Managing CBH Instance Permissions and Supported Actions
This section describes fine-grained permissions management for your CBH. If your account does not need individual IAM users, then you may skip over this section.
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
Permissions are classified into roles and policies based on the authorization granularity. Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions.
Supported Actions
CBH provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.
- Permission: A statement in a policy that allows or denies certain operations.
- Action: Specific operations that are allowed or denied.
Permission |
Action |
|---|---|
Querying the AZ of a CBH instance |
cbh:instance:getAvailableZones |
Checking whether an IPv6 CBH instance can be created |
cbh:instance:checkIpv6 |
Checking network connection between the CBH instance and the license center |
cbh:network:check |
Querying total ECS quota |
cbh:instance:getEcsQuota |
Stopping a CBH instance |
cbh:instance:stop |
Starting a CBH instance |
cbh:instance:start |
Modifying the network of the CBH instance to ensure that the CBH instance can communicate with the license center |
cbh:network:change |
Changing the VPC a CBH instance belongs to |
cbh:instance:switchVpc |
Upgrading the CBH system version |
cbh:instance:upgrade |
Logging in to a CBH instance as user admin |
cbh:instance:loginInstanceAdmin |
Modifying the CBH configuration |
cbh:instance:modify |
Logging n to a CBH instance |
cbh:instance:login |
Obtaining the CBH O&M Link |
cbh:instance:getOmUrl |
Changing the type of a single-node CBH instance |
cbh:instance:changeInstanceType |
Enabling expert O&M service |
cbh:expert:create |
Changing the password of the admin user for a CBH instance |
cbh:instance:resetPassword |
Creating a CBH instance |
cbh:instance:create |
Changing the VPC a CBH instance belongs to |
cbh:instance:switchInstanceVpc |
Creating a CBH agency |
cbh:agency:authorize |
Restarting a CBH instance |
cbh:instance:reboot |
Binding or unbinding an EIP |
cbh:instance:eipOperate |
Changing the VPC a CBH instance belongs to |
cbh:instance:switchInstanceVpcTest |
Expanding a CBH instance edition |
cbh:instance:alterSpec |
Changing the type of a single-node CBH instance |
cbh:instance:changeInstanceTypeTest |
Logging in to a CBH instance as user admin |
cbh:instance:loginInstanceAdminTest |
Querying the CBH instance list |
cbh:instance:list |
Querying the O&M expert service list |
cbh:expert:list |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
