Actions Supported by Role/Policy-based Authorization
This topic describes the actions supported by Direct Connect in role/policy-based authorization.
Supported Actions
IAM provides system-defined policies that can be directly used. You can also create custom policies to work with system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: Statements in a policy that allow or deny certain operations.
- APIs: REST APIs that can be called by a user who has been granted specific permissions.
- Actions: Specific operations that are allowed or denied.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the related actions.
- IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and only take effect for IAM. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
Direct Connect supports the following actions in custom policies:
- Actions Allowed for Connections: contains actions supported by the APIs of connections, such as the APIs for creating, querying, deleting, and updating a connection, and the API for querying the connection list.
- Actions Allowed for Virtual Gateways: contains actions supported by the APIs of virtual gateways, such as the APIs for creating, querying, deleting, and updating a virtual gateway, and the API for querying the virtual gateway list.
- Actions Allowed for Virtual Interfaces: contains actions supported by the APIs of virtual interfaces, such as the APIs for creating, querying, deleting, and updating a virtual interface, and the API for querying the virtual interface list.
- Actions Allowed for Tags: contains actions supported by the APIs of tags, such as the APIs for adding a tag, querying project tags, querying resource tags, adding resource tags, deleting resource tags, and querying a resource by tag.
Actions Allowed for Connections
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Querying details of a connection |
GET /v3/{project_id}/dcaas/direct-connects/{direct_connect_id} |
dcaas:directConnect:get |
- |
√ |
× |
|
Updating a connection |
PUT /v3/{project_id}/dcaas/direct-connects/{direct_connect_id} |
dcaas:directConnect:update |
- |
√ |
× |
|
Deleting a connection |
DELETE /v3/{project_id}/dcaas/direct-connects/{direct_connect_id} |
dcaas:directConnect:delete |
- |
√ |
× |
|
Querying the connection list |
GET /v3/{project_id}/dcaas/direct-connects |
dcaas:directConnect:list |
- |
√ |
× |
|
Querying the hosted connection list |
GET /v3/{project_id}/dcaas/hosted-connects |
dcaas:directConnect:listHostedDirectConnect |
- |
√ |
× |
|
Creating a hosted connection |
POST /v3/{project_id}/dcaas/hosted-connects |
dcaas:directConnect:createHostedDirectConnect |
- |
√ |
× |
|
Querying details of a hosted connection |
GET /v3/{project_id}/dcaas/hosted-connects/{hosted_connect_id} |
dcaas:directConnect:getHostedDirectConnect |
- |
√ |
× |
|
Updating a hosted connection |
PUT /v3/{project_id}/dcaas/hosted-connects/{hosted_connect_id} |
dcaas:directConnect:updateHostedDirectConnect |
- |
√ |
× |
|
Deleting a hosted connection |
DELETE /v3/{project_id}/dcaas/hosted-connects/{hosted_connect_id} |
dcaas:directConnect:deleteHostedDirectConnect |
- |
√ |
× |
Actions Allowed for Virtual Gateways
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Creating a virtual gateway |
POST /v3/{project_id}/dcaas/virtual-gateways |
dcaas:vgw:create |
vpc:vpcs:get vpc:vpcs:list vpc:subnets:get |
√ |
× |
|
Querying the virtual gateway list |
GET /v3/{project_id}/dcaas/virtual-gateways |
dcaas:vgw:list |
- |
√ |
× |
|
Deleting a virtual gateway |
DELETE /v3/{project_id}/dcaas/virtual-gateways/{virtual_gateway_id} |
dcaas:vgw:delete |
- |
√ |
× |
|
Querying details of a virtual gateway |
GET /v3/{project_id}/dcaas/virtual-gateways/{virtual_gateway_id} |
dcaas:vgw:get |
- |
√ |
× |
|
Updating a virtual gateway |
PUT /v3/{project_id}/dcaas/virtual-gateways/{virtual_gateway_id} |
dcaas:vgw:update |
- |
√ |
× |
Actions Allowed for Virtual Interfaces
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Creating a virtual interface |
POST /v3/{project_id}/dcaas/virtual-interfaces |
dcaas:vif:create |
vpc:vpcs:get vpc:vpcs:list vpc:subnets:get |
√ |
× |
|
Querying the virtual interface list |
GET /v3/{project_id}/dcaas/virtual-interfaces |
dcaas:vif:list |
- |
√ |
× |
|
Deleting a virtual interface |
DELETE /v3/{project_id}/dcaas/virtual-interfaces/{virtual_interface_id} |
dcaas:vif:delete |
- |
√ |
× |
|
Querying details of a virtual interface |
GET /v3/{project_id}/dcaas/virtual-interfaces/{virtual_interface_id} |
dcaas:vif:get |
- |
√ |
× |
|
Updating a virtual interface |
PUT /v3/{project_id}/dcaas/virtual-interfaces/{virtual_interface_id} |
dcaas:vif:update |
- |
√ |
× |
Actions Allowed for Tags
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Querying tags by resource type |
GET /v3/{project_id}/{resource_type}/tags |
dcaas:resources:listTag |
- |
√ |
× |
|
Querying resource tags |
GET /v3/{project_id}/{resource_type}/{resource_id}/tags |
dcaas:resources:listResourceTag |
- |
√ |
× |
|
Adding a resource tag |
POST /v3/{project_id}/{resource_type}/{resource_id}/tags |
dcaas:resources:tag |
- |
√ |
× |
|
Adding or deleting resource tags |
POST /v3/{project_id}/{resource_type}/{resource_id}/tags/action |
dcaas:resources:batchTagUntag |
- |
√ |
× |
|
Deleting a resource tag |
DELETE /v3/{project_id}/{resource_type}/{resource_id}/tags/{key} |
dcaas:resources:unTag |
- |
√ |
× |
|
Querying resources by tag |
POST /v3/{project_id}/{resource_type}/resource-instances/action |
dcaas:resources:listByTag |
- |
√ |
× |
Actions Allowed for Peer Links
|
Permission |
API |
Action |
Related Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|---|
|
Querying the peer link list |
GET /v3/{project_id}/dcaas/global-dc-gateways/{global_dc_gateway_id}/peer-links |
dcaas:gdgw:listPeerlink |
- |
√ |
× |
|
Creating a peer link |
POST /v3/{project_id}/dcaas/global-dc-gateways/{global_dc_gateway_id}/peer-links |
dcaas:gdgw:createPeerlink |
vpc:vpcs:get vpc:vpcs:list vpc:subnets:get |
√ |
× |
|
Querying details of a peer link |
GET /v3/{project_id}/dcaas/global-dc-gateways/{global_dc_gateway_id}/peer-links/{peer_link_id} |
dcaas:gdgw:getPeerlink |
- |
√ |
× |
|
Updating a peer link |
PUT /v3/{project_id}/dcaas/global-dc-gateways/{global_dc_gateway_id}/peer-links/{peer_link_id} |
dcaas:gdgw:updatePeerlink |
- |
√ |
× |
|
Deleting a peer link |
DELETE /v3/{project_id}/dcaas/global-dc-gateways/{global_dc_gateway_id}/peer-links/{peer_link_id} |
dcaas:gdgw:deletePeerlink |
- |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
