HSS Actions
This section describes fine-grained permissions management for your HSS instances. If your Huawei Cloud account does not need individual IAM users, then you may skip over this section.
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on cloud services based on the permissions.
You can grant users permissions by using roles and policies. Roles are provided by IAM to define service-based permissions depending on user's job responsibilities. IAM uses policies to perform fine-grained authorization. A policy defines permissions required to perform operations on specific cloud resources under certain conditions.
Supported Actions
HSS provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. The following are related concepts:
- Permissions: Allow or deny certain operations.
- Actions: Specific operations that are allowed or denied.
- Dependent actions: When assigning permissions for an action, you also need to assign permissions for the dependent actions.
HSS supports the following actions that can be defined in custom policies:
Actions describes the HSS actions, such as querying the HSS list, enabling or disabling HSS for a server, and manual detection.
Actions
|
Permission |
Action |
Related Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Query asset information |
hss:assets:list |
- |
√ |
× |
|
Delete a cluster protection policy |
hss:clusterProtect:delete |
- |
√ |
× |
|
Configure a runtime application self-protection policy |
hss:rasp:set |
- |
√ |
× |
|
Configure asset importance |
hss:hosts:set |
- |
√ |
× |
|
Manage associated assets |
hss:assets:set |
- |
√ |
× |
|
Query image information |
hss:images:list |
- |
√ |
× |
|
Query runtime application self-protection details |
hss:rasp:list |
- |
√ |
× |
|
Configure a security check |
hss:securitycheck:set |
- |
√ |
× |
|
Query cluster protection status |
hss:clusterProtect:list |
- |
√ |
× |
|
Batch-scan images |
hss:images:set |
- |
√ |
× |
|
Configure a cluster protection policy |
hss:clusterProtect:set |
- |
√ |
× |
|
Check backup status |
hss:antiransomware:list |
- |
√ |
× |
|
Configure a backup policy |
hss:antiransomware:set |
- |
√ |
× |
|
Query security check results |
hss:securitycheck:list |
- |
√ |
× |
|
Display container assets |
hss:containers:get |
- |
√ |
× |
|
Configure the overview |
hss:overview:set |
- |
√ |
× |
|
Query the Application Recognition Service (ARS) list |
hss:ars:list |
- |
√ |
× |
|
Check the overview |
hss:overview:list |
- |
√ |
× |
|
Configure a report |
hss:report:set |
- |
√ |
× |
|
Querying a report |
hss:report:list |
- |
√ |
× |
|
Install the agent |
hss:installAgent:set |
- |
√ |
× |
|
Query the programs that have been automatically isolated and killed |
hss:automaticKillMp:get |
- |
√ |
× |
|
Query weak passwords |
hss:weakPwds:get |
- |
√ |
× |
|
Query the account list |
hss:accounts:list |
- |
√ |
× |
|
Configure WTP alarms |
hss:wtpAlertConfig:set |
- |
√ |
× |
|
Perform batch operations on web shells |
hss:webshells:operate |
- |
√ |
× |
|
Configure scheduled protection |
hss:wtpScheduledProtections:set |
- |
√ |
× |
|
Query common login IP addresses |
hss:commonIPs:list |
- |
√ |
× |
|
Configure server groups |
hss:hostGroup:set |
- |
√ |
× |
|
Perform batch operations on malicious programs |
hss:maliciousPrograms:operate |
- |
√ |
× |
|
Query web shell scan results |
hss:webshells:list |
- |
√ |
× |
|
Update container network information |
hss:container-network:set |
- |
√ |
× |
|
Query the protected file system list |
hss:wtpFilesystems:list |
- |
√ |
× |
|
Query the open port list |
hss:ports:list |
- |
√ |
× |
|
Query the process list |
hss:processes:list |
- |
√ |
× |
|
Configure protected directories |
hss:wtpDirectorys:set |
- |
√ |
× |
|
Query password complexity policy scan reports |
hss:complexityPolicys:list |
- |
√ |
× |
|
Query risky account scan reports |
hss:riskyAccounts:list |
- |
√ |
× |
|
Query the detected intrusion list |
hss:event:get |
- |
√ |
× |
|
Querying container assets |
hss:containers:list |
- |
√ |
× |
|
Query yearly/monthly quotas |
hss:quotas:get |
- |
√ |
× |
|
Query WTP alarms |
hss:wtpAlertConfig:get |
- |
√ |
× |
|
Configure backup servers |
hss:wtpBackup:set |
- |
√ |
× |
|
Unblock an IP address that was blocked during account cracking prevention |
hss:accountCracks:unblock |
- |
√ |
× |
|
Query the protection mode |
hss:wtpProtectMode:get |
- |
√ |
× |
|
Query the vulnerability list |
hss:vuls:list |
- |
√ |
× |
|
Configure a protected file system |
hss:wtpFilesystems:set |
- |
√ |
× |
|
Enable 2FA |
hss:twofactorAuth:set |
- |
√ |
× |
|
Query server groups |
hss:hostGroup:get |
- |
√ |
× |
|
Query the software list |
hss:softwares:list |
- |
√ |
× |
|
Perform operations on vulnerabilities |
hss:vuls:set |
- |
√ |
× |
|
Edit baseline data |
hss:baselines:set |
- |
√ |
× |
|
Perform batch operations on open ports |
hss:ports:operate |
- |
√ |
× |
|
Perform operations on intrusions |
hss:event:set |
- |
√ |
× |
|
Query the privileged process list |
hss:wtpPrivilegedProcesses:list |
- |
√ |
× |
|
Query configuration scan reports |
hss:configDetects:list |
- |
√ |
× |
|
Query the login IP address whitelist |
hss:whiteIps:list |
- |
√ |
× |
|
Query HSS alarms |
hss:alertConfig:get |
- |
√ |
× |
|
Perform batch operations on vulnerabilities |
hss:vuls:operate |
- |
√ |
× |
|
Query backup servers |
hss:wtpBackup:get |
- |
√ |
× |
|
Obtain server risk statistics |
hss:riskyDashboard:get |
- |
√ |
× |
|
Subscribe to a security report |
hss:safetyReport:set |
- |
√ |
× |
|
Query the protected server list |
hss:hosts:list |
ecs:cloudServers:list vpc:ports:get vpc:publicIps:list |
√ |
× |
|
Manage container assets |
hss:containers:set |
- |
√ |
× |
|
Query security reports |
hss:safetyReport:list |
- |
√ |
× |
|
Configure weak passwords |
hss:weakPwds:set |
- |
√ |
× |
|
Query malicious program scan results |
hss:maliciousPrograms:list |
- |
√ |
× |
|
Query container network information |
hss:container-network:read |
- |
√ |
× |
|
Purchase a quota |
hss:quotas:set |
- |
√ |
× |
|
Enable or disable WTP |
hss:wtpProtect:switch |
- |
√ |
× |
|
Configure HSS alarms |
hss:alertConfig:set |
- |
√ |
× |
|
Perform operations on detected unsafe settings |
hss:configDetects:operate |
- |
√ |
× |
|
Configure web paths |
hss:webDirs:set |
- |
√ |
× |
|
Configure the login IP address whitelist |
hss:whiteIps:set |
- |
√ |
× |
|
Query web paths |
hss:webDirs:get |
- |
√ |
× |
|
Enable or disable protection on servers |
hss:hosts:switchVersion |
- |
√ |
× |
|
Uninstall an agent |
hss:agent:uninstall |
- |
√ |
× |
|
Configure ARS |
hss:ars:set |
- |
√ |
× |
|
Obtain the list of servers where 2FA is enabled |
hss:twofactorAuth:list |
- |
√ |
× |
|
Manual scan |
hss:hosts:manualDetect |
- |
√ |
× |
|
Query weak password scan reports |
hss:weakPwds:list |
- |
√ |
× |
|
Query Application Recognition Service (ARS) |
hss:ars:get |
- |
√ |
× |
|
Query WTP statistics |
hss:wtpDashboard:get |
- |
√ |
× |
|
Query the agent download address |
hss:installAgent:get |
- |
√ |
× |
|
Query important file change reports |
hss:keyfiles:list |
- |
√ |
× |
|
Query account cracking protection reports |
hss:accountCracks:list |
- |
√ |
× |
|
Query common login locations |
hss:commonLocations:list |
- |
√ |
× |
|
Query remote login scan results |
hss:abnorLogins:list |
- |
√ |
× |
|
Query policy group |
hss:policy:get |
- |
√ |
× |
|
Query the web path list |
hss:webdirs:list |
- |
√ |
× |
|
Query scheduled protection |
hss:wtpScheduledProtections:get |
- |
√ |
× |
|
Query the WTP list |
hss:wtpHosts:list |
ecs:cloudServers:list vpc:ports:get vpc:publicIps:list |
√ |
× |
|
Query baseline data |
hss:baselines:list |
- |
√ |
× |
|
Query the protected directory list |
hss:wtpDirectorys:list |
- |
√ |
× |
|
Check the status of a manual scan |
hss:manualDetectStatus:get |
- |
√ |
× |
|
Configure common login IP addresses |
hss:commonIPs:set |
- |
√ |
× |
|
Query the container network list |
hss:container-network:list |
- |
√ |
× |
|
Configure a protection mode |
hss:wtpProtectMode:set |
- |
√ |
× |
|
Query the auto-startup list |
hss:launch:list |
- |
√ |
× |
|
Configure common login locations |
hss:commonLocations:set |
- |
√ |
× |
|
Configure privileged processes |
hss:wtpPrivilegedProcess:set |
- |
√ |
× |
|
Query WTP records |
hss:wtpReports:list |
- |
√ |
× |
|
File integrity check |
hss:keyfiles:set |
- |
√ |
× |
|
Configure a policy group |
hss:policy:set |
- |
√ |
× |
|
Enable or disable automatic isolation and killing of malicious programs |
hss:automaticKillMp:set |
- |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
