Policies/Roles Authorization
This section describes the actions supported by Global Accelerator in policy-based authorization.
Supported Actions
Global Accelerator provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: statements in a policy that allow or deny certain operations.
- APIs: REST APIs that can be called by a user who has been granted specific permissions.
- Actions: specific operations that are allowed or denied.
- Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
- IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. "√" indicates that the action supports the project and "×" indicates that the action does not support the project. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
Global Accelerator supports the following actions in custom policies:
- Global Accelerator: actions supported by APIs for creating a global accelerator, querying global accelerators, querying the details of a global accelerator, updating a global accelerator, and deleting a global accelerator.
- Listener: actions supported by APIs for adding a listener, querying listeners, querying the details of a listener, updating a listener, and deleting a listener.
- Endpoint Group: actions supported by APIs for adding an endpoint group, querying the endpoint groups, querying the details of an endpoint group, updating an endpoint group, and deleting an endpoint group.
- Endpoint: actions supported by APIs for adding an endpoint, querying the endpoints, querying the details of an endpoint, updating an endpoint, and deleting an endpoint.
- Health Check: actions supported by APIs for configuring a health check, querying the health checks, querying the details of a health check, updating a health check, and deleting a health check.
- IP Address Group: actions supported by APIs for creating, querying, updating, deleting IP address groups, and querying the details of an IP address group; APIs for adding CIDR blocks to or removing CIDR blocks from an IP address group, associating an IP address group with or disassociating an IP address group from a listener.
- Tag: actions supported by APIs for adding, deleting, and querying tags.
Global Accelerator
|
Permission |
API |
Action |
Dependencies |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Creating a global accelerator |
POST /v1/accelerators |
ga:accelerator:create |
- |
√ |
× |
|
Querying global accelerators |
GET /v1/accelerators |
ga:accelerator:list |
- |
√ |
× |
|
Querying the details of a global accelerator |
GET /v1/accelerators/{accelerator_id} |
ga:accelerator:get |
- |
√ |
× |
|
Updating a global accelerator |
PUT /v1/accelerators/{accelerator_id} |
ga:accelerator:update |
- |
√ |
× |
|
Deleting a global accelerator |
DELETE /v1/accelerators/{accelerator_id} |
ga:accelerator:delete |
- |
√ |
× |
Listener
|
Permission |
API |
Action |
Dependencies |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Adding a listener |
POST /v1/listeners |
ga:listener:create |
- |
√ |
× |
|
Querying listeners |
GET /v1/listeners |
ga:listener:list |
- |
√ |
× |
|
Querying the details of a listener |
GET /v1/listeners/{listener_id} |
ga:listener:get |
- |
√ |
× |
|
Updating a listener |
PUT /v1/listeners/{listener_id} |
ga:listener:update |
- |
√ |
× |
|
Deleting a listener |
DELETE /v1/listeners/{listener_id} |
ga:listener:delete |
- |
√ |
× |
Endpoint Group
|
Permission |
API |
Action |
Dependencies |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Adding an endpoint group |
POST /v1/endpoint-groups |
ga:endpointgroup:create |
- |
√ |
× |
|
Querying endpoint groups |
GET /v1/endpoint-groups |
ga:endpointgroup:list |
- |
√ |
× |
|
Querying the details of an endpoint group |
GET /v1/endpoint-groups/{endpoint_group_id} |
ga:endpointgroup:get |
- |
√ |
× |
|
Updating an endpoint group |
PUT /v1/endpoint-groups/{endpoint_group_id} |
ga:endpointgroup:update |
- |
√ |
× |
|
Deleting an endpoint group |
DELETE /v1/endpoint-groups/{endpoint_group_id} |
ga:endpointgroup:delete |
- |
√ |
× |
Endpoint
|
Permission |
API |
Action |
Dependencies |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Adding an endpoint |
POST /v1/endpoint-groups/{endpoint_group_id}/endpoints |
ga:endpoint:create |
- |
√ |
× |
|
Querying endpoints |
GET /v1/endpoint-groups/{endpoint_group_id}/endpoints |
ga:endpoint:list |
- |
√ |
× |
|
Querying the details of an endpoint |
GET /v1/endpoint-groups/{endpoint_group_id}/endpoints/{endpoint_id} |
ga:endpoint:get |
- |
√ |
× |
|
Updating an endpoint |
PUT /v1/endpoint-groups/{endpoint_group_id}/endpoints/{endpoint_id} |
ga:endpoint:update |
- |
√ |
× |
|
Deleting an endpoint |
DELETE /v1/endpoint-groups/{endpoint_group_id}/endpoints/{endpoint_id} |
ga:endpoint:delete |
- |
√ |
× |
Health Check
|
Permission |
API |
Action |
Dependencies |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Configuring a health check |
POST /v1/health-checks |
ga:healthcheck:create |
- |
√ |
× |
|
Querying health checks |
GET /v1/health-checks |
ga:healthcheck:list |
- |
√ |
× |
|
Querying the details of a health check |
GET /v1/health-checks/{health_check_id} |
ga:healthcheck:get |
- |
√ |
× |
|
Updating a health check |
PUT /v1/health-checks/{health_check_id} |
ga:healthcheck:update |
- |
√ |
× |
|
Deleting a health check |
DELETE /v1/health-checks/{health_check_id} |
ga:healthcheck:delete |
- |
√ |
× |
IP Address Group
|
Permission |
API |
Action |
Dependencies |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Creating an IP address group |
POST /v1/ip-groups |
ga:ipgroup:create |
- |
√ |
× |
|
Querying IP address groups |
GET /v1/ip-groups |
ga:ipgroup:list |
- |
√ |
× |
|
Querying the details of an IP address group |
GET /v1/ip-groups/{ip_group_id} |
ga:ipgroup:get |
- |
√ |
× |
|
Updating an IP address group |
PUT /v1/ip-groups/{ip_group_id} |
ga:ipgroup:update |
- |
√ |
× |
|
Deleting an IP address group |
DELETE /v1/ip-groups/{ip_group_id} |
ga:ipgroup:delete |
- |
√ |
× |
|
Adding CIDR blocks to an IP address group |
POST /v1/ip-groups/{ip_group_id}/add-ips |
ga:ipgroup:addIps |
- |
√ |
× |
|
Deleting IP addresses from an IP address group |
POST /v1/ip-groups/{ip_group_id}/remove-ips |
ga:ipgroup:removeIps |
- |
√ |
× |
|
Associating an IP address group with a listener |
POST /v1/ip-groups/{ip_group_id}/associate-listener |
ga:ipgroup:associateListener |
- |
√ |
× |
|
Disassociating an IP address group from a listener |
POST /v1/ip-groups/{ip_group_id}/disassociate-listener |
ga:ipgroup:disassociateListener |
- |
√ |
× |
Tag
|
Permission |
API |
Action |
Dependencies |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Adding a tag |
POST /v1/{resource_type}/{resource_id}/tags/create |
ga:tag:create |
- |
√ |
× |
|
Deleting a tag |
DELETE /v1/{resource_type}/{resource_id}/tags/delete |
ga:tag:delete |
- |
√ |
× |
|
Querying a tag |
GET /v1/{resource_type}/{resource_id}/tags |
ga:tag:get |
- |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
