Actions Supported by Policy-based Authorization

Supported Actions

NAT Gateway provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:

• Permissions: statements in a policy that allow or deny certain operations
• APIs: REST APIs that can be called by a user who has been granted specific permissions
• Actions: specific operations that are allowed or denied in a custom policy
• Dependent actions: actions which a specific action depends on. When allowing an action for a user, you also need to allow its dependent actions for that user.
• IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?

NAT Gateway supports all of the following actions in custom policies:

• Public NAT Gateways, including actions, such as creating, updating, and deleting a NAT gateway, supported by all v2 APIs of the NAT gateway.
• SNAT Rules of Public NAT Gateways, including actions, such as creating an SNAT rule and querying SNAT rules, supported by all v2 APIs of the SNAT rule.
• DNAT Rules of Public NAT Gateways, including actions, such as creating a DNAT rule and querying DNAT rules, supported by all v2 APIs of the DNAT rule.