Actions Supported by Policy-based Authorization

This section describes the actions supported by Live.

Supported Actions

Live provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:

Permissions: statements in a policy that allow or deny certain operations
APIs: REST APIs that can be called by a user who has been granted specific permissions.
Actions: specific operations that are allowed or denied in a custom policy.
Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.

When assigning permissions to a user group in IAM, you cannot select Enterprise projects when setting Specify the authorization scope on the Select Scope page.

Live supports the following actions that can be defined in custom policies.

**Table 1** Live actions that can be defined in custom policies
Permission	API	Action	IAM (Project)	Enterprise Project
Grants the permission to create a livestreaming domain name.	POST /v1/{project_id}/domain	live:domain:createDomain	√	×
Grants the permission to delete a livestreaming domain name.	DELETE /v1/{project_id}/domain	live:domain:deleteDomain	√	×
Grants the permission to modify a livestreaming domain name.	PUT /v1/{project_id}/domain	live:domain:updateDomain	√	×
Grants the permission to query livestreaming domain names.	GET /v1/{project_id}/domain	live:domain:getDomains	√	×
Grants the permission to create a domain name mapping.	PUT /v1/{project_id}/domains_mapping	live:domain:createDomainsMapping	√	×
Grants the permission to delete a domain name mapping.	DELETE /v1/{project_id}/domains_mapping	live:domain:deleteDomainsMapping	√	×
Grants the permission to add or overwrite stream notification configurations.	PUT /v1/{project_id}/notifications/publish	live:domain:updateStreamNotification	√	×
Grants the permission to query stream notification configurations.	GET /v1/{project_id}/notifications/publish	live:domain:getStreamNotifications	√	×
Grants the permission to delete a stream notification configuration.	DELETE /v1/{project_id}/notifications/publish	live:domain:deleteStreamNotification	√	×
Grants the permission to query IP address ACLs.	GET /v1/{project_id}/guard/ip	live:domain:getIPAuthList	√	×
Grants the permission to modify an IP address ACL.	PUT /v1/{project_id}/guard/ip	live:domain:updateIPAuthList	√	×
Grants the permission to set a referer validation ACL.	PUT /v1/{project_id}/guard/referer-chain	live:domain:updateRefererChain	√	×
Grants the permission to delete a referer validation ACL.	DELETE /v1/{project_id}/guard/referer-chain	live:domain:deleteRefererChain	√	×
Grants the permission to query referer validation ACLs.	GET /v1/{project_id}/guard/referer-chain	live:domain:getRefererChain	√	×
Grants the permission to obtain the link for downloading live video playback logs.	GET /v1/{project_id}/logs	live:logs:listLog	√	×
Grants the permission to create a recording rule.	POST /v1/{project_id}/record/rules	live:record:createRule	√	×
Grants the permission to query recording rules.	GET /v1/{project_id}/record/rules	live:record:listRules	√	×
Grants the permission to modify a recording rule.	PUT /v1/{project_id}/record/rules/{id}	live:record:updateRule	√	×
Grants the permission to delete a recording rule.	DELETE /v1/{project_id}/record/rules/{id}	live:record:deleteRule	√	×
Grants the permission to query recording rule configurations.	GET /v1/{project_id}/record/rules/{id}	live:record:getRule	√	×
Grants the permission to submit a command for recording control.	POST /v1/{project_id}/record/control	live:record:createCommand	√	×
Grants the permission to create a recording callback.	POST /v1/{project_id}/record/callbacks	live:record:createCallback	√	×
Grants the permission to query the recording callback list.	GET /v1/{project_id}/record/callbacks	live:record:listCallbacks	√	×
Grants the permission to modify a recording callback.	PUT /v1/{project_id}/record/callbacks/{id}	live:record:updateCallback	√	×
Grants the permission to query recording callbacks.	GET /v1/{project_id}/record/callbacks/{id}	live:record:getCallback	√	×
Grants the permission to delete a recording callback.	DELETE /v1/{project_id}/record/callbacks/{id}	live:record:deleteCallback	√	×
Grants the permission to add a captured snapshot.	POST /v1/{project_id}/stream/snapshot	live:snapshot:createRule	√	×
Grants the permission to modify a captured snapshot.	PUT /v1/{project_id}/stream/snapshot	live:snapshot:updateRule	√	×
Grants the permission to query captured snapshots.	GET /v1/{project_id}/stream/snapshot	live:snapshot:listRules	√	×
Grants the permission to delete a captured snapshot.	DELETE /v1/{project_id}/stream/snapshot	live:snapshot:deleteRule	√	×
Grants the permission to disable livestream push.	POST /v1/{project_id}/stream/blocks	live:stream:createStreamForbidden	√	×
Grants the permission to query valid instructions for disabling livestream push.	GET /v1/{project_id}/stream/blocks	live:stream:listStreamForbidden	√	×
Grants the permission to resume livestream push.	DELETE /v1/{project_id}/stream/blocks	live:stream:deleteStreamForbidden	√	×
Grants the permission to modify the attributes of disabling livestream push.	PUT /v1/{project_id}/stream/blocks	live:stream:updateStreamForbidden	√	×
Grants the permission to intermittently interrupt a livestream.	POST /v1/{project_id}/stream/block-once	live:stream:createStreamForbiddenOnce	√	×
Grants the permission to create a live transcoding template.	POST /v1/{project_id}/template/transcodings	live:transcode:createTranscodingsTemplate	√	×
Grants the permission to delete a live transcoding template.	DELETE /v1/{project_id}/template/transcodings	live:transcode:deleteTranscodingsTemplate	√	×
Grants the permission to modify a live transcoding template.	PUT /v1/{project_id}/template/transcodings	live:transcode:updateTranscodingsTemplate	√	×
Grants the permission to query live transcoding templates.	GET /v1/{project_id}/template/transcodings	live:transcode:listTranscodingsTemplate	√	×
Grants the permission to query URL validation.	GET /v1/{project_id}/guard/key-chain	live:domain:getCDNConfig	√	×
Grants the permission to modify URL validation.	PUT /v1/{project_id}/guard/key-chain	live:domain:updateCDNConfig	√	×
Grants the permission to delete URL validation.	DELETE /v1/{project_id}/guard/key-chain	live:domain:deleteCDNConfig	√	×
Grants the permission to modify an HTTPS certificate configuration.	PUT /v1/{project_id}/guard/https-cert	live:domain:updateCDNConfig	√	×
Grants the permission to query HTTPS certificate configurations.	GET /v1/{project_id}/guard/https-cert	live:domain:getCDNConfig	√	×
Grants the permission to delete an HTTPS certificate configuration.	DELETE /v1/{project_id}/guard/https-cert	live:domain:deleteCDNConfig	√	×