Help Center/ Data Security Center/ API Reference/ Permissions and Supported Actions/ Actions Supported by Policy-based Authorization
Updated on 2026-01-13 GMT+08:00
View PDF
Share

Actions Supported by Policy-based Authorization

This section describes the actions supported by Data Security Center (DSC) in policy-based authorization scenarios.

Supported Actions

DSC provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Actions supported by policies are specific to APIs. Common concepts related to policies include:

  • Permissions: Statements in a policy that allow or deny certain operations
  • APIs: REST APIs that can be called in a custom policy
  • Actions: Added to a custom policy to control permissions for specific operations
  • Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions.
  • IAM projects or enterprise projects: Scope of users a permission is granted to. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect in IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Management. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.

DSC supports the following actions that can be defined in custom policies:

Table 1 Supported actions

Permission

API

Action

IAM Project

Viewing the alarm list

/v1/{project_id}/alarm

dsc:common:list

Changing alarm status

/v1/{project_id}/alarm-status

dsc:common:operate

Authorizing or canceling authorization for an asset

/v1/{project_id}/sdg/asset/authorization

dsc:authorization:grant

Adding assets in batches

/v1/{project_id}/sdg/asset/batch/import

dsc:asset:create

Downloading a template for batch import

/v1/{project_id}/sdg/asset/batch/template

dsc:overview:list

Querying the big data asset list

/v1/{project_id}/sdg/asset/bigdata

dsc:asset:list

Adding a big data asset

/v1/{project_id}/sdg/asset/bigdata

dsc:asset:create

Updating a big data asset

/v1/{project_id}/sdg/asset/bigdata/{bigdata_id}

dsc:asset:update

Deleting a big data asset

/v1/{project_id}/sdg/asset/bigdata/{bigdata_id}

dsc:asset:delete

Adding RDS databases in batches

/v1/{project_id}/sdg/asset/database/batch-authorize

dsc:asset:create

Deleting database assets in batches

/v1/{project_id}/sdg/asset/database/batch-delete

dsc:asset:delete

Deleting a DB instance

/v1/{project_id}/sdg/asset/database/instance/{ins_id}

dsc:asset:delete

Updating a database asset

/v1/{project_id}/sdg/asset/database/{db_id}

dsc:asset:update

Deleting a database asset

/v1/{project_id}/sdg/asset/database/{db_id}

dsc:asset:delete

Adding a database asset

/v1/{project_id}/sdg/asset/database_old

dsc:asset:create

Adding an OBS bucket

/v1/{project_id}/sdg/asset/obs/bucket

dsc:asset:create

Deleting an OBS bucket

/v1/{project_id}/sdg/asset/obs/bucket/{bucket_id}

dsc:asset:delete

Obtaining the bucket list

/v1/{project_id}/sdg/asset/obs/buckets

dsc:asset:list

Adding an OBS bucket

/v1/{project_id}/sdg/asset/obs/buckets

dsc:asset:create

Adding an abnormal data source audit instance

/v1/{project_id}/sdg/risk/datasource

dsc:common:operate

Deleting an abnormal data source

/v1/{project_id}/sdg/risk/datasource/{datasource_id}

dsc:common:operate

Updating conditions for abnormal data source audit

/v1/{project_id}/sdg/risk/datasource/{datasource_id}/condition

dsc:common:operate

Updating the abnormal status

/v1/{project_id}/sdg/risk/{exception_id}/update-status

dsc:common:operate

Obtaining the device list

/v1/{project_id}/devices

dsc:common:list

Adding a device

/v1/{project_id}/devices

dsc:common:operate

Obtaining alarm information

/v1/{project_id}/devices/alarm-info

dsc:common:list

Changing alarm status

/v1/{project_id}/devices/alarm-info/status

dsc:common:operate

Obtaining the device status list

/v1/{project_id}/devices/monitor-info

dsc:common:list

Updating the device status

/v1/{project_id}/devices/status

dsc:common:operate

Updating device information

/v1/{project_id}/devices/{device_id}

dsc:common:operate

Deleting a device

/v1/{project_id}/devices/{device_id}

dsc:common:operate

Updating the default rule group information

/v1/{project_id}/sdg/server/scan/default-group/{group_id}

dsc:scanRuleGroup:update

Adding a customized rule group

/v1/{project_id}/sdg/server/scan/groups

dsc:scanRuleGroup:create

Updating rule group information

/v1/{project_id}/sdg/server/scan/groups

dsc:scanRuleGroup:update

Obtaining rule group details

/v1/{project_id}/sdg/server/scan/groups/{group_id}

dsc:scanRuleGroup:get

Deleting a rule group

/v1/{project_id}/sdg/server/scan/groups/{group_id}

dsc:scanRuleGroup:delete

Obtaining rules in a rule group

/v1/{project_id}/sdg/server/scan/groups/{group_id}/rules

dsc:scanRuleGroup:get

Obtaining rule details and checking whether the rule can be deleted

/v1/{project_id}/sdg/server/scan/rule-group/{rule_id}

dsc:scanRule:get

Adding a rule to a rule group

/v1/{project_id}/sdg/server/scan/rule/{rule_id}/group

dsc:scanRule:update

Adding a rule

/v1/{project_id}/sdg/server/scan/rules

dsc:scanRule:create

Editing a rule

/v1/{project_id}/sdg/server/scan/rules

dsc:scanRule:update

Query the default rule group

/v1/{project_id}/sdg/server/scan/rules/default

dsc:scanRule:list

Obtaining details about a rule

/v1/{project_id}/sdg/server/scan/rules/{rule_id}

dsc:scanRule:get

Deleting a rule

/v1/{project_id}/sdg/server/scan/rules/{rule_id}

dsc:scanRule:delete

Checking whether a rule group can be deleted

/v1/{project_id}/sdg/server/scan/task-group/{group_id}

dsc:scanRuleGroup:get

Querying the associations between template rules

/v1/{project_id}/scan-templates/{template_id}/scan-rules

dsc:scanTemplate:get

Deleting template rule associations in batches

/v1/{project_id}/scan-templates/{template_id}/scan-rules/{rule_ids}

dsc:scanTemplate:update

Modifying the rule enabling status

/v1/{project_id}/scan-templates/{template_id}/scan-rules/{rule_id}/switch

dsc:scanTemplate:update

Exporting an excel report

/v1/{project_id}/sdg/server/stat/jobs/{job_id}/export

dsc:common:list

Creating a watermark embedding task

/v1/{project_id}/data-watermark-embed-task

dsc:common:operate

Deleting watermark embedding tasks in batches

/v1/{project_id}/data-watermark-embed-task

dsc:common:operate

Editing a watermark embedding task

/v1/{project_id}/data-watermark-embed-task/{id}

dsc:common:operate

Deleting a watermark embedding task

/v1/{project_id}/data-watermark-embed-task/{id}

dsc:common:operate

Retrying or stopping a watermark embedding task

/v1/{project_id}/data-watermark-embed-task/{id}/status

dsc:common:operate

Creating a data watermark extraction task, forwarding the data watermark extraction task, and updating the task parameters

/v1/{project_id}/data-watermark-extract-tasks

dsc:common:operate

Deleting data watermark extraction tasks in batches

/v1/{project_id}/data-watermark-extract-tasks

dsc:common:operate

Deleting a data watermark extraction task

/v1/{project_id}/data-watermark-extract-tasks/{task_id}

dsc:common:operate

Embedding watermarks into a document

/v1/{project_id}/sdg/watermark/embed

dsc:watermark:embed

Extracting watermarks

/v1/{project_id}/sdg/watermark/extract

dsc:watermark:extract