Actions Supported by Policy-based Authorization
This topic describes the actions supported by Cloud Connect in policy-based authorization.
Supported Actions
Cloud Connect provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: allow or deny operations on specified resources under specific conditions.
- APIs: REST APIs that can be called by a user who has been granted specific permissions.
- Actions: specific operations that are allowed or denied.
- Related actions: actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the related actions.
- IAM or enterprise projects: type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and only take effect for IAM. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. "√" indicates that the action supports the project and "×" indicates that the action does not support the project. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
Cloud Connect supports the following actions in custom policies:
- Cloud Connections: actions supported by all cloud connection APIs, such as the APIs for creating, updating, deleting a cloud connection, querying cloud connection details, and querying the cloud connection list
- Network Instances: actions supported by all network instance APIs, such as the APIs for creating, updating, removing a network instance, querying network instance details, and querying the network instance list
- Bandwidth Packages: actions supported by all bandwidth package APIs, such as creating, updating, and deleting a bandwidth package, querying bandwidth package details, querying the bandwidth package list, binding a bandwidth package to a cloud connection, and unbinding a bandwidth package from a cloud connection
- Inter-Region Bandwidths: actions supported by all inter-region bandwidth APIs, such as the APIs for assigning, updating, deleting an inter-region bandwidth, querying inter-region bandwidth details, and querying the inter-region bandwidth
- Cloud Connection Routes: actions supported by all cloud connection route APIs, such as the APIs for querying cloud connection route details and querying cloud connection routes
- Central Networks: actions supported by all central network APIs, such as the APIs for creating, updating, and deleting a central network, querying central network details, and querying the central network list
- Central Network Policies: actions supported by all central network policy APIs, such as the APIs for adding, applying, deleting a central network policy, querying central network policy details, querying the central network policy list, and querying policy changes
- Central Network Connections: actions supported by all central network connection APIs, such as the APIs for querying the central network connection list and updating a central network connection
- Central Network Attachments: actions supported for all central network attachment APIs, such as the APIs for adding a global DC gateway as an attachment, updating a global DC gateway on a central network, querying attachment details, querying the global DC gateway list, removing an attachment from a central network, and querying the attachments on a central network
Cloud Connections
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Creating a cloud connection |
POST /v3/{domain_id}/ccaas/cloud-connections |
cc:cloudConnections:create |
- |
√ |
√ |
|
Updating a cloud connection |
PUT /v3/{domain_id}/ccaas/cloud-connections/{id} |
cc:cloudConnections:update |
- |
√ |
√ |
|
Deleting a cloud connection |
DELETE /v3/{domain_id}/ccaas/cloud-connections/{id} |
cc:cloudConnections:delete |
- |
√ |
√ |
|
Querying cloud connection details |
GET /v3/{domain_id}/ccaas/cloud-connections/{id} |
cc:cloudConnections:get |
- |
√ |
√ |
|
Querying the cloud connection list |
GET /v3/{domain_id}/ccaas/cloud-connections |
cc:cloudConnections:list |
- |
√ |
√ |
Network Instances
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Creating a network instance |
POST /v3/{domain_id}/ccaas/network-instances |
cc:networkInstances:create |
- |
√ |
× |
|
Updating a network instance |
PUT /v3/{domain_id}/ccaas/network-instances/{id} |
cc:networkInstances:update |
- |
√ |
× |
|
Removing a network instance |
DELETE /v3/{domain_id}/ccaas/network-instances/{id} |
cc:networkInstances:delete |
- |
√ |
× |
|
Querying network instance details |
GET /v3/{domain_id}/ccaas/network-instances/{id} |
cc:networkInstances:get |
- |
√ |
× |
|
Querying the network instance list |
GET /v3/{domain_id}/ccaas/network-instances |
cc:networkInstances:list |
- |
√ |
× |
Bandwidth Packages
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Requesting a bandwidth package |
POST /v3/{domain_id}/ccaas/bandwidth-packages |
cc:bandwidthPackages:create |
- |
√ |
√ |
|
Updating a bandwidth package |
PUT /v3/{domain_id}/ccaas/bandwidth-packages/{id} |
cc:bandwidthPackages:update |
- |
√ |
√ |
|
Deleting a bandwidth package |
DELETE /v3/{domain_id}/ccaas/bandwidth-packages/{id} |
cc:bandwidthPackages:delete |
- |
√ |
√ |
|
Querying bandwidth package details |
GET /v3/{domain_id}/ccaas/bandwidth-packages/{id} |
cc:bandwidthPackages:get |
- |
√ |
√ |
|
Querying the bandwidth package list |
GET /v3/{domain_id}/ccaas/bandwidth-packages |
cc:bandwidthPackages:list |
- |
√ |
√ |
|
Binding a bandwidth package |
POST /v3/{domain_id}/ccaas/bandwidth-packages/{id}/associate |
cc:bandwidthPackages:associate |
- |
√ |
√ |
|
Unbinding a bandwidth package |
POST /v3/{domain_id}/ccaas/bandwidth-packages/disassociate |
cc:bandwidthPackages:disassociate |
- |
√ |
√ |
Inter-Region Bandwidths
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Assigning an inter-region bandwidth |
POST /v3/{domain_id}/ccaas/inter-region-bandwidths |
cc:interRegionBandwidths:create |
- |
√ |
× |
|
Updating an inter-region bandwidth |
PUT /v3/{domain_id}/ccaas/inter-region-bandwidths/{id} |
cc:interRegionBandwidths:update |
- |
√ |
× |
|
Deleting an inter-region bandwidth |
DELETE /v3/{domain_id}/ccaas/inter-region-bandwidths/{id} |
cc:interRegionBandwidths:delete |
- |
√ |
× |
|
Querying inter-region bandwidth details |
GET /v3/{domain_id}/ccaas/inter-region-bandwidths/{id} |
cc:interRegionBandwidths:get |
- |
√ |
× |
|
Querying the inter-region bandwidth list |
GET /v3/{domain_id}/ccaas/inter-region-bandwidths |
cc:interRegionBandwidths:list |
- |
√ |
× |
Cloud Connection Routes
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Querying cloud connection route details |
GET /v3/{domain_id}/ccaas/cloud-connection-routes/{id} |
cc:cloudConnectionRoutes:get |
- |
√ |
× |
|
Querying cloud connection routes |
GET /v3/{domain_id}/ccaas/cloud-connection-routes |
cc:cloudConnectionRoutes:list |
- |
√ |
× |
Central Networks
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Creating a central network |
POST /v3/{domain_id}/gcn/central-networks |
cc:centralNetwork:create |
- |
√ |
√ |
|
Updating a central network |
PUT /v3/{domain_id}/gcn/central-networks/{central_network_id} |
cc:centralNetwork:update |
- |
√ |
√ |
|
Deleting a central network |
DELETE /v3/{domain_id}/gcn/central-networks/{central_network_id} |
cc:centralNetwork:delete |
- |
√ |
√ |
|
Querying central network details |
GET /v3/{domain_id}/gcn/central-networks/{central_network_id} |
cc:centralNetwork:get |
- |
√ |
√ |
|
Querying the central network list |
GET /v3/{domain_id}/gcn/central-networks |
cc:centralNetwork:list |
- |
√ |
√ |
Central Network Policies
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Adding a central network policy |
POST /v3/{domain_id}/gcn/central-network/{central_network_id}/policies |
cc:centralNetwork:createPolicy |
- |
√ |
√ |
|
Applying a central network policy |
POST /v3/{domain_id}/gcn/central-network/{central_network_id}/policies/{policy_id}/apply |
cc:centralNetwork:applyPolicy |
- |
√ |
√ |
|
Deleting a central network policy |
DELETE /v3/{domain_id}/gcn/central-network/{central_network_id}/policies/{policy_id} |
cc:centralNetwork:deletePolicy |
- |
√ |
√ |
|
Querying the central network list |
GET /v3/{domain_id}/gcn/central-network/{central_network_id}/policies |
cc:centralNetwork:listPolicies |
- |
√ |
√ |
|
Querying policy changes |
GET /v3/{domain_id}/gcn/central-network/{central_network_id}/policies/{policy_id}/change-set |
cc:centralNetwork:listChangeSet |
- |
√ |
√ |
Central Network Connections
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Querying the central network connection list |
GET /v3/{domain_id}/gcn/central-network/{central_network_id}/connections |
cc:centralNetwork:listConnections |
- |
√ |
√ |
|
Updating a central network connection |
PUT /v3/{domain_id}/gcn/central-network/{central_network_id}/connections/{connection_id} |
cc:centralNetwork:updateConnection |
- |
√ |
√ |
Central Network Attachments
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Adding a global DC gateway to a central network as an attachment |
POST /v3/{domain_id}/gcn/central-network/{central_network_id}/gdgw-attachments |
cc:centralNetworkAttachment:createGdgw |
- |
√ |
√ |
|
Updating a global DC gateway on a central network |
PUT /v3/{domain_id}/gcn/central-network/{central_network_id}/gdgw-attachments/{gdgw_attachment_id} |
cc:centralNetworkAttachment:updateGdgw |
- |
√ |
√ |
|
Querying details of a global DC gateway on a central network |
GET /v3/{domain_id}/gcn/central-network/{central_network_id}/gdgw-attachments/{gdgw_attachment_id} |
cc:centralNetworkAttachment:getGdgw |
- |
√ |
√ |
|
Querying the global DC gateways on a central network |
GET /v3/{domain_id}/gcn/central-network/{central_network_id}/gdgw-attachments |
cc:centralNetworkAttachment:listGdgws |
- |
√ |
√ |
|
Removing an attachment from a central network |
DELETE /v3/{domain_id}/gcn/central-network/{central_network_id}/attachments/{attachment_id} |
cc:centralNetworkAttachment:delete |
- |
√ |
√ |
|
Querying the attachments on a central network |
GET /v3/{domain_id}/gcn/central-network/{central_network_id}/attachments |
cc:centralNetworkAttachment:list |
- |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
