Anti-DDoS Permissions and Actions
This section describes fine-grained permissions management for Anti-DDoS. If your account does not need individual IAM users, then you may skip over this section.
By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added. Users inherit permissions from the groups and can perform operations on cloud services as allowed by the permissions.
You can grant users permissions by using roles and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. IAM uses policies to perform fine-grained authorization. A policy defines permissions required to perform operations on specific cloud resources under certain conditions.
Supported Actions
Anti-DDoS provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.
- Permissions: Statements in a policy that allow or deny certain operations
- Actions: Added to a custom policy to control permissions for specific operations
Permission |
Action |
Dependency |
|---|---|---|
Querying default protection policy of Anti-DDoS |
anti-ddos:defaultDefensePolicy:get |
- |
Configuring default Anti-DDoS protection policies |
anti-ddos:defaultDefensePolicy:create |
- |
Deleting the default Anti-DDoS policies |
anti-ddos:defaultDefensePolicy:delete |
- |
Querying Anti-DDoS specifications |
anti-ddos:optionalDefensePolicy:list |
- |
Querying configured Anti-DDoS policies |
anti-ddos:ip:getDefensePolicy |
vpc:publicIps:list |
Updating Anti-DDoS policies |
anti-ddos:ip:updateDefensePolicy |
- |
Enabling Anti-DDoS |
anti-ddos:ip:enableDefensePolicy |
- |
Querying weekly defense statistics |
anti-ddos:ip:getWeeklyReport |
- |
Querying the traffic of a specified EIP |
anti-ddos:ip:getDailyTrafficReport |
- |
Querying events of a specified EIP |
anti-ddos:ip:getDailyEventReport |
- |
Querying the defense status of a specified EIP |
anti-ddos:ip:getDefenseStatus |
- |
Querying the list of defense statuses of EIPs |
anti-ddos:ip:listDefenseStatuses |
- |
Querying Anti-DDoS tasks |
anti-ddos:task:list |
- |
Querying alarm configuration |
anti-ddos:alertConfig:get |
smn:topic:list |
Updating alarm configuration |
anti-ddos:alertConfig:update |
- |
Querying LTS configurations |
anti-ddos:logConfig:get |
- |
Updating LTS configurations |
anti-ddos:logConfig:update |
- |
Querying quotas |
anti-ddos:quota:list |
- |
Querying resource tags |
anti-ddos:ip:listTagsForResource |
- |
Batch creating tags |
anti-ddos:ip:tagResource |
- |
Batch deleting tags |
anti-ddos:ip:untagResource |
- |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
