Actions Supported by Policy-based Authorization
This section describes the actions supported by COC in policy-based authorization.
Actions
This service provides system-defined policies. You can also create custom policies to supplement system-defined policies for more refined access control. Actions supported by policies are specific to APIs. Common concepts related to policies include:
- Permissions: statements in a policy that allow or deny certain operations
- APIs: APIs that can be called by a custom policy
- Actions: added to a custom policy to control permissions for specific operations.
- Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
- IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
COC supports the following actions in custom policies:
Application Resource Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Querying the number of resources |
GET /v1/resources/count |
coc:instance:countResources |
√ |
× |
|
Querying the application list |
GET /v1/applications |
coc:application:list |
√ |
× |
|
Creating an application |
POST /v1/applications |
coc:application:create |
√ |
× |
|
Updating an application. |
PUT /v1/applications/{id} |
coc:application:update |
√ |
× |
|
Deleting an application |
DELETE /v1/applications/{id} |
coc:application:delete |
√ |
× |
|
Creating a group |
POST /v1/groups |
coc:application:createGroup |
√ |
× |
|
Querying a group list |
GET /v1/groups |
coc:application:listGroups |
√ |
× |
|
Updating a group |
PUT /v1/groups/{id} |
coc:application:updateGroup |
√ |
× |
|
Deleting a group |
DELETE /v1/groups/{id} |
coc:application:deleteGroup |
√ |
× |
|
Synchronizing group resources based on resource binding rules |
POST /v1/groups/{id}/sync |
coc:application:syncGroup |
√ |
× |
|
Updating a group resource relationship |
PUT /v1/group-resource-relations |
coc:application:updateResources |
√ |
× |
|
Creating a group resource relationship |
POST /v1/group-resource-relations |
coc:application:addResources |
√ |
× |
|
Deleting a group resource relationship |
DELETE /v1/group-resource-relations |
coc:application:removeResources |
√ |
× |
|
Querying the group resource relationship list |
GET /v1/group-resource-relations |
coc:application:listResources |
√ |
× |
|
Querying the number of group resource relationships |
GET /v1/group-resource-relations/count |
coc:application:countResourceRelations |
√ |
× |
|
Importing offline resources |
POST /v1/other-resources/import |
coc:instance:syncResources |
√ |
× |
|
Creating a component |
POST /v1/components |
coc:application:create |
√ |
× |
|
Querying the component list |
GET /v1/components |
coc:application:list |
√ |
× |
|
Updating a component |
PUT /v1/components/{id} |
coc:application:update |
√ |
× |
|
Deleting a component |
DELETE /v1/components/{id} |
coc:application:delete |
√ |
× |
|
Querying an application view |
GET /v1/application-view/search |
coc:application:list |
√ |
× |
|
Querying the cloud resource capacity by application |
POST /v1/capacity |
coc:application:getCapacity |
√ |
× |
|
Querying the resource capacity ranking of applications, components, and groups |
GET /v1/capacity/order |
coc:application:getSortedCapacity |
√ |
× |
|
Adding a cloud vendor account |
POST /v1/vendor-account |
coc:vendorAccount:create |
√ |
× |
|
Querying the cloud vendor account list |
GET /v1/vendor-account |
coc:vendorAccount:list |
√ |
× |
|
Updating a cloud vendor account |
PUT /v1/vendor-account |
coc:vendorAccount:update |
√ |
× |
|
Deleting a cloud vendor account |
DELETE /v1/vendor-account |
coc:vendorAccount:delete |
√ |
× |
|
Querying the number of multi-cloud resources |
GET /v1/multicloud-resources/count |
coc:instance:countResources |
√ |
× |
|
Synchronizing multi-cloud resources |
POST /v1/multicloud-resources/sync |
coc:instance:syncResources |
√ |
× |
|
Querying the view list |
GET /v1/resource/views |
coc:resourceView:list |
√ |
× |
|
Creating a view |
POST /v1/resource/views |
coc:resourceView:create |
√ |
× |
|
Updating a view |
PUT /v1/resource/views/{id} |
coc:resourceView:update |
√ |
× |
|
Deleting a view |
DELETE /v1/resource/views/{id} |
coc:resourceView:delete |
√ |
× |
|
Synchronizing view resources |
POST /v1/resource/views/{id}/sync |
coc:resourceView:syncResources |
√ |
× |
|
Querying view resources |
GET /v1/resource/views/resources |
coc:resourceView:listResources |
√ |
× |
|
Querying the number of view resources |
GET /v1/resource/views/resources/count |
coc:resourceView:countResources |
√ |
× |
|
Querying the offline resource list |
GET /v1/other-resources |
coc:instance:listResources |
√ |
× |
|
Deleting offline resources |
DELETE /v1/other-resources |
coc:instance:syncResources |
√ |
× |
|
Updating offline resources |
PUT /v1/other-resources/{id} |
coc:instance:syncResources |
√ |
× |
|
Querying the number of offline resources |
GET /v1/other-resources/count |
coc:instance:countOtherResources |
√ |
× |
|
Querying resource tags |
GET /v1/resources/{resource_id}/tags |
coc:instance:listResourceTags |
√ |
× |
|
Adding a resource tag |
POST /v1/resources/{resource_id}/tags |
coc:instance:createResourceTags |
√ |
× |
|
Synchronizing the UniAgent status of resources |
POST /v1/resources/uniagent/sync |
coc:instance:syncResources |
√ |
× |
|
Synchronizing the UniAgent status of offline resources |
POST /v1/other-resources/uniagent/sync |
coc:instance:syncResources |
√ |
× |
|
Querying the list of Favorited enterprise projects |
GET /v1/enterprise-project-collect |
coc:enterpriseProject:listCollect |
√ |
× |
|
Updating the favorited enterprise projects |
PUT /v1/enterprise-project-collect |
coc:enterpriseProject:updateCollect |
√ |
× |
|
Querying the latest update status of a multi-cloud resource |
GET /v1/multicloud-resources/last-sync-status |
coc:system:getLastSyncStatus |
√ |
× |
|
Querying the status of an asynchronous task |
GET /v1/jobs/{job_id} |
coc:system:getResourceSyncJobDetail |
√ |
× |
|
Querying multi-cloud resources |
GET /v1/multicloud-resources |
coc:instance:listResources |
√ |
× |
|
Querying the next layer of an application model |
GET /v1/application-model/next |
coc:application:listModel |
√ |
× |
|
Creating an application model |
POST /v1/application-view/batch-create |
coc:application:create |
√ |
× |
|
Querying the resource list |
GET /v1/resources |
coc:instance:listResources |
√ |
× |
|
Querying the number of cloud resources |
GET /v1/resources/multi-count |
coc:instance:countResources |
√ |
× |
Script Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Obtaining the automatic batching result |
POST /v1/instances/batches |
coc:instance:autoBatchInstances |
√ |
× |
|
Checking whether high-risk commands are contained in a script using regular expressions |
POST /v1/job/analyze-job |
coc:document:analyzeRisk |
√ |
× |
|
Executing a custom script |
POST /v1/job/scripts/{script_uuid} |
coc:instance:executeDocument |
√ |
× |
|
Executing a public script |
POST /v1/job/public-scripts/{script_uuid} |
coc:instance:executeDocument |
√ |
× |
|
Customizing the script list |
GET /v1/job/scripts |
coc:document:list |
√ |
× |
|
Customizing the script details |
GET /v1/job/scripts/{script_uuid} |
coc:document:get |
√ |
× |
|
Creating a custom script |
POST /v1/job/scripts |
coc:document:create |
√ |
× |
|
Modifying a custom script |
PUT /v1/job/scripts/{script_uuid} |
coc:document:update |
√ |
× |
|
Deleting a custom script |
DELETE /v1/job/scripts/{script_uuid} |
coc:document:delete |
√ |
× |
|
Reviewing a custom script |
POST /v1/job/scripts/{script_uuid}/action |
coc:document:update |
√ |
× |
|
Public script list |
GET /v1/job/public-scripts |
coc:document:list |
√ |
× |
|
Public script details |
GET /v1/job/public-scripts/{script_uuid} |
coc:document:get |
√ |
× |
|
Script service ticket list |
GET /v1/job/script/orders |
coc:job:list |
√ |
× |
|
Basic information about the script service ticket |
GET /v1/job/script/orders/{execute_uuid} |
coc:job:get |
√ |
× |
|
Script service ticket batch details |
GET /v1/job/script/orders/{execute_uuid}/batches/{batch_index} |
coc:job:get |
√ |
× |
|
Script service ticket batch list. |
GET /v1/job/script/orders/{execute_uuid}/batches |
coc:job:get |
√ |
× |
|
Script service ticket statistics |
GET /v1/job/script/orders/{execute_uuid}/statistics |
coc:job:get |
√ |
× |
|
Script service ticket operation |
PUT /v1/job/script/orders/{execute_uuid}/operation |
coc:job:action |
√ |
× |
|
Querying resource tags |
GET /v1/script/coc:script/tags |
coc:document:list |
√ |
× |
|
Updating resource tags |
POST /v1/script/coc:script/{resource_id}/tags/update |
coc:document:update |
√ |
× |
Job Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Querying the list of user-defined jobs |
GET /v1/documents |
coc:document:createDocument |
√ |
× |
|
Creating a user-defined job |
POST /v1/documents |
coc:document:listDocument |
√ |
× |
|
Obtaining the job atomic capability list |
GET /v1/atomics |
coc:documentAtomic:list |
√ |
× |
|
Obtaining atomic capability details |
GET /v1/atomics/{atomic_unique_key} |
coc:documentAtomic:get |
√ |
× |
|
Modifying a user-defined job |
PUT /v1/documents/{document_id} |
coc:document:updateDocument |
√ |
× |
|
Executing a user-defined job |
POST /v1/documents/{document_id} |
coc:document:execute |
√ |
× |
|
Querying details about a user-defined job |
GET /v1/documents/{document_id} |
coc:document:getDocument |
√ |
× |
|
Deleting a user-defined job |
DELETE /v1/documents/{document_id} |
coc:document:deleteDocument |
√ |
× |
|
Querying service ticket details of a user job |
GET /v1/executions/{execution_id} |
coc:execution:get |
√ |
× |
|
Querying details about a user service ticket step |
GET /v1/executions/{execution_id}/steps |
coc:execution:listExecutionStep |
√ |
× |
|
Querying the service ticket list of a user job |
GET /v1/executions |
coc:execution:list |
√ |
× |
|
Querying batch instances of a service ticket step, such as ECS instances in batch operations on scripts. |
GET /v1/executions/instances |
coc:execution:listExecutionStepInstance |
√ |
× |
|
Performing operations on service tickets of user jobs |
POST /v1/executions |
coc:execution:operate |
√ |
× |
Patch Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Obtaining the node compliance report |
GET /v1/patch/instance/compliant |
coc:complianceReport:list |
√ |
× |
|
Obtaining node patch details by page |
GET /v1/patch/instance/compliant/{instance_compliant_id} |
coc:complianceReport:get |
√ |
× |
Scheduled O&M
|
Permission |
API |
Action |
Related Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|---|
|
Creating a scheduled O&M task |
POST /v1/schedule/task |
coc:schedule:create |
iam:agencies:pass (Grants permission to pass an agency to a cloud service.) |
× |
√ |
|
Querying the scheduled O&M task list |
GET /v1/schedule/task |
coc:schedule:list |
N/A |
× |
√ |
|
Modifying a scheduled O&M task |
PUT /v1/schedule/task/{task_id} |
coc:schedule:update |
iam:agencies:pass (Grants permission to pass an agency to a cloud service.) |
× |
√ |
|
Querying details about a scheduled O&M task |
GET /v1/schedule/task/{task_id} |
coc:schedule:get |
N/A |
× |
√ |
|
Deleting a scheduled O&M task |
DELETE /v1/schedule/task/{task_id} |
coc:schedule:delete |
N/A |
× |
√ |
|
Enabling scheduled O&M tasks |
POST /v1/schedule/task/{task_id}/enable |
coc:schedule:enable |
N/A |
× |
√ |
|
Disabling scheduled O&M tasks |
POST /v1/schedule/task/{task_id}/disable |
coc:schedule:disable |
N/A |
× |
√ |
|
Querying historical records of scheduled O&M tasks |
GET /v1/schedule/task/history |
coc:schedule:getHistories |
N/A |
× |
√ |
Incident Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Handling an incident ticket |
POST /v2/incidents/{incident_id}/actions |
coc:ticket:action |
× |
× |
|
Querying the incident object list |
POST /v2/incidents/list |
coc:ticket:list |
× |
× |
|
Querying the incident operation history list |
POST /v2/incidents/{incident_id}/histories |
coc:ticket:getOperationHistories |
× |
× |
|
Obtaining incident tasks |
GET /v2/incidents/{incident_id}/tasks |
coc:ticket:listActions |
× |
× |
|
Creating an incident ticket |
POST /v1/external/incident/create |
coc:ticket:create |
× |
× |
|
Upload an attachment |
POST /v1/external/incident/attachments |
coc:ticket:uploadFile |
× |
× |
|
Handling an incident ticket |
POST /v1/external/incident/handle |
coc:ticket:action |
× |
× |
|
Obtaining the incident history |
POST /v1/external/{ticket_type}/list-histories |
coc:ticket:getOperationHistories |
× |
× |
|
Querying the list of simplified incidents |
GET /v1/incident-tickets |
coc:ticket:list |
× |
× |
|
Obtaining incident details |
GET /v1/external/incident/{incident_num} |
coc:ticket:get |
× |
× |
Issue Ticket Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Creating an issue ticket |
POST /v1/external/issues/create |
coc:ticket:create |
× |
× |
|
Obtaining incident details |
GET /v1/external/issues/{ticket_id} |
coc:ticket:get |
× |
× |
Alarm Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Handling alarms |
POST /v1/alarm-mgmt/alarm/{alarm_id}/auto-process |
coc:instance:executeDocument |
√ |
× |
|
Clearing alarms in batches |
POST /v1/alarm-mgmt/alarms/cancel |
coc:alarm:clear |
√ |
× |
|
Converting an alarm to an incident |
POST /v1/alarm-mgmt/alarms-linked-incident |
coc:alarm:createAlarmLinkedIncident |
√ |
× |
|
Querying historical alarm handling records |
GET /v1/alarm-mgmt/alarm/{alarm_id}/handle-histories |
coc:alarm:listHandleHistories |
√ |
× |
|
Querying alarm details |
GET /v1/alarm-mgmt/alarm/{alarm_id} |
coc:alarm:get |
√ |
× |
War Room
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Creating a war room in the tenant zone |
POST /v1/external/warrooms |
coc:warroom:create |
× |
× |
|
Querying the war room information list in a tenant zone |
POST /v1/external/warrooms/list |
coc:warroom:list |
× |
× |
Change Management
|
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
|---|---|---|---|---|
|
Updating the information about a change ticket |
PUT /v2/changes/{change_id} |
coc:ticket:update |
× |
× |
|
Deleting a change ticket |
DELETE /v1/{ticket_type}/tickets/{ticket_id} |
coc:ticket:delete |
× |
× |
|
Searching for a sub-ticket of a changed service ticket |
GET /v1/{ticket_type}/tickets/{ticket_id}/list-sub-tickets |
coc:ticket:list |
× |
× |
|
Changing the status of a change ticket |
PUT /v1/{ticket_type}/tickets/{ticket_id} |
coc:ticket:update |
× |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
