EdgeSec Permissions and Supported Actions
This section describes fine-grained permissions management for your EdgeSec using IAM. You can skip this section if your Huawei account already satisfies your needs.
By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
You can grant users permissions by using rules and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies are a type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions
Supported Actions
EdgeSec provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.
- Permissions: Statements in a policy that allow or deny certain operations.
- Actions: Specific operations that are allowed or denied.
|
Cloud Service |
Permission |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
EdgeSec |
Querying the peak bandwidth of DDoS inbound traffic |
edgesec:statisticsTraffic:get |
√ |
√ |
|
Querying the peak bandwidth of DDoS scrubbing traffic |
√ |
√ |
||
|
Querying DDoS inbound traffic |
√ |
√ |
||
|
Querying inbound traffic and scrubbing traffic |
√ |
√ |
||
|
Querying the attack traffic of different attack types |
√ |
√ |
||
|
Querying the number of DDoS attacks |
edgesec:statisticsEvent:get |
√ |
√ |
|
|
Querying the time series data of different attack events in a specified period |
√ |
√ |
||
|
Querying the time series data of access and attack times in a specified period |
√ |
√ |
||
|
Adding a domain name protected from DDoS attacks |
edgesec:ddosDomain:create |
√ |
√ |
|
|
Querying an Anti-DDoS domain name |
edgesec:ddosDomain:list |
√ |
√ |
|
|
Updating a domain name protected from DDoS attacks |
edgesec:ddosDomain:put |
√ |
√ |
|
|
Deleting a domain name protected from DDoS attacks |
edgesec:ddosDomain:delete |
√ |
√ |
|
|
Obtaining the list of protected domain names of EdgeSec |
edgesec:EdgeSecDomain:list |
√ |
√ |
|
|
Adding a protected domain name of EdgeSec |
edgesec:EdgeSecDomain:create |
√ |
√ |
|
|
Querying EdgeSec protected domain names |
edgesec:EdgeSecDomain:get |
√ |
√ |
|
|
Modifying a protected domain name of EdgeSec |
edgesec:EdgeSecDomain:put |
√ |
√ |
|
|
Deleting a protected domain name of EdgeSec |
edgesec:EdgeSecDomain:delete |
√ |
√ |
|
|
Applying an EdgeSec policy to a domain name |
edgesec:EdgeSecPolicyDomain:put |
√ |
√ |
|
|
Purchasing EdgeSec |
edgesec:product:purchase |
√ |
√ |
|
|
Viewing EdgeSec information |
edgesec:product:list |
√ |
√ |
|
|
Changing specifications of EdgeSec |
edgesec:product:put |
√ |
√ |
|
|
Querying the CDN domain name list |
edgesec:cdnDomain:list |
√ |
√ |
|
|
EdgeSec |
Querying a CC attack protection rule |
EdgeSec:ccRule:get |
√ |
√ |
|
Querying a precise protection rule |
EdgeSec:preciseProtectionRule:get |
√ |
√ |
|
|
Querying a global whitelist rule for false alarm masking rules |
EdgeSec:falseAlarmMaskRule:get |
√ |
√ |
|
|
Querying a data masking rule |
EdgeSec:privacyRule:get |
√ |
√ |
|
|
Querying a blacklist or whitelist rule |
EdgeSec:whiteBlackIpRule:get |
√ |
√ |
|
|
Querying a geolocation access control rule |
EdgeSec:geoIpRule:get |
√ |
√ |
|
|
Querying a certificate |
EdgeSec:certificate:get |
√ |
√ |
|
|
Modifying an EdgeSec certificate |
EdgeSec:certificate:put |
√ |
√ |
|
|
Applying a certificate to a domain name |
EdgeSec:certificate:apply |
√ |
√ |
|
|
Querying a protection event |
EdgeSec:event:get |
√ |
√ |
|
|
Querying a protected domain name |
EdgeSec:instance:get |
√ |
√ |
|
|
Querying a protection policy |
EdgeSec:policy:get |
√ |
√ |
|
|
Querying the protection event download link |
EdgeSec:dumpEventLink:get |
√ |
√ |
|
|
Querying configurations |
EdgeSec:consoleConfig:get |
√ |
√ |
|
|
Querying the back-to-source IP address range |
EdgeSec:sourceIp:get |
√ |
√ |
|
|
Updating a CC attack protection rule |
EdgeSec:ccRuleRule:put |
√ |
√ |
|
|
Updating a precise protection rule |
EdgeSec:preciseProtectionRule:put |
√ |
√ |
|
|
Updating a global whitelist rule for false alarm masking rules |
EdgeSec:falseAlarmMaskRule:put |
√ |
√ |
|
|
Updating a privacy masking rule |
EdgeSec:privacyRule:put |
√ |
√ |
|
|
Updating an IP address blacklist or whitelist rule |
EdgeSec:whiteBlackIpRule:put |
√ |
√ |
|
|
Updating a geolocation access control rule |
EdgeSec:geoIpRule:put |
√ |
√ |
|
|
Updating a protection policy |
EdgeSec:policy:put |
√ |
√ |
|
|
Deleting a CC attack protection rule |
EdgeSec:ccRule:delete |
√ |
√ |
|
|
Configuring a precise protection rule |
EdgeSec:preciseProtectionRule:delete |
√ |
√ |
|
|
Deleting a global whitelist rule for false alarm masking rules |
EdgeSec:falseAlarmMaskRule:delete |
√ |
√ |
|
|
Deleting a privacy masking rule |
EdgeSec:privacyRule:delete |
√ |
√ |
|
|
Deleting a blacklist or whitelist rule |
EdgeSec:whiteBlackIpRule:delete |
√ |
√ |
|
|
Deleting a geolocation access control rule |
EdgeSec:geoIpRule:delete |
√ |
√ |
|
|
Deleting a protection policy |
EdgeSec:policy:delete |
√ |
√ |
|
|
Adding a CC attack protection rule |
EdgeSec:ccRule:create |
√ |
√ |
|
|
Adding a precise protection rule |
EdgeSec:preciseProtectionRule:create |
√ |
√ |
|
|
Creating a global whitelist rule for false alarm masking rules |
EdgeSec:falseAlarmMaskRule:create |
√ |
√ |
|
|
Creating a privacy masking rule |
EdgeSec:privacyRule:create |
√ |
√ |
|
|
Creating a blacklist or whitelist rule |
EdgeSec:whiteBlackIpRule:create |
√ |
√ |
|
|
Adding a geolocation access control rule |
EdgeSec:geoIpRule:create |
√ |
√ |
|
|
Creating a certificate |
EdgeSec:certificate:create |
√ |
√ |
|
|
Creating a protection policy |
EdgeSec:policy:create |
√ |
√ |
|
|
Querying CC attack protection rules |
EdgeSec:ccRuleRule:list |
√ |
√ |
|
|
Querying precise protection rules |
EdgeSec:preciseProtectionRule:list |
√ |
√ |
|
|
Querying global whitelist rules for false alarm masking |
EdgeSec:falseAlarmMaskRule:list |
√ |
√ |
|
|
Querying data masking rules |
EdgeSec:privacyRule:list |
√ |
√ |
|
|
Querying the blacklist and whitelist rules |
EdgeSec:whiteBlackIpRule:list |
√ |
√ |
|
|
Querying geolocation access control rules |
EdgeSec:geoIpRule:list |
√ |
√ |
|
|
Querying protection policies |
EdgeSec:policy:list |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
