AAD Permissions and Actions
This section describes how to use IAM for fine-grained AAD permissions management. If your Huawei Cloud account does not need individual IAM users, skip this section.
By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
You can grant users permissions by using rules and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. IAM uses policies to perform fine-grained authorization. A policy defines permissions required to perform operations on specific cloud resources under certain conditions.
Supported Actions
AAD provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.
- Permissions: Statements in a policy that allow or deny certain operations.
- Actions: Specific operations that are allowed or denied.
Permission |
Action |
|---|---|
Obtain instance details. |
aad:instance:get |
Query the instance list. |
aad:instance:list |
Create an instance. |
aad:instance:create |
Modify an instance. |
aad:instance:put |
Query the certificate list. |
aad:certificate:list |
Upload a certificate. |
aad:certificate:create |
Delete a certificate. |
aad:certificate:delete |
Obtain domain name details. |
aad:domain:get |
Obtain the domain name list. |
aad:domain:list |
Add a domain name. |
aad:domain:create |
Edit a domain name. |
aad:domain:put |
Delete a domain name. |
aad:domain:delete |
Query a protection policy. |
aad:policy:get |
List domain names with an enabled protection policy. |
aad:policy:list |
Create a protection policy. |
aad:policy:create |
Update a protection policy. |
aad:policy:put |
Delete a protection policy. |
aad:policy:delete |
Create a blacklist or whitelist rule. |
aad:whiteBlackIpRule:create |
Delete a blacklist or whitelist rule. |
aad:whiteBlackIpRule:delete |
Query the blacklist and whitelist rule list. |
aad:whiteBlackIpRule:list |
Query quotas. |
aad:quotas:get |
Query a forwarding rule. |
aad:forwardingRule:get |
Export forwarding rules. |
aad:forwardingRule:list |
Add a forwarding rule. |
aad:forwardingRule:create |
Modify a forwarding rule. |
aad:forwardingRule:put |
Delete a forwarding rule. |
aad:forwardingRule:delete |
View a statistics report. |
aad:dashboard:get |
Query alarm notifications. |
aad:alarmConfig:get |
Create an alarm notification. |
aad:alarmConfig:create |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
