Actions Supported by Policy-based Authorization

This section describes the SparkRTC actions supported by policy-based authorization.

Supported Actions

SparkRTC provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are API-specific. See the following common concepts related to policies:

Permissions: statements in a policy that allow or deny certain operations
APIs: REST APIs that can be called by a user who has been granted specific permissions.
Actions: specific operations that are allowed or denied in a custom policy.
Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.

When assigning permissions to a user group in IAM, you cannot select Enterprise projects when setting Specify the authorization scope on the Select Scope page.

SparkRTC supports the following actions that can be defined in custom policies.

**Table 1** SparkRTC actions that can be defined in custom policies
Permission	API	Action	IAM (Project)	Enterprise Project
Creating an application	POST /v2/apps	rtc:app:create	√	×
Querying applications	GET /v2/apps	rtc:app:list	√	×
Querying an application	GET /v2/apps/{app_id}	rtc:app:get	√	×
Deleting an application	DELETE /v2/apps/{app_id}	rtc:app:delete	√	×
Enabling an application	POST /v2/apps/{app_id}/enable	rtc:app:enable	√	×
Disabling an application	POST /v2/apps/{app_id}/disable	rtc:app:disable	√	×
Creating or updating a recording template	POST /v2/apps/{app_id}/record-rules	rtc:recordRule:save	√	×
Querying recording templates	GET /v2/apps/{app_id}/record-rules	rtc:recordRule:list	√	×
Querying a recording template	GET /v2/apps/{app_id}/record-rules/{rule_id}	rtc:recordRule:get	√	×
Updating a recording template	PUT /v2/apps/{app_id}/record-rules/{rule_id}	rtc:recordRule:update	√	×
Deleting a recording template	DELETE /v2/apps/{app_id}/record-rules/{rule_id}	rtc:recordRule:delete	√	×
Updating the automatic recording configuration	PUT /v2/apps/{app_id}/auto-record-mode	rtc:app:updateAutoRecord	√	×
Querying the automatic recording configuration	GET /v2/apps/{app_id}/auto-record-mode	rtc:app:getAutoRecord	√	×
Configuring a recording event callback	PUT /v2/apps/{app_id}/record-callback	rtc:app:updateRecordCallbackConf	√	×
Querying a recording event callback	GET /v2/apps/{app_id}/record-callback	rtc:app:getRecordCallbackConf	√	×
Removing an online user	POST /v2/apps/{app_id}/rooms/{room_id}/batch-remove-users	rtc:room:removeUsers	√	×
Dismissing a room	POST /v2/apps/{app_id}/rooms/{room_id}/dismiss	rtc:room:dismiss	√	×
Listing access control parameters	-	rtc:app:getUrlAuth	√	×
Controlling access to an application	-	rtc:app:updateUrlAuth	√	×

Parent topic: Permissions and Supported Actions

Previous topic: Introduction

Next topic: Appendix

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot