Help Center/ Cloud Operations Center/ User Guide/ Using IAM to Grant Access to COC/ Service-specific Condition Keys Supported by COC
Updated on 2025-09-11 GMT+08:00

Service-specific Condition Keys Supported by COC

Request conditions are useful in determining when a custom policy is in effect. A request condition consists of condition keys and operators. Condition keys are either global or service-specific and are used in the Condition element of a policy statement. Global condition keys (starting with g:) are available for operations of all services, while service-level condition keys (starting with a service name such as coc) are available only for operations of a specific service. An operator must be used together with a condition key to form a complete condition statement.

Table 1 Service-specific condition keys supported by COC

Service-specific Condition Key

Type

Single-valued/Multivalued

Description

coc:TicketLevel

String

Single-valued

Filters access based on the ticket level in the request parameter.

coc:TicketCurrentHandlers

String

Multivalued

Filters access based on the ticket operator in the request parameter.

coc:TicketStatus

String

Single-valued

Filters access based on the ticket status in the request parameter.

coc:TicketType

String

Single-valued

Filters access based on the ticket type in the request parameter.

coc:TicketBeginTime

date

Single-valued

Filters access based on the ticket start time in the request parameter.

coc:TicketEndTime

date

Single-valued

Filters access based on the ticket end time in the request parameter.

coc:OperatorName

String

Single-valued

Filters access based on the operator in the request parameter.

coc:RequestTarget

String

Single-valued

Filters access based on the privilege escalation application in the request parameter.

coc:TicketTarget

String

Multivalued

Filters access based on the ticket application in the request parameter.

coc:TicketScope

String

Multivalued

Filters access based on the ticket scope in the request parameter.

coc:RequestScope

String

Single-valued

Filters access based on the privilege escalation scope in the request.

coc:EscapeSwitchIsEnabled

boolean

Single-valued

Filters access based on the escape switch in the request parameter.

coc:Creator

String

Single-valued

Filters access based on the creator of resource in COC.

coc:Executor

String

Single-valued

Filters access based on the executor specified by the service ticket in COC.

coc:DocumentRiskLevel

String

Single-valued

Filters access based on the document risk level specified in the request parameter.

coc:JobType

String

Single-valued

Filters access based on the service ticket type specified in the request parameter.

coc:ApplicationCode

String

Multivalued

Filters access based on the application code specified in the request parameter.

coc:ApplicationGroupCode

String

Single-valued

Filters access based on the application group code specified in the request parameter.

coc:AttackTargetType

String

Single-valued

Filters access based on the attack target type specified in the request parameter.

coc:QuickSetupType

String

Single-valued

Filters access based on the request configuration type specified in the request parameter.