Actions Supported by Policy-based Authorization
This section describes the actions supported policy-based authorization for CCM.
Supported Actions
CCM provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: statements in a policy that allow or deny certain operations
- APIs: REST APIs that can be called in a custom policy
- Actions: Added to a custom policy to control permissions for specific operations.
- Dependent actions: When assigning an action to users, you also need to assign dependent permissions for that action to take effect.
- IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and enterprise management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
CCM supports the following actions that can be defined in custom policies.
- SCM Authorization List: contains actions supported by SSL certificate APIs, such as the APIs for querying the certificate list, purchasing certificates, and uploading certificates.
- PCA Authorization List: contains actions supported by private CA and private certificate APIs, such as the APIs for creating a CA, querying the private CA quota, and creating a private certificate.
SCM Authorization List
|
Permission |
API |
Action |
Dependent Permission |
IAM Project (Project) |
|---|---|---|---|---|
|
Querying the certificate list |
GET /v2/{project_id}/scm/certlist |
scm:cert:list |
- |
√ |
|
Querying details of a certificate |
GET /v2/{project_id}/scm/cert/{cert_id} |
scm:cert:get |
- |
√ |
|
Querying the certificate type |
GET /v2/{project_id}/scm/cert/product |
scm:certType:get |
- |
√ |
|
Querying details of a certificate |
GET /v2/{project_id}/scm/product/{product_id} |
scm:certProduct:get |
- |
√ |
|
Canceling an application |
POST /v2/{project_id}/scm/cert/{cert_id}/cancel-cert |
scm:cert:cancel |
- |
√ |
|
Purchasing a certificate |
POST /v2/{project_id}/scm/cert/purchase |
scm:cert:purchase |
- |
√ |
|
Applying for a certificate |
POST /v2/{project_id}/scm/cert/{cert_id}/complete |
scm:cert:complete |
- |
√ |
|
Saving the information entered when applying for a certificate |
POST /v2/{project_id}/scm/cert/{cert_id}/save |
scm:cert:complete |
- |
√ |
|
Reading the information entered during certificate application |
POST /v2/{project_id}/scm/cert/{cert_id}/read |
scm:cert:complete |
- |
√ |
|
Modifying a certificate |
PUT /v2/{project_id}/scm/cert/{cert_id} |
scm:cert:edit |
- |
√ |
|
Deleting a certificate |
DELETE /v2/{project_id}/scm/cert/{cert_id} |
scm:cert:delete |
- |
√ |
|
Downloading a certificate |
GET /v2/{project_id}/scm/cert/{cert_id}/cert_file |
scm:cert:download |
- |
√ |
|
Uploading authentication information |
POST /v2/{project_id}/scm/cert/{cert_id}/info/{type}/upload_authentication |
scm:cert:complete |
- |
√ |
|
Revoking a certificate |
POST /v2/{project_id}/scm/cert/{cert_id}/revoke |
scm:cert:revoke |
- |
√ |
|
Pushing a certificate |
POST /v2/{project_id}/scm/cert/{cert_id}/push |
scm:cert:push |
The following action needs to be added when a certificate is to be pushed to CDN: cdn:configuration:queryHttpsConf |
√ |
|
Querying push records |
GET /v2/{project_id}/scm/cert/{cert_id}/push-history |
scm:pushHistory:list |
- |
√ |
|
Uploading a certificate |
POST /v2/{project_id}/scm/cert/upload |
scm:cert:upload |
- |
√ |
|
Verifying a CSR |
POST /v2/{project_id}/scm/check-csr |
scm:cert:complete |
- |
√ |
|
Adding an additional domain name |
POST /v2/{project_id}/scm/cert/{cert_id}/supplement |
scm:cert:supplement |
- |
√ |
|
Canceling privacy authorization |
DELETE /v2/{project_id}/scm/privacy-protection/{cert_id} |
scm:privacyProtection:delete |
- |
√ |
|
Permission |
API |
Action |
|---|---|---|
|
Creating a CA |
POST /v1/private-certificate-authorities |
pca:ca:create |
|
Canceling the scheduled deletion of a CA |
POST /v1/private-certificate-authorities/{ca_id}/restore |
pca:ca:restore |
|
Querying details about a private CA |
GET /v1/private-certificate-authorities/{ca_id} |
pca:ca:get |
|
Querying CSR details about a private CA |
GET /v1/private-certificate-authorities/{ca_id}/csr |
pca:ca:getCsr |
|
Querying the private CA quota |
GET /v1/private-certificate-authorities/quotas |
pca:ca:quota |
|
Exporting a private CA |
POST /v1/private-certificate-authorities/{ca_id}/export |
pca:ca:export |
|
Deleting a private CA |
DELETE /v1/private-certificate-authorities/{ca_id} |
pca:ca:delete |
|
Disabling a private CA |
POST /v1/private-certificate-authorities/{ca_id}/disable |
pca:ca:disable |
|
Enabling a private CA |
POST /v1/private-certificate-authorities/{ca_id}/enable |
pca:ca:enable |
|
Activating a private CA |
POST /v1/private-certificate-authorities/{ca_id}/activate |
pca:ca:active |
|
Importing a CA |
POST /v1/private-certificate-authorities/{ca_id}/import |
pca:ca:import |
|
Querying the private CA list |
GET /v1/private-certificate-authorities |
pca:ca:list |
Authorization information about APIs related to private certificates
|
Permission |
API |
Action |
|---|---|---|
|
Querying details about a private certificate |
GET /v1/private-certificates/{certificate_id} |
pca:cert:get |
|
Parsing the CSR of a private certificate |
POST /v1/private-certificates/csr/parse |
pca:cert:parseCsr |
|
Exporting a private certificate |
POST /v1/private-certificates/{certificate_id}/export |
pca:cert:export |
|
Querying the private certificate quota |
GET /v1/private-certificates/quotas |
pca:cert:quota |
|
Creating a private certificate |
POST /v1/private-certificates |
pca:ca:issueCert |
|
Deleting a private certificate |
DELETE /v1/private-certificates/{certificate_id} |
pca:ca:delete |
|
Revoking a private certificate |
POST /v1/private-certificates/{certificate_id}/revoke |
pca:cert:revoke |
|
Creating a private certificate through a CSR |
POST /v1/private-certificates/csr |
pca:ca:issueCertThroughCSR |
|
Querying the list of private certificates |
GET /v1/private-certificates |
pca:cert:list |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
