Cloud Operations Center (COC)
The Organizations service provides Service Control Policies (SCPs) to set access control policies.
SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU.
This section describes the elements used by Organizations SCPs. The elements include actions, resources, and conditions.
For details about how to use these elements to create a custom SCP, see Creating an SCP.
Actions
Actions are specific operations that are allowed or denied in an SCP.
- The Access Level describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
- The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
- If resource types are specified for this column, specify the resource URN in the statement that contains the action.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by COC, see Resources.
- The Condition Key column contains keys that you can specify in the Condition element of an SCP statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column of an action is empty (-), the action does not support any condition keys.
For details about the condition keys defined by COC, see Conditions.
The following table lists the actions that you can define in SCP statements for COC.
|
Action |
Description |
Access Level |
Resource Type (*: required) |
Condition Key |
|---|---|---|---|---|
|
coc:customDashboard:update |
Allows you to modify the permissions on a custom dashboard. |
write |
- |
- |
|
coc:customDashboard:get |
Allows you to query the permissions on a custom dashboard. |
read |
- |
- |
|
coc:document:create |
Allows you to create documents. |
write |
document |
- |
|
coc:document:listRunbookAtomics |
Allows you to view the atomic capability list of a job. |
list |
document |
- |
|
coc:document:getRunbookAtomicDetails |
Allows you to query details about an atomic capability of a job. |
read |
document |
- |
|
coc:document:list |
Allows you to query the document list. |
list |
document |
- |
|
coc:document:delete |
Allows you to delete documents. |
write |
document |
- |
|
coc:document:update |
Allows you to modify documents. |
write |
document |
- |
|
coc:document:get |
Allows you to view documents. |
read |
document |
- |
|
coc:document:analyzeRisk |
Allows you to analyze document risks. |
read |
document |
- |
|
coc:systemConfig:get |
Allows you to obtain the details about system configurations. |
write |
- |
- |
|
coc:systemConfig:create |
Allows you to create system configurations. |
read |
- |
- |
|
coc:job:list |
Allows you to query details about a service ticket. |
write |
job |
- |
|
coc:job:action |
Allows you to perform operations on service tickets. |
write |
job |
- |
|
coc:instance:autoBatchInstances |
Enables automatic instance batching. |
list |
instance |
- |
|
coc:instance:executeDocument |
Allows you to execute documents on an ECS. |
write |
instance |
- |
|
coc:quota:get |
Allows you to query instance quotas. |
write |
- |
- |
|
coc:job:get |
Allows you to query details about a service ticket. |
write |
job |
- |
|
coc:schedule:list |
Allows you to query the scheduled task list. |
read |
schedule |
- |
|
coc:schedule:enable |
Allows you to enable scheduled tasks. |
read |
schedule |
- |
|
coc:schedule:update |
Allows you to update scheduled tasks. |
list |
schedule |
- |
|
coc:schedule:disable |
Allows you to disable the scheduled task list. |
write |
schedule |
- |
|
coc:schedule:approve |
Allows you to review the scheduled task list. |
write |
schedule |
- |
|
coc:schedule:create |
Allows you to create a scheduled task list. |
write |
schedule |
- |
|
coc:schedule:delete |
Allows you to delete scheduled tasks. |
write |
schedule |
- |
|
coc:schedule:count |
Allows you to query the number of scheduled tasks. |
write |
schedule |
- |
|
coc:schedule:get |
Allows you to query scheduled tasks. |
write |
schedule |
- |
|
coc:schedule:getHistories |
Allows you to query the execution history of a scheduled task. |
read |
schedule |
- |
|
coc:parameter:list |
Allows you to query the parameter list. |
read |
parameter |
- |
|
coc:parameter:delete |
Allows you to delete parameters. |
read |
parameter |
- |
|
coc:parameter:update |
Allows you to update parameters. |
list |
parameter |
- |
|
coc:parameter:create |
Allows you to create parameters. |
write |
parameter |
- |
|
coc:parameter:get |
Allows you to query parameter details. |
write |
parameter |
- |
|
coc:complianceReport:list |
Allows you to query the compliance report list. |
write |
- |
- |
|
coc:patchBaseline:list |
Allows you to query the patch baseline list. |
read |
- |
- |
|
coc:patchBaseline:get |
Allows you to query the details about a patch baseline. |
list |
- |
- |
|
coc:patchBaseline:update |
Allows you to update patch baselines. |
list |
- |
- |
|
coc:patchBaseline:registerDefault |
Allows you to set the preset patch baseline. |
write |
- |
- |
|
coc:patchBaseline:delete |
Allows you to delete patch baselines. |
write |
- |
- |
|
coc:patchBaseline:create |
Allows you to create patch baselines. |
write |
- |
- |
|
coc:patchBaseline:getDefault |
Allows you to query the preset patch baseline. |
write |
- |
- |
|
coc:patchBaseline:opsSystemGet |
Allows you to view patch OS baselines. |
write |
- |
- |
|
coc:complianceReport:get |
Allows you to query details about a compliance report. |
read |
- |
- |
|
coc:instance:scanOSCompliance |
Allows you to scan OS patches on a server. |
read |
instance |
- |
|
coc:instance:installPatches |
Allows you to install patches for ECSs. |
read |
instance |
- |
|
coc:patchBaseline:updateCustomBaseline |
Allows you to update user-defined baselines. |
read |
- |
- |
|
coc:instance:startRDSInstance |
Allows you to enable RDS DB instances. |
write |
instance |
- |
|
coc:instance:stopRDSInstance |
Allows you to stop an RDS DB instance. |
write |
instance |
- |
|
coc:instance:restartRDSInstance |
Allows you to reboot an RDS DB instance. |
write |
instance |
- |
|
coc:instance:start |
Allows you to start ECSs. |
write |
instance |
- |
|
coc:instance:reboot |
Allows you to restart ECSs. |
write |
instance |
- |
|
coc:instance:stop |
Allows you to disable ECSs. |
write |
instance |
- |
|
coc:serverResourcesDetail:get |
Allows you to obtain ESC resource information. |
write |
- |
- |
|
coc:instance:reinstallOS |
Allows you to reinstall ECS OSs. |
write |
instance |
- |
|
coc:account:get |
Allows you to query the list of managed accounts on a host. |
write |
- |
- |
|
coc:accountPasswordChangePolicy:get |
Allows you to query enabled password change policies. |
write |
- |
- |
|
coc:accountEncryptionKey:list |
Allows you to query added DEW keys. |
write |
- |
- |
|
coc:accountBaseline:list |
Allows you to query the account baseline list. |
list |
accountBaseline |
- |
|
coc:accountAutoManagement:getRelations |
Allows you to query information about components for which automatic management is enabled. |
list |
- |
- |
|
coc:accountEncryptionKey:listDEWKeys |
Allows you to query existing DEW keys. |
list |
- |
- |
|
coc:accountBaseline:get |
Allows you to query the account list in a baseline. |
list |
accountBaseline |
- |
|
coc:accountBaseline:create |
Allows you to create account baselines. |
list |
accountBaseline |
- |
|
coc:accountBaseline:deleteAccount |
Allows you to delete account permissions from a baseline. |
list |
accountBaseline |
- |
|
coc:account:add |
Allows you to import a host account. |
list |
- |
- |
|
coc:instance:resetPassword |
Allows you to reset the password of a host account. |
write |
instance |
- |
|
coc:accountBaseline:delete |
Allows you to delete account baselines. |
write |
accountBaseline |
- |
|
coc:accountAutoManagement:updateStatus |
Allows you to update the automatic management statuses. |
write |
- |
- |
|
coc:accountAutoManagement:addRelations |
Allows you to enable automatic management by component. |
write |
- |
- |
|
coc:accountBaseline:update |
Allows you to modify account baselines. |
write |
accountBaseline |
- |
|
coc:accountPasswordChangePolicy:disable |
Allows you to disable the password change policy. |
write |
- |
- |
|
coc:accountAutoManagement:deleteRelations |
Allows you to disable automatic management by component. |
write |
- |
- |
|
coc:accountPasswordChangePolicy:enable |
Allows you to enable the password change policy. |
write |
- |
- |
|
coc:accountEncryptionKey:add |
Allows you to add an encryption key. |
write |
- |
- |
|
coc:account:sync |
Allows you to synchronize accounts of hosts. |
write |
- |
- |
|
coc:account:getManagedStatus |
Allows you to query the management step status. |
write |
- |
- |
|
coc:account:getPassword |
Allows you to query the accounts and their passwords. |
write |
- |
- |
|
coc:accountAutoManagement:getStatus |
Allows you to query whether the automatic management function is enabled. |
write |
- |
- |
|
coc:hostiAccount:describe |
Allows you to query information about a hosting service account. |
read |
- |
- |
|
coc:vendorAccount:update |
Allows you to update cloud vendor accounts. |
read |
- |
- |
|
coc:application:GetDiagnosisTaskDetails |
Allows you to query application resource diagnosis tasks. |
read |
application |
- |
|
coc:application:CreateDiagnosisTask |
Allows you to create application diagnosis tasks. |
write |
application |
- |
|
coc:vendorAccount:list |
Allows you to query the list of cloud vendor accounts. |
list |
- |
- |
|
coc:vendorAccount:create |
Allows you to create a cloud vendor account. |
write |
- |
- |
|
coc:vendorAccount:delete |
Allows you to delete cloud vendor accounts. |
list |
- |
- |
|
coc:customApplication:get |
Allows you to query custom application details. |
write |
application |
- |
|
coc:site:list |
Allows you to query the region list. |
write |
- |
- |
|
coc:instance:listResources |
Allows you to query the resource list. |
list |
instance |
- |
|
coc:application:listResources |
Allows you to query the application resource list. |
list |
application |
- |
|
coc:application:list |
Allows you to query the application list. |
list |
application |
- |
|
coc:customApplication:list |
Allows you to query the user-defined application list. |
list |
application |
- |
|
coc:application:listGroups |
Allows you to query the permission of a specified application group list. |
list |
application |
- |
|
coc:region:list |
Allows you to query the region list. |
list |
- |
- |
|
coc:application:deleteGroup |
Allows you to delete application groups. |
list |
application |
- |
|
coc:application:updateResources |
Allows you to modify application resources. |
list |
application |
- |
|
coc:application:create |
Allows you to create applications. |
write |
application |
- |
|
coc:application:addResources |
Allows you to add resources to an application. |
write |
application |
- |
|
coc:application:createGroup |
Allows you to create an application group. |
write |
application |
- |
|
coc:instance:syncResources |
Allows you to synchronize the resource list. |
write |
instance |
- |
|
coc:application:removeResources |
Allows you to remove permissions of an application resource. |
write |
application |
- |
|
coc:application:delete |
Allows you to delete an application. |
write |
application |
- |
|
coc:application:update |
Allows you to modify the permissions of an application. |
write |
application |
- |
|
coc:application:updateGroup |
Allows you to modify the permissions of an application group. |
write |
application |
- |
|
coc:contingencyPlan:list |
Allows you to query the contingency plan list. |
write |
contingencyPlan |
- |
|
coc:contingencyPlan:delete |
Allows you to delete a contingency plan. |
write |
contingencyPlan |
- |
|
coc:contingencyPlan:create |
Allows you to create a contingency plan. |
write |
contingencyPlan |
- |
|
coc:contingencyPlan:update |
Allows you to modify a user's permissions on a contingency plan. |
list |
contingencyPlan |
- |
|
coc:wechatkey:create |
Allows you to create an enterprise WeChat application key. |
write |
- |
- |
|
coc:wechatkey:delete |
Allows you to delete the enterprise WeChat application key. |
write |
- |
- |
|
coc:appkey:update |
Allows you to update mobile app keys. |
write |
- |
- |
|
coc:wechatkey:update |
Allows you to modify keys of WeCom. |
write |
- |
- |
|
coc:appkey:create |
Allows you to create a mobile application key. |
write |
- |
- |
|
coc:appkey:delete |
Allows you to delete mobile application keys. |
write |
- |
- |
|
coc:appkey:get |
Allows you to view mobile application keys. |
write |
- |
- |
|
coc:wechatkey:get |
Allows you to view WeCom application keys. |
write |
- |
- |
|
coc:systemConfig:update |
Allows you to modify system configurations. |
write |
- |
- |
|
coc:hostAccount:delete |
Allows SRE engineers to delete hosting accounts. |
read |
- |
- |
|
coc:hostAccount:update |
Allows you to edit SRE hosting accounts. |
read |
- |
- |
|
coc:hostAccount:disable |
Allows you to cancel the hosting service. |
list |
- |
- |
|
coc:hostAccount:create |
Allows you to add a hosting account. |
read |
- |
- |
|
coc:hostAccount:list |
Allows you to query SRE hosting accounts. |
write |
- |
- |
|
coc:hostAccount:enable |
Allows you to enable the hosting service for accounts. |
write |
- |
- |
|
coc:systemConfig:list |
Allows you to obtain the system configuration list. |
write |
- |
- |
|
coc:agency:create |
Allows you to create a tenant agency. |
write |
- |
- |
|
coc:agency:get |
Allows you to query agency information of a tenant. |
read |
- |
- |
|
coc:notificationRule:get |
Allows you to query notification rule details. |
write |
- |
- |
|
coc:notification:listTypes |
Allows you to query notification types. |
write |
- |
- |
|
coc:notification:listTemplates |
Allows you to query the notification template list. |
read |
- |
- |
|
coc:notification:listModes |
Allows you to query the notification mode. |
list |
- |
- |
|
coc:notificationRule:list |
Allows you to query the notification rule list. |
list |
- |
- |
|
coc:notificationRule:update |
Allows you to update notification rules. |
list |
- |
- |
|
coc:notificationRule:delete |
Allows you to delete notification rules. |
list |
- |
- |
|
coc:notificationRule:create |
Allows you to create notification rules. |
list |
- |
- |
|
coc:notificationRule:disable |
Allows you to disable notification rules. |
write |
- |
- |
|
coc:ticket:get |
Allows you to query incident ticket details. |
write |
- |
- |
|
coc:contingencyPlan:getHistories |
Allows you to query the contingency plan history. |
write |
contingencyPlan |
- |
|
coc:ticket:listEnumTypes |
Allows you to query the enumeration type list of incident tickets. |
write |
- |
- |
|
coc:ticket:listEnumValues |
Allows you to query the enumerated value list of an incident ticket. |
write |
- |
- |
|
coc:ticket:getOperationHistories |
Allows you to query the operation history of an incident ticket. |
list |
- |
- |
|
coc:ticket:listActions |
Allows you to query the list of operations that can be performed. |
list |
- |
- |
|
coc:ticket:getEnumValues |
Allows you to query details about enumerated values of an incident ticket. |
list |
- |
- |
|
coc:ticket:list |
Allows you to query the incident ticket list. |
list |
- |
- |
|
coc:ticket:update |
Allows you to modify incident tickets. |
list |
- |
- |
|
coc:contingencyPlan:downloadFile |
Allows you to download attachments in contingency plans. |
list |
contingencyPlan |
- |
|
coc:ticket:delete |
Allows you to delete incident tickets. |
list |
- |
- |
|
coc:ticket:downloadFile |
Allows you to download attachments for incident tickets. |
list |
- |
- |
|
coc:ticket:action |
Allows you to handle incident tickets. |
write |
- |
- |
|
coc:ticket:uploadFile |
Allows you to upload attachments for incident tickets. |
write |
- |
- |
|
coc:ticket:create |
Allows you to create incident tickets. |
write |
- |
- |
|
coc:contingencyPlan:uploadFile |
Allows you to upload attachments for the contingency plan. |
write |
contingencyPlan |
- |
|
coc:ticket:getEnumTypes |
Allows you to query details about incident ticket enumeration types. |
write |
- |
- |
|
coc:personnel:list |
Allows you to query the personnel list. |
write |
- |
- |
|
coc:personnel:update |
Allows you to update personnel information. |
write |
- |
- |
|
coc:personnel:add |
Allows you to add personnel. |
write |
- |
- |
|
coc:personnel:remove |
Allows you to remove personnel. |
read |
- |
- |
|
coc:notificationRule:confirm |
Allows you to confirm notification rules. |
list |
- |
- |
|
coc:instance:changeOS |
Allows you to change the OS of an ECS. |
write |
instance |
- |
|
coc:oncall:listPersonnels |
Allows you to query the list of on-call personnel in schedules. |
write |
- |
- |
|
coc:oncall:listScenes |
Allows you to view on-call scheduling scenarios. |
write |
- |
- |
|
coc:oncall:listRoles |
Allows you to query on-call personnel roles in schedules. |
write |
- |
- |
|
coc:oncall:updatePersonnels |
Allows you to update the on-call personnel in schedules. |
list |
- |
- |
|
coc:oncall:updateScene |
Allows you to update on-call scheduling scenarios. |
list |
- |
- |
|
coc:oncall:removePersonnels |
Allows you to remove on-call personnel from schedules. |
list |
- |
- |
|
coc:oncall:updateRole |
Allows you to update on-call personnel roles in schedules. |
write |
- |
- |
|
coc:oncall:createRole |
Allows you to create on-call personnel roles in schedules. |
write |
- |
- |
|
coc:oncall:deleteScene |
Allows you to delete on-call scheduling scenarios. |
write |
- |
- |
|
coc:oncall:deleteRole |
Allows you to delete on-call personnel roles from schedules |
write |
- |
- |
|
coc:oncall:addPersonnels |
Allows you to add on-call personnel to schedules. |
write |
- |
- |
|
coc:oncall:createScene |
Allows you to create on-call scheduling scenarios. |
write |
- |
- |
|
coc:transferRule:get |
Allows you to query details about a forwarding rule. |
write |
- |
- |
|
coc:transferRule:list |
Allows you to query the forwarding rule list. |
write |
- |
- |
|
coc:transferRule:delete |
Allows you to delete forwarding rules. |
write |
- |
- |
|
coc:transferRule:disable |
Allows you to disable forwarding rules. |
list |
- |
- |
|
coc:transferRule:enable |
Allows you to enable forwarding rules. |
list |
- |
- |
|
coc:transferRule:create |
Allows you to create forwarding rules. |
write |
- |
- |
|
coc:transferRule:update |
Allows you to update forwarding rules. |
write |
- |
- |
|
coc:notificationRule:enable |
Allows you to enable notification rules. |
write |
- |
- |
|
coc:transferRule:getHistory |
Allows you to query the messages about incidents transferred recently. |
write |
- |
- |
|
coc:quotas:list |
Allows you to query the list of purchased quotas. |
write |
- |
- |
|
coc:orders:change |
Allows you to update Cloud Operations Center orders. |
read |
- |
- |
|
coc:orders:create |
Allows you to create CloudOperationsCenter orders. |
list |
- |
- |
|
coc:integration:list |
Allows you to query the integration configuration list. |
write |
- |
- |
|
coc:integration:get |
Allows you to query integration configuration details. |
write |
- |
- |
|
coc:integration:getHistory |
Allows you to query historical incident messages of integration configurations. |
list |
- |
- |
|
coc:integration:update |
Allows you to modify integration configurations. |
list |
- |
- |
|
coc:integration:enable |
Allows you to enable integration configurations. |
list |
- |
- |
|
coc:integration:disable |
Allows you to disable integration configurations. |
write |
- |
- |
|
coc:integration:access |
Allows you to access integration configurations. |
write |
- |
- |
|
coc:integration:remove |
Allows you to remove integration configurations. |
write |
- |
- |
|
coc:attackTargetRecord:list |
Allows you to view the execution record list of an attack target. |
write |
attackTargetRecord |
- |
|
coc:drillPlan:list |
Allows you to query the drill plan list. |
write |
drillPlan |
- |
|
coc:attackRecord:list |
Allows you to view the attack record list. |
list |
attackRecord |
- |
|
coc:faultMode:list |
Allows you to query the failure mode list. |
list |
faultMode |
- |
|
coc:monitorMetricRecord:list |
Allows you to query the monitoring metric data list. |
list |
- |
- |
|
coc:attackTask:list |
Allows you to view the attack task list. |
list |
attackTask |
- |
|
coc:attackTarget:listCcePods |
Allows you to query the pod list of attack targets from CCE clusters. |
list |
- |
- |
|
coc:improvementTask:list |
Allows you to query the improvement item list. |
list |
- |
- |
|
coc:drillTask:list |
Allows you to view the drill task list. |
list |
drillTask |
- |
|
coc:attackTarget:listCceWorkloads |
Allows you to query the workload list of attack targets from CCE clusters. |
list |
- |
- |
|
coc:attackTarget:listCceNamespaces |
Allows you to query the namespace list of attack targets from CCE clusters. |
list |
- |
- |
|
coc:drillPlan:listDelay |
Allows you to query the list of delayed drill plans. |
list |
drillPlan |
- |
|
coc:monitorMetric:list |
Allows you to query the monitoring metric list. |
list |
- |
- |
|
coc:faultMode:delete |
Allows you to delete failure modes. |
list |
faultMode |
- |
|
coc:faultMode:update |
Allows you to update failure modes. |
list |
faultMode |
- |
|
coc:drillTask:create |
Allows you to create drill tasks. |
write |
drillTask |
- |
|
coc:attackTargetRecord:operate |
Allows you to retry execution records of attack targets. |
write |
attackTargetRecord |
- |
|
coc:drillReport:create |
Allows you to create drill reports. |
write |
- |
- |
|
coc:drillTask:delete |
Allows you to delete drill tasks. |
write |
drillTask |
- |
|
coc:faultMode:create |
Allows you to create failure modes. |
write |
faultMode |
- |
|
coc:drillRecord:create |
Allows you to start a drill. |
write |
drillRecord |
- |
|
coc:drillPlan:create |
Allows you to create a drill plan. |
write |
drillPlan |
- |
|
coc:drillReport:update |
Allows you to update drill reports. |
write |
- |
- |
|
coc:application:CreateResourceTopo |
Allows you to create resource topologies. |
write |
application |
- |
|
coc:drillTask:update |
Allows you to modify drill tasks. |
write |
drillTask |
- |
|
coc:improvementTask:create |
Allows you to create improvement items. |
write |
- |
- |
|
coc:drillPlan:update |
Allows you to update drill plans. |
write |
drillPlan |
- |
|
coc:attackRecord:changeMetricType |
Allows you to modify a metric type in an attack record. |
write |
attackRecord |
- |
|
coc:improvementTask:update |
Allows you to handle improvement items. |
write |
- |
- |
|
coc:attackTask:create |
Allows you to create attack tasks. |
write |
attackTask |
- |
|
coc:drillPlan:countStatus |
Allows you to query the number of drill tasks that are in a specified drill plan state. |
write |
drillPlan |
- |
|
coc:faultMode:get |
Allows you to query the details about a specified failure mode. |
read |
faultMode |
- |
|
coc:contingencyPlan:get |
Allows you to query contingency plan details. |
read |
contingencyPlan |
- |
|
coc:drillRecord:get |
Allows you to query drill record details. |
read |
drillRecord |
- |
|
coc:drillTask:get |
Allows you to query drill task details. |
read |
drillTask |
- |
|
coc:drillPlan:countDelay |
Allows you to query the number of delayed drill plans. |
read |
drillPlan |
- |
|
coc:improvementTask:get |
Allows you to query the details about an improvement item. |
read |
- |
- |
|
coc:drillReport:get |
Allows you to query details about a drill report. |
read |
- |
- |
|
coc:drillPlan:get |
Allows you to query details about a specified drill plan |
read |
drillPlan |
- |
|
coc:attackTask:get |
Allows you to view details about an attack task. |
read |
attackTask |
- |
|
coc:alarm:listHandleHistories |
Allows you to query the historical alarm handling list. |
read |
- |
- |
|
coc:alarm:list |
Allows you to query the alarm list. |
list |
- |
- |
|
coc:alarm:createAlarmLinkedIncident |
Allows you to create incidents associated with alarms. |
list |
- |
- |
|
coc:alarm:clear |
Allows you to clear alarms. |
write |
- |
- |
|
coc:instance:getAlarms |
Allows you to view the alarm list of a resource. |
write |
instance |
- |
|
coc:alarm:get |
Allows you to query alarm information. |
read |
- |
- |
|
coc:alarm:count |
Allows you to query the number of alarms. |
read |
- |
- |
|
coc:instance:listAlarms |
Allows you to query the alarm list of all resources. |
read |
instance |
- |
|
coc:task:list |
Allows you to query the O&M transaction list. |
list |
- |
- |
|
coc:task:create |
Allows you to create O&M transactions |
list |
- |
- |
|
coc:task:complete |
Allows you to end O&M transactions. |
write |
- |
- |
|
coc:task:cancel |
Allows you to cancel O&M transactions. |
write |
- |
- |
|
coc:task:accept |
Allows you to receive O&M transact.ions. |
write |
- |
- |
|
coc:task:get |
Allows you to query details about an O&M transaction. |
write |
- |
- |
|
coc:task:count |
Allows you to query the O&M transaction list. |
read |
- |
- |
|
coc:warroom:get |
Allows you to query details about a war room. |
read |
- |
- |
|
coc:warroom:listConfigurations |
Allows you to query the public enumeration configurations of war rooms. |
list |
- |
- |
|
coc:warroom:list |
Allows you to query the war room list. |
write |
- |
- |
|
coc:warroom:listNotificationTemplates |
Allows you to query the war room notification template list. |
list |
- |
- |
|
coc:warroom:listMeetings |
Allows you to query the war room list. |
list |
- |
- |
|
coc:warroom:listRoles |
Allows you to query the war room role list. |
list |
- |
- |
|
coc:warroom:listAffectedApplications |
Allows you to query the list of applications of a war room. |
list |
- |
- |
|
coc:warroomMeetingRule:list |
Allows you to query the war room startup rule list. |
list |
- |
- |
|
coc:warroom:getOperationHistory |
Allows you to query war room operation history. |
list |
- |
- |
|
coc:warroom:addRolePersonnels |
Allows you to add roles to war rooms. |
list |
- |
- |
|
coc:warroom:modifyBasicInformation |
Allows you to modify basic war room information. |
list |
- |
- |
|
coc:warroomMeetingRule:delete |
Allows you to delete war room setup rules. |
list |
- |
- |
|
coc:warroom:addAffectedApplications |
Allows you to add applications to war rooms. |
write |
- |
- |
|
coc:warroom:addPersonnels |
Allows you to add personnel to war rooms. |
write |
- |
- |
|
coc:warroomMeetingRule:update |
Allows you to update war room startup rules. |
write |
- |
- |
|
coc:warroom:removeAffectedApplications |
Allows you to remove the affected applications from war rooms. |
write |
- |
- |
|
coc:warroom:sendNotification |
Allows you to update or send notifications in war rooms. |
write |
- |
- |
|
coc:warroom:removePersonnels |
Allows you to remove personnel from war rooms. |
write |
- |
- |
|
coc:warroom:create |
Allows you to create war rooms. |
write |
- |
- |
|
coc:warroom:sendNotificationBriefing |
Allows you to send notification briefings in war rooms. |
write |
- |
- |
|
coc:warroom:updateAffectedApplications |
Allows you to update applications in war rooms. |
write |
- |
- |
|
coc:warroomMeetingRule:create |
Allows you to create war room startup rules. |
write |
- |
- |
|
coc:slo:list |
Allows you to query the SLO list. |
write |
- |
- |
|
coc:slo:listSli |
Allows you to query the SLI list. |
write |
- |
- |
|
coc:slo:update |
Allows you to modify SLOs. |
write |
- |
- |
|
coc:slo:delete |
Allows you to delete SLOs. |
list |
- |
- |
|
coc:slo:updateSli |
Allows you to update the SLI list. |
list |
- |
- |
|
coc:slo:listInterruptRecords |
Allows you to query the interruption record list. |
write |
- |
- |
|
coc:slo:listInterruptRecordsChangeHistory |
Allows you to modify an interruption record. |
write |
- |
- |
|
coc:slo:updateInterruptRecords |
Allows you to update interruption records. |
write |
- |
- |
|
coc:slo:createInterruptRecords |
Allows you to create interruption records. |
list |
- |
- |
|
coc:slaTemplate:list |
Allows you to query the SLA template list. |
list |
slaTemplate |
- |
|
coc:slaRecord:list |
Allows you to query the SLA service ticket list. |
write |
- |
- |
|
coc:slo:get |
Allows you to query SLO details. |
write |
- |
- |
|
coc:slaTemplate:update |
Allows you to modify SLA template. |
list |
slaTemplate |
- |
|
coc:slaTemplate:enable |
Allows you to enable the SLA template. |
list |
slaTemplate |
- |
|
coc:slaTemplate:delete |
Allows you to delete the SLA template. |
list |
slaTemplate |
- |
|
coc:slaTemplate:disable |
Allows you to disable an SLA template. |
write |
slaTemplate |
- |
|
coc:slaTemplate:create |
Allows you to create an SLA template. |
write |
slaTemplate |
- |
|
coc:slo:create |
Allows you to create an SLO. |
write |
- |
- |
|
coc:slaTemplate:get |
Allows you to query details about an SLA template. |
write |
slaTemplate |
- |
|
coc:slaRecord:get |
Allows you to query the details about an SLA service ticket. |
write |
- |
- |
|
coc:prrTemplate:list |
Allows you to view the PRR template list. |
write |
- |
- |
|
coc:prrReview:list |
Allows you to view the PRR review list. |
read |
- |
- |
|
coc:prrCheckItem:list |
Allows you to view the PRR check item list. |
read |
- |
- |
|
coc:prrTemplate:create |
Allows you to create a PRR template. |
list |
- |
- |
|
coc:prrReview:create |
Allows you to initiate PRR reviews. |
list |
- |
- |
|
coc:prrReview:addImprovementTask |
Allows you to add PRR improvement items. |
list |
- |
- |
|
coc:prrReview:update |
Allows you to continue to initiate PRR review.s |
write |
- |
- |
|
coc:prrTemplate:delete |
Allows you to delete PRR templates. |
write |
- |
- |
|
coc:prrTemplate:update |
Allows you to modify PRR templates. |
write |
- |
- |
|
coc:prrReview:auditResult |
Allows you to record PRR review conclusions. |
write |
- |
- |
|
coc:prrReview:delete |
Allows you to revoke PRR reviews. |
write |
- |
- |
|
coc:prrReview:recordSummary |
Allows you to input PRR review minutes. |
write |
- |
- |
|
coc:prrTemplate:get |
Allows you to query details about PRR templates. |
write |
- |
- |
|
coc:prrReview:get |
Allows you to query details about a PRR review. |
write |
- |
- |
|
coc:tag:list |
Allows you to query the tag list. |
write |
- |
- |
|
coc:tag:create |
Allows you to create tags. |
read |
- |
- |
|
coc:*:listSSHKeypairs |
Allows you to query the SSH key list. |
read |
- |
- |
Each API of Cloud Cloud Operations Center usually supports one or more actions. Table 2 lists supported actions and their dependencies.
|
API |
Action |
Dependency |
|---|---|---|
|
GET /v1/patch/instance/compliant |
coc:instance:scanOSCompliance |
- |
|
GET /v1/patch/instance/compliant/{instance_compliant_id} |
coc:instance:scanOSCompliance |
- |
|
POST /v1/job/scripts |
coc:document:create |
- |
|
DELETE /v1/job/scripts/{script_uuid |
coc:document:delete |
- |
|
POST /v1/job/scripts/{script_uuid} |
coc:instance:executeDocument |
- |
|
GET /v1/job/scripts/{script_uuid} |
coc:document:get |
- |
|
GET /v1/job/scripts |
coc:document:list |
- |
|
PUT /v1/job/scripts/{script_uuid} |
coc:document:update |
- |
|
GET /v1/job/script/orders/{execute_uuid}/batches/{batch_index} |
coc:instance:autoBatchInstances |
- |
|
GET /v1/job/script/orders/{execute_uuid} |
coc:job:get |
- |
|
GET /v1/job/script/orders/{execute_uuid}/statistics |
coc:job:get |
- |
|
GET /v1/job/script/orders/{execute_uuid}/batches |
coc:instance:autoBatchInstances |
- |
|
GET /v1/job/script/orders |
coc:job:list |
- |
|
PUT /v1/job/script/orders/{execute_uuid}/operation |
coc:job:action |
- |
|
GET /v1/resources |
coc:instance:countResources |
- |
|
POST https://coc-intl.myhuaweicloud.com/v1/resources/sync |
coc:instance:syncResources |
- |
|
GET https://coc-intl.myhuaweicloud.com/v1/applications |
coc:application:countResourceRelations |
- |
Resources
A resource type indicates the resources that an SCP applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.
The following table lists the resource types that you can define in SCP statements for Cloud Operations Center.
|
Resource Type |
URN |
|---|---|
|
instance |
ecs:<region>:<account-id>:instance:<server-id> |
|
instance |
bms:<region>:<account-id>:instance:<server-id> |
|
document |
coc::<account-id>:document:<document-name> |
|
job |
coc::<account-id>:job:<job-id> |
|
application |
coc::<account-id>:application:<application-id> |
|
schedule |
coc::<account-id>:schedule:<schedule-id> |
|
faultMode |
coc::<account-id>:faultMode:<fault-mode-id> |
|
contingencyPlan |
coc::<account-id>:contingencyPlan:<contingency-plan-id> |
|
attackTask |
coc::<account-id>:attackTask:<attack-task-name> |
|
attackRecord |
coc::<account-id>:attackRecord:<attack-record-id> |
|
attackTargetRecord |
coc::<account-id>:attackTargetRecord:<attack-target-record-id> |
|
drillTask |
coc::<account-id>:drillTask:<drill-task-id> |
|
drillRecord |
coc::<account-id>:drillRecord:<drill-record-id> |
|
drillPlan |
coc::<account-id>:drillPlan:<drill-plan-id> |
|
slaTemplate |
coc::<account-id>:slaTemplate:<sla_template-id> |
|
parameter |
coc:<region>:<account-id>:parameter:<parameter-name> |
|
accountBaseline |
coc::<account-id>:accountBaseline:<account_baseline_id> |
|
resourceView |
coc::<account-id>:resourceView:<resourceViewId> |
|
instance |
rds:<region>:<account-id>:instance:<instance-id> |
Conditions
Cloud Operations Center does not support service-specific condition keys in SCPs.
It can only use global condition keys applicable to all services. For details, see Global Condition Keys.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
