Resource-level Authorization
|
Resource Type |
URN |
|---|---|
|
workspace |
secmaster:<region>:<account-id>:workspace:<workspace-id> |
|
playbook |
secmaster:<region>:<account-id>:playbook:<workspace-id>/<playbook-id> |
|
workflow |
secmaster:<region>:<account-id>:workflow:<workspace-id>/<workflow-id> |
|
connection |
secmaster:<region>:<account-id>:connection:<workspace-id>/<connection-id> |
|
task |
secmaster:<region>:<account-id>:task:<workspace-id>/<task-id> |
|
indicator |
secmaster:<region>:<account-id>:indicator:<workspace-id>/<indicator-id> |
|
alert |
secmaster:<region>:<account-id>:alert:<workspace-id>/<alert-id> |
|
incident |
secmaster:<region>:<account-id>:incident:<workspace-id>/<incident-id> |
|
dataobject |
secmaster:<region>:<account-id>:dataobject:<workspace-id>/<dataobject-id> |
|
metric |
secmaster:<region>:<account-id>:metric:<workspace-id>/<metric-id> |
|
resource |
secmaster:<region>:<account-id>:resource:<workspace-id>/<resource-id> |
|
report |
secmaster:<region>:<account-id>:report:<workspace-id>/<report-id> |
|
emergencyVulnerability |
secmaster:<region>:<account-id>:emergencyVulnerability:<workspace-id>/<emergency-vulnerability-id> |
|
dataspace |
secmaster:<region>:<account-id>:dataspace:<workspace-id>/<dataspace-id> |
|
pipe |
secmaster:<region>:<account-id>:pipe:<workspace-id>/<pipe-id> |
|
alertRule |
secmaster:<region>:<account-id>:alertRule:<workspace-id>/<alertRule-id> |
|
vulnerability |
secmaster:<region>:<account-id>:vulnerability:<workspace-id>/<vulnerability-id> |
|
alertRuleTemplate |
secmaster:<region>:<account-id>:alertRuleTemplate:<workspace-id>/<alertRuleTemplate-id> |
|
searchCondition |
secmaster:<region>:<account-id>:searchCondition:<workspace-id>/<searchCondition-id> |
|
dataclass |
secmaster:<region>:<account-id>:dataclass:<workspace-id>/<dataclass-id> |
|
mapping |
secmaster:<region>:<account-id>:mapping:<workspace-id>/<mapping-id> |
|
layout |
secmaster:<region>:<account-id>:layout:<workspace-id>/<layout-id> |
|
catalogue |
secmaster:<region>:<account-id>:catalogue:<workspace-id>/<catalogue-id> |
|
table |
secmaster:<region>:<account-id>:table:<workspace-id>/<table-id> |
|
policy |
secmaster:<region>:<account-id>:policy:<workspace-id>/<policy-id> |
|
baseline |
secmaster:<region>:<account-id>:baseline:<workspace-id>/<baseline-id> |
|
shipper |
secmaster:<region>:<account-id>:shipper:<workspace-id>/<shipper-id> |
|
analysisScript |
secmaster:<region>:<account-id>:analysisScript:<workspace-id>/<analysisScript-id> |
|
collectorChannel |
secmaster:<region>:<account-id>:collectorChannel:<workspace-id>/<collectorChannel-id> |
|
collectorChannelGroup |
secmaster:<region>:<account-id>:collectorChannelGroup:<workspace-id>/<collectorChannelGroup-id> |
|
collectorConnection |
secmaster:<region>:<account-id>:collectorConnection:<workspace-id>/<collectorConnection-id> |
|
collectorParser |
secmaster:<region>:<account-id>:collectorParser:<workspace-id>/<collectorParser-id> |
|
component |
secmaster:<region>:<account-id>:component:<workspace-id>/<component-id> |
|
node |
secmaster:<region>:<account-id>:node:<workspace-id>/<node-id> |
|
accountAgency |
secmaster:<region>:<account-id>:accountAgency:<accountAgency-id> |
When setting the unique resource ID in a permission policy, change the variables such as <region>, <account-id>, and <workspace-id> to the actual values or use a wildcard (*).
Resource-level authorization example policy:
For playbook URN secmaster:<region>:<account-id>:playbook:<workspace-id>/<playbook-id>, change the following variables:
- Change <region> and <account-id> to a wildcard (*), respectively.
- Change <workspace-id> to 7430b8e4-be12-4bd4-80f7-1aa02123551c.
- Change <playbook-id> to a wildcard (*).
Assign the following policy to user A. User A then has the permission to review all playbooks in workspace 7430b8e4-be12-4bd4-80f7-1aa02123551c.
{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secmaster:playbook:approve"
],
"Resource": [
"secmaster:*:*:playbook:7430b8e4-be12-4bd4-80f7-1aa02123551c/*"
]
}
]
}
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
