Actions Supported by Policy-based Authorization
This section describes the actions supported policy-based authorization for CNAD.
Supported Actions
CNAD provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. The following are related concepts:
- Permissions: statements in a policy that allow or deny certain operations APIs: REST APIs that can be called by a user who has been granted specific permissions.
- Actions: Specific operations that are allowed or denied in a custom policy.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions.
- IAM or enterprise projects: Type of projects for which an action will take effect. For example, if you set the authorization scope of a custom policy to both IAM projects and enterprise projects, the policy takes effect for user groups in either IAM or enterprise projects. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. "√" indicates that the action supports the project and "×" indicates that the action does not support the project. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
Table 1 lists the API actions supported by CNAD.
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying alarm configurations |
GET /v1/cnad/alarm-config |
cnad:alarmConfig:get |
√ |
× |
|
Configuring alarms |
POST /v1/cnad/alarm-config |
cnad:alarmConfig:create |
√ |
× |
|
Deleting alarm configurations |
DELETE /v1/cnad/alarm-config |
cnad:alarmConfig:delete |
√ |
× |
|
Querying the protection package list |
GET /v1/cnad/packages |
cnad:package:list |
√ |
× |
|
Updating the protection package name |
PUT /v1/cnad/packages/{package_id}/name |
cnad:package:put |
√ |
√ |
|
Updating all protected objects bound to a protection package |
POST /v1/cnad/packages/{package_id}/protected-ips |
cnad:protectedIp:create |
√ |
× |
|
Querying the list of protected objects that can be bound |
GET /v1/cnad/packages/{package_id}/unbound-protected-ips |
cnad:protectedIp:list |
√ |
× |
|
Querying the policy list |
GET /v1/cnad/policies |
cnad:policy:list |
√ |
× |
|
Creating a policy |
POST /v1/cnad/policies |
cnad:policy:create |
√ |
√ |
|
Querying policy details |
GET /v1/cnad/policies/{policy_id} |
cnad:policy:get |
√ |
√ |
|
Updating a policy |
PUT /v1/cnad/policies/{policy_id} |
cnad:policy:put |
√ |
√ |
|
Deleting a policy |
DELETE /v1/cnad/policies/{policy_id} |
cnad:policy:delete |
√ |
√ |
|
Adding a blacklisted/whitelisted IP address to a policy |
POST /v1/cnad/policies/{policy_id}/ip-list/add |
cnad:blackWhiteIpList:create |
√ |
× |
|
Deleting a blacklisted/whitelisted IP address from a policy |
POST /v1/cnad/policies/{policy_id}/ip-list/delete |
cnad:blackWhiteIpList:delete |
√ |
× |
|
Binding a protected object to a policy |
POST /v1/cnad/policies/{policy_id}/bind |
cnad:bindPolicy:create |
√ |
× |
|
Unbinding a protected object from a policy |
POST /v1/cnad/policies/{policy_id}/unbind |
cnad:unbindPolicy:create |
√ |
× |
|
Querying the list of protected objects |
GET /v1/cnad/protected-ips |
cnad:protectedIp:list |
√ |
× |
|
Setting labels for protected objects |
PUT /v1/cnad/protected-ips/tags |
cnad:ipTag:put |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
