IAM

Project

Enterprise

Project

Querying the task list

GET /v3/{project_id}/operation-logs

cbr:tasks:list

Supported

Supported

Querying a single task

GET /v3/{project_id}/operation-logs/{operation_log_id}

cbr:tasks:get

Supported

Supported

Protection

Permission

API

Action

Dependencies

IAM

Project

Enterprise

Project

Querying protectable resources

GET /v3/{project_id}/protectables/{protectable_type}/instances

cbr:vaults:listProtectables

ecs:cloudServers:list

evs:volumes:list

Supported

Supported

Querying a specified protectable resource

GET /v3/{project_id}/protectables/{protectable_type}/instances/{instance_id}

cbr:vaults:getProtectables

ecs:cloudServers:list

evs:volumes:list

Supported

×

Querying the agent status

POST /v3/{project_id}/agent/check

cbr:backups:checkAgent

ecs:cloudServers:list

Supported

×

Querying the replication capability

GET /v3/{project_id}/replication-capabilities

cbr:backups:queryReplicationCapability

-

Supported

×

Vaults

Permission

API

Action

Dependencies

IAM

Project

Enterprise

Project

Applying a policy to a vault

POST /v3/{project_id}/vaults/{vault_id}/associatepolicy

cbr:vaults:associatePolicy

-

Supported

Supported

Querying a specified vault

GET /v3/{project_id}/vaults/{vault_id}

cbr:vaults:get

-

Supported

Supported

Modifying a vault

PUT /v3/{project_id}/vaults/{vault_id}

cbr:vaults:update

-

Supported

Supported

Deleting a vault

DELETE /v3/{project_id}/vaults/{vault_id}

cbr:vaults:delete

-

Supported

Supported

Dissociating resources

POST /v3/{project_id}/vaults/{vault_id}/removeresources

cbr:vaults:removeResources

-

Supported

Supported

Associating resources

POST /v3/{project_id}/vaults/{vault_id}/addresources

cbr:vaults:addResources

ecs:cloudServers:list

evs:volumes:list

Supported

Supported

Querying the vault list

GET /v3/{project_id}/vaults

cbr:vaults:list

-

Supported

Supported

Creating a vault

POST /v3/{project_id}/vaults

cbr:vaults:create

ecs:cloudServers:list

evs:volumes:list

Supported

Supported

Querying the vault list in other regions

GET /v3/{project_id}/external_vaults

cbr:vaults:listExternalVaults

cbr:vaults:listVaults

Supported

Supported

Removing a policy from a vault

POST /v3/{project_id}/vaults/{vault_id}/dissociatepolicy

cbr:vaults:dissociatePolicy

-

Supported

Supported

Migrating a resource

POST /v3/{project_id}/vaults/{vault_id}/migrateresources

cbr:vaults:migrateResources

cbr:vaults:addResources

Supported

Checkpoints

Permission

API

Action

Dependencies

IAM

Project

Enterprise

Project

Synchronizing a checkpoint

POST /v3/{project_id}/checkpoints/sync

cbr:vaults:sync

-

Supported

Supported

Replicating a checkpoint

POST /v3/{project_id}/checkpoints/replicate

cbr:vaults:replicate

-

Supported

Supported

Creating a checkpoint

POST /v3/{project_id}/checkpoints

cbr:vaults:backup

ecs:cloudServers:list

evs:volumes:list

Supported

Supported

Backup Sharing

Permission

API

Action

IAM

Project

Enterprise

Project

Adding a share member

POST /v3/{project_id}/backups/{backup_id}/members

cbr:member:create

Supported

Supported

Updating the share member status

PUT

/v3/{project_id}/backups/{backup_id}/members/{member_id}

cbr:member:update

Supported

Supported

Querying share member details

GET

/v3/{project_id}/backups/{backup_id}/members/{member_id}

cbr:member:get

Supported

Supported

Obtaining the share member list

GET

/v3/{project_id}/backups/{backup_id}/members

cbr:member:list

Supported

Supported

Deleting a specified share member

DELETE

/v3/{project_id}/backups/{backup_id}/members/{member_id}

cbr:member:delete

Supported

Supported

Backups

Permission

API

Action

Dependencies

IAM

Project

Enterprise

(Enterprise Project)

Listing backups

GET /v3/{project_id}/backups

cbr:backups:list

-

Supported

Supported

Querying a specified backup

GET /v3/{project_id}/backups/{backup_id}

cbr:backups:get

-

Supported

Supported

Deleting a backup

DELETE /v3/{project_id}/backups/{backup_id}

cbr:backups:delete

-

Supported

Supported

Synchronizing a backup

POST /v3/{project_id}/backups/sync

cbr:backups:sync

-

Supported

Restoring from a backup

POST /v3/{project_id}/backups/{backup_id}/restore

cbr:backups:restore

ecs:cloudServers:list

evs:volumes:list

Supported

Supported

Replicating a backup

POST /v3/{project_id}/backups/{backup_id}/replicate

cbr:backups:replicate

-

Supported

Updating a backup

PUT /v3/{project_id}/backups/{backup_id}

cbr:backups:update

-

Supported

Querying backup metadata

GET

/v3/{project_id}/backups/{backup_id}/metadata

cbr:backups:getMetadata

-

Supported

Supported

Policies

Permission

API

Action

IAM

Project

Enterprise

Project

Querying the policy list

GET /v3/{project_id}/policies

cbr:policies:list

Supported

×

Creating a policy

POST /v3/{project_id}/policies

cbr:policies:create

Supported

×

Querying a specified policy

GET /v3/{project_id}/policies/{policy_id}

cbr:policies:get

Supported

×

Updating a policy

PUT /v3/{project_id}/policies/{policy_id}

cbr:policies:update

Supported

×

Deleting a policy

DELETE /v3/{project_id}/policies/{policy_id}

cbr:policies:delete

Supported

×

Organizational Policies

Permission

API

Action

IAM

Project

Enterprise

(Enterprise Project)

Creating an organization policy

POST /v3/{project_id}/organization-policies

cbr:organizationPolicies:create

×

Listing organizational policies

GET /v3/{project_id}/organization-policies

cbr:organizationPolicies:list

×

Querying a specified organizational policy

GET /v3/{project_id}/organization-policies/{organization_policy_id}

cbr:organizationPolicies:get

×

Deleting an organization policy

DELETE /v3/{project_id}/organization-policies/{organization_policy_id}

cbr:organizationPolicies:delete

×

Updating an organization policy

PUT /v3/{project_id}/organization-policies/{organization_policy_id}

cbr:organizationPolicies:update

×

Tags

Permission

API

Action

IAM

Project

Enterprise

Project

Querying the vault resources

POST /v3/{project_id}/vault/resource_instances/action

cbr:vaults:listResourceInstances

Supported

Supported

Batch adding or deleting tags of a vault resource

POST /v3/{project_id}/vault/{vault_id}/tags/action

cbr:vaults:bulkCreateOrDeleteTags

Supported

Supported

Adding a tag to a vault resource

POST /v3/{project_id}/vault/{vault_id}/tags

cbr:vaults:setTags

Supported

Supported

Deleting a tag of a vault resource

DELETE /v3/{project_id}/vault/{vault_id}/tags/{key}

cbr:vaults:deleteTags

Supported

Supported

Querying tags of a vault resource

GET /v3/{project_id}/vault/{vault_id}/tags

cbr:vaults:getTags

Supported

Supported

Querying tags of a vault project

GET /v3/{project_id}/vault/tags

cbr:vaults:listProjectTags

Supported

Supported

Client

Permission

API

Action

IAM

Project

Enterprise

(Enterprise Project)

Registering a client

POST /v3/{project_id}/agents

cbr:agents:register

×

Querying a client

GET /v3/{project_id}/agents/{agent_id}

cbr:agents:get

×

Listing clients

GET /v3/{project_id}/agents

cbr:agents:list

×

Removing a client

DELETE /v3/{project_id}/agents/{agent_id}

cbr:agents:delete

×

Updating a client

PUT /v3/{project_id}/agents/{agent_id}

cbr:agents:update

×

Removing a file path

POST

/v3/{project_id}/agents/{agent_id}/remove-path

cbr:agents:removePath

×

Adding a file path

POST /v3/{project_id}/agents/{agent_id}/add-path

cbr:agents:addPath

×

Metering

Permission

API

Action

IAM

Project

Enterprise

(Enterprise Project)

Querying the storage usage

GET /v3/{project_id}/storage_usage

cbr:backups:listStorageUsage

Operations

Permission

API

Action

IAM

Project

Enterprise

(Enterprise Project)

Updating vault orders

PUT /v3/{project_id}/orders/{order_id}

cbr:vaults:updateOrder

Supported