SecMaster Permissions and Supported Actions
This topic describes fine-grained permissions management for your SecMaster. If your account does not need individual IAM users, then you may skip over this section.
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. Users inherit permissions from the groups to which they are added. After authorization, the user can perform specified operations on cloud services based on the permissions.
Permissions are classified into roles and policies based on the authorization granularity. A role is a coarse-grained authorization mechanism provided by IAM to define permissions based on users' job responsibilities. A policy defines permissions required to perform operations on specific cloud resources under certain conditions. IAM uses policies to perform fine-grained authorization.
Limitations and Constraints
All actions supported by SecMaster support only IAM projects but not enterprise projects.
Supported Actions
SecMaster provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.
- Permission: A statement in a policy that allows or denies certain operations.
- Action: Specific operations that are allowed or denied.
|
Permission |
Action |
|---|---|
|
Get the statistics of playbook |
secmaster:playbook:getStatistics |
|
Query playbook details |
secmaster:playbook:getInstance |
|
Show subscription version |
secmaster:subscription:getVersion |
|
Query search condition details |
secmaster:searchCondition:get |
|
Export indicators |
secmaster:indicator:export |
|
Export emergency vulnerabilities |
secmaster:emergencyVulnerability:export |
|
Get incident details |
secmaster:incident:get |
|
Query alert rule template details |
secmaster:alertRuleTemplate:get |
|
Get field details |
secmaster:dataclass:getField |
|
Show vulnerabilities group info |
secmaster:vulnerability:getGroup |
|
Get workflow details |
secmaster:workflow:get |
|
Get alert details |
secmaster:alert:get |
|
Query the indicator list |
secmaster:indicator:list |
|
Query pipe details |
secmaster:pipe:get |
|
Get classifier details |
secmaster:mapping:getClassifier |
|
Get playbook details |
secmaster:playbook:get |
|
Get pipe consumption |
secmaster:pipe:getConsumption |
|
Download the indicator template |
secmaster:indicator:downloadTemplate |
|
Get the monitor of playbook |
secmaster:playbook:getMonitor |
|
Export a playbook |
secmaster:playbook:export |
|
Query the dataclass details |
secmaster:dataclass:get |
|
Query alert rule details |
secmaster:alertRule:get |
|
Get mapper details |
secmaster:mapping:getMapper |
|
Get a wizard |
secmaster:layout:getWizard |
|
Get type details |
secmaster:dataclass:getType |
|
Get asset credential details |
secmaster:connection:get |
|
Get task details |
secmaster:task:get |
|
Show report |
secmaster:report:get |
|
Query a pipe index |
secmaster:pipe:getIndex |
|
Query playbook topology details |
secmaster:playbook:getInstanceTopology |
|
Show agency |
secmaster:agency:get |
|
Get indicator details |
secmaster:indicator:get |
|
Get mapping datasources |
secmaster:mapping:getDatasource |
|
Show resource statistics |
secmaster:resource:getStatistics |
|
Get the workflow instance topology |
secmaster:workflow:getInstance |
|
Get workspace details |
secmaster:workspace:get |
|
Get resource import template |
secmaster:resource:getTemplate |
|
Get workflow version details |
secmaster:workflow:getVersion |
|
Get a layout |
secmaster:layout:get |
|
Get playbook version details |
secmaster:playbook:getVersion |
|
Get dataspace details |
secmaster:dataspace:get |
|
Get a layout field. |
secmaster:layout:getField |
|
Show metric result |
secmaster:metric:getResult |
|
Query the alert list |
secmaster:alert:list |
|
Query alert rules |
secmaster:alertRule:list |
|
Get the playbook list |
secmaster:playbook:list |
|
Query the search condition list |
secmaster:searchCondition:list |
|
Query the pipe list |
secmaster:pipe:list |
|
List alert rule template metrics |
secmaster:alertRuleTemplate:listMetrics |
|
Query the approval list |
secmaster:playbook:listApproves |
|
export vulnerabilities groups |
secmaster:vulnerability:exportGroup |
|
List emergency vulnerabilities |
secmaster:emergencyVulnerability:list |
|
Query the mapper list |
secmaster:mapping:listMappers |
|
Search category |
secmaster:catalogue:list |
|
Query the type list |
secmaster:dataclass:listTypes |
|
List metric results |
secmaster:metric:listResults |
|
Query the playbook instance list |
secmaster:playbook:listInstances |
|
Query logs |
secmaster:search:listLogs |
|
Get layout field list |
secmaster:layout:listFields |
|
List vulnerabilities groups |
secmaster:vulnerability:listGroups |
|
Get the playbook version list |
secmaster:playbook:listVersions |
|
Get the incident type list |
secmaster:incident:listTypes |
|
Query mapping functions |
secmaster:mapping:listFunctions |
|
Query histograms |
secmaster:search:listHistograms |
|
Get layout type list |
secmaster:layout:listBusinessTypes |
|
Create batch orderAlerts |
secmaster:alert:batchOrders |
|
Query the workflow list |
secmaster:workflow:list |
|
Get the workflow version list |
secmaster:workflow:listVersions |
|
Query the playbook instance auditlog list |
secmaster:playbook:getInstanceAuditlog |
|
Query the task list |
secmaster:task:list |
|
List reports |
secmaster:report:list |
|
Get layout list |
secmaster:layout:list |
|
Query the indicator type list |
secmaster:indicator:listTypes |
|
Get dataclass list |
secmaster:dataclass:list |
|
Query the dataspace list |
secmaster:dataspace:list |
|
List alert rule templates |
secmaster:alertRuleTemplate:list |
|
Query the mapping list |
secmaster:mapping:list |
|
Query the field list |
secmaster:dataclass:listFields |
|
Get alert rule metrics |
secmaster:alertRule:listMetrics |
|
Get wizard list |
secmaster:layout:listWizards |
|
Query the incident list |
secmaster:incident:list |
|
Query the incident category list |
secmaster:incident:listCategories |
|
Query the dataObject relation list |
secmaster:dataobject:listRelations |
|
Query the alert category list |
secmaster:alert:listCategories |
|
Query the vulnerability type list |
secmaster:vulnerability:listTypes |
|
Query the asset credential list |
secmaster:connection:list |
|
List resources |
secmaster:resource:list |
|
Query the alert type list |
secmaster:alert:listTypes |
|
Search metric hits |
secmaster:metric:listHits |
|
Query the workspace list |
secmaster:workspace:list |
|
query tags of resource |
secmaster:workspace:listTags |
|
List cloud logs config |
secmaster:collector:listConfig |
|
List cloud logs config |
secmaster:cloudLog:list |
|
Query cloud logs resource |
secmaster:cloudLog:listResourceConfig |
|
List collector parser templates |
secmaster:collectorParser:listTemplates |
|
List collector parsers |
secmaster:collectorParser:list |
|
Export collector parsers |
secmaster:collectorParser:export |
|
List collector connections |
secmaster:collectorConnection:list |
|
Get collector connection |
secmaster:collectorConnection:get |
|
List collector channel instances |
secmaster:collectorChannel:listInstances |
|
List collector channels |
secmaster:collectorChannel:list |
|
Get collector channel |
secmaster:collectorChannel:get |
|
List collector channel nodes |
secmaster:collectorChannel:listNodes |
|
List collector channel group |
secmaster:collectorChannelGroup:list |
|
List collector nodes |
secmaster:collectorNode:list |
|
List components configuration template |
secmaster:component:listTemplates |
|
List components configurations |
secmaster:component:listConfigurations |
|
Show component info |
secmaster:component:get |
|
List component info |
secmaster:component:list |
|
List component history configuration info |
secmaster:component:listConfigurationVersions |
|
List component running node info |
secmaster:component:listRunningNodes |
|
List node info |
secmaster:node:list |
|
Get table consumption |
secmaster:table:getConsumption |
|
Export an analysis script |
secmaster:analysisScript:export |
|
Show collector parser |
secmaster:collectorParser:get |
|
Permission |
Action |
|---|---|
|
Delete a workflow |
secmaster:workflow:delete |
|
Delete a pipe |
secmaster:pipe:delete |
|
Create a workspace |
secmaster:workspace:create |
|
Delete a mapping |
secmaster:mapping:delete |
|
Import resources |
secmaster:resource:import |
|
Create a wizard |
secmaster:layout:createWizard |
|
Update an incident |
secmaster:incident:update |
|
import playbook |
secmaster:playbook:import |
|
Create a playbook version |
secmaster:playbook:createVersion |
|
Approve a workflow version |
secmaster:workflow:approveVersion |
|
Delete a workflow version |
secmaster:workflow:deleteVersion |
|
Operate a playbook instance |
secmaster:playbook:operateInstance |
|
Bind an indicator type with layout |
secmaster:indicator:bindLayout |
|
Delete a layout field |
secmaster:layout:deleteField |
|
Delete pipe consumption |
secmaster:pipe:deleteConsumption |
|
Delete report |
secmaster:report:delete |
|
Create agency |
secmaster:agency:create |
|
Update wizards |
secmaster:layout:updateWizard |
|
Copy a mapping |
secmaster:mapping:copy |
|
Update the status of a mapping |
secmaster:mapping:update |
|
Approve a playbook |
secmaster:playbook:approve |
|
Create a search condition |
secmaster:searchCondition:create |
|
Update a workflow version |
secmaster:workflow:updateVersion |
|
Create an incident type |
secmaster:incident:createType |
|
Update a mapper |
secmaster:mapping:updateMapper |
|
Create alert rule |
secmaster:alertRule:create |
|
Update a dataclass |
secmaster:dataclass:update |
|
Update a pipe |
secmaster:pipe:update |
|
Create a layout |
secmaster:layout:create |
|
Enable or disable an incident type |
secmaster:incident:enableType |
|
Update a layout |
secmaster:layout:update |
|
Operate a workflow instance |
secmaster:workflow:operateInstance |
|
Update a layout field |
secmaster:layout:updateField |
|
Delete alert rule |
secmaster:alertRule:delete |
|
Update an alert |
secmaster:alert:update |
|
Delete an incident type |
secmaster:incident:deleteType |
|
Create an alert |
secmaster:alert:create |
|
Enable or disable an alert type |
secmaster:alert:enableType |
|
Delete an incident |
secmaster:incident:delete |
|
Create a workflow version |
secmaster:workflow:createVersion |
|
Create a classifier |
secmaster:mapping:createClassifier |
|
Delete a mapper |
secmaster:mapping:deleteMapper |
|
Update report |
secmaster:report:update |
|
Execute an analysis |
secmaster:search:createAnalysis |
|
Update a workspace |
secmaster:workspace:update |
|
Update a search condition |
secmaster:searchCondition:update |
|
Delete a playbook |
secmaster:playbook:delete |
|
Create a task |
secmaster:task:create |
|
Create a dataclass |
secmaster:dataclass:create |
|
Update an alert type |
secmaster:alert:updateType |
|
Update a workflow |
secmaster:workflow:update |
|
Delete a vulnerability type |
secmaster:vulnerability:deleteType |
|
Create a layout field |
secmaster:layout:createField |
|
Update an asset credential |
secmaster:connection:update |
|
Delete an alert type |
secmaster:alert:deleteType |
|
Create a mapper |
secmaster:mapping:createMapper |
|
Create a playbook |
secmaster:playbook:create |
|
Set emergency vulnerability read status |
secmaster:emergencyVulnerability:updateReadStatus |
|
Verify a workflow version |
secmaster:workflow:validate |
|
Update a pipe index |
secmaster:pipe:updateIndex |
|
Create a workflow |
secmaster:workflow:create |
|
Create report |
secmaster:report:create |
|
Create an alert type |
secmaster:alert:createType |
|
Update alert rules |
secmaster:alertRule:update |
|
Create a dataspace |
secmaster:dataspace:create |
|
Create pre-paid order |
secmaster:subscription:createPrePaidOrder |
|
Create pipe consumption |
secmaster:pipe:createConsumption |
|
Delete a workspace |
secmaster:workspace:delete |
|
Update a classifier |
secmaster:mapping:updateClassifier |
|
Simulate alert rule |
secmaster:alertRule:createSimulation |
|
Create a pipe |
secmaster:pipe:create |
|
Delete post-paid order |
secmaster:subscription:deletePostPaidOrder |
|
Enable or disable a vulnerability type |
secmaster:vulnerability:enableType |
|
Update an incident type |
secmaster:incident:updateType |
|
Update indicator |
secmaster:indicator:update |
|
Bind a vulnerability type with a layout |
secmaster:vulnerability:bindLayout |
|
Delete a playbook version |
secmaster:playbook:deleteVersion |
|
Update a field |
secmaster:dataclass:updateField |
|
Delete a wizard |
secmaster:layout:deleteWizard |
|
Bind an alert type with a layout |
secmaster:alert:bindLayout |
|
Update a vulnerability type |
secmaster:vulnerability:updateType |
|
Delete an asset credential |
secmaster:connection:delete |
|
Update a category |
secmaster:catalogue:update |
|
Disable alert rule |
secmaster:alertRule:disable |
|
Create an incident |
secmaster:incident:create |
|
Create a field |
secmaster:dataclass:createField |
|
Delete a dataspace |
secmaster:dataspace:delete |
|
Delete field |
secmaster:dataclass:deleteField |
|
Create indicator |
secmaster:indicator:create |
|
Copy a playbook version |
secmaster:playbook:copyVersion |
|
Create dataObject relations |
secmaster:dataobject:createRelation |
|
Delete a search condition |
secmaster:searchCondition:delete |
|
Delete a classifier |
secmaster:mapping:deleteClassifier |
|
Update a playbook version |
secmaster:playbook:updateVersion |
|
Bind an incident type with a layout |
secmaster:incident:bindLayout |
|
Delete an alert |
secmaster:alert:delete |
|
Delete a dataclass |
secmaster:dataclass:delete |
|
Delete dataObject relations |
secmaster:dataobject:deleteRelation |
|
import indicator |
secmaster:indicator:import |
|
Create an asset credential |
secmaster:connection:create |
|
Update a playbook |
secmaster:playbook:update |
|
Delete layouts |
secmaster:layout:delete |
|
Update a task |
secmaster:task:update |
|
Transfer to template |
secmaster:layout:createTemplate |
|
Update a dataspace |
secmaster:dataspace:update |
|
Create post-paid order |
secmaster:subscription:createPostPaidOrder |
|
Create a vulnerability type |
secmaster:vulnerability:createType |
|
Delete indicator |
secmaster:indicator:delete |
|
Enable alert rule |
secmaster:alertRule:enable |
|
Update the debug result of a workflow version |
secmaster:workflow:simulate |
|
update tag |
secmaster:workspace:updateTag |
|
batch delete tags |
secmaster:workspace:deleteTags |
|
batch create tags |
secmaster:workspace:createTags |
|
Create cloud logs config |
secmaster:collector:createConfig |
|
Create cloud logs config |
secmaster:cloudLog:create |
|
Delete cloud logs config |
secmaster:cloudLog:delete |
|
Create collector parsers |
secmaster:collectorParser:create |
|
Delete collector parser |
secmaster:collectorParser:delete |
|
Create collector connection |
secmaster:collectorConnection:create |
|
Update collector connection |
secmaster:collectorConnection:update |
|
Delete collector connection |
secmaster:collectorConnection:delete |
|
Create collector channel |
secmaster:collectorChannel:create |
|
Delete collector channel |
secmaster:collectorChannel:delete |
|
Update collector channel |
secmaster:collectorChannel:update |
|
Create collector channel operation |
secmaster:collectorChannel:createOperation |
|
Delete collector channel group |
secmaster:collectorChannelGroup:delete |
|
Update collector channel group |
secmaster:collectorChannelGroup:update |
|
Create collector channel group |
secmaster:collectorChannelGroup:create |
|
Update component configuration info |
secmaster:component:updateConfigurations |
|
Delete node info |
secmaster:node:delete |
|
Update node info |
secmaster:node:update |
|
Create table consumption |
secmaster:table:createConsumption |
|
Delete table consumption |
secmaster:table:deleteConsumption |
|
Import an analysis script |
secmaster:analysisScript:import |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
