Help Center/ Data Security Center/ API Reference/ Permissions and Supported Actions/ Actions Supported by Policy-based Authorization
Updated on 2026-07-16 GMT+08:00

Actions Supported by Policy-based Authorization

This section describes the actions supported by Data Security Center (DSC) in policy-based authorization scenarios.

Supported Actions

DSC provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Actions supported by policies are specific to APIs. Common concepts related to policies include:

  • Permissions: Statements in a policy that allow or deny certain operations
  • APIs: REST APIs that can be called in a custom policy
  • Actions: Added to a custom policy to control permissions for specific operations
  • Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions.
  • IAM project/enterprise project: Scope of authorization for custom policies. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect in IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Management. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.

DSC supports the following actions that can be defined in custom policies:

Table 1 Supported actions

Permission

API

Action

IAM Project

Enterprise Project

Viewing the alarm list

/v1/{project_id}/alarm

dsc:common:list

×

Changing alarm status

/v1/{project_id}/alarm-status

dsc:common:operate

×

Authorizing or canceling authorization for an asset

/v1/{project_id}/sdg/asset/authorization

dsc:authorization:grant

×

Adding assets in batches

/v1/{project_id}/sdg/asset/batch/import

dsc:asset:create

×

Downloading a template for batch import

/v1/{project_id}/sdg/asset/batch/template

dsc:overview:list

×

Querying the big data asset list

/v1/{project_id}/sdg/asset/bigdata

dsc:asset:list

×

Adding a big data asset

/v1/{project_id}/sdg/asset/bigdata

dsc:asset:create

×

Updating a big data asset

/v1/{project_id}/sdg/asset/bigdata/{bigdata_id}

dsc:asset:update

×

Deleting a big data asset

/v1/{project_id}/sdg/asset/bigdata/{bigdata_id}

dsc:asset:delete

×

Adding RDS databases in batches

/v1/{project_id}/sdg/asset/database/batch-authorize

dsc:asset:create

×

Deleting database assets in batches

/v1/{project_id}/sdg/asset/database/batch-delete

dsc:asset:delete

×

Deleting a DB instance

/v1/{project_id}/sdg/asset/database/instance/{ins_id}

dsc:asset:delete

×

Updating a database asset

/v1/{project_id}/sdg/asset/database/{db_id}

dsc:asset:update

×

Deleting a database asset

/v1/{project_id}/sdg/asset/database/{db_id}

dsc:asset:delete

×

Adding a database asset

/v1/{project_id}/sdg/asset/database_old

dsc:asset:create

×

Adding an OBS bucket

/v1/{project_id}/sdg/asset/obs/bucket

dsc:asset:create

×

Deleting an OBS bucket

/v1/{project_id}/sdg/asset/obs/bucket/{bucket_id}

dsc:asset:delete

×

Obtaining the bucket list

/v1/{project_id}/sdg/asset/obs/buckets

dsc:asset:list

×

Adding an OBS bucket

/v1/{project_id}/sdg/asset/obs/buckets

dsc:asset:create

×

Adding an abnormal data source audit instance

/v1/{project_id}/sdg/risk/datasource

dsc:common:operate

×

Deleting an abnormal data source

/v1/{project_id}/sdg/risk/datasource/{datasource_id}

dsc:common:operate

×

Updating conditions for abnormal data source audit

/v1/{project_id}/sdg/risk/datasource/{datasource_id}/condition

dsc:common:operate

×

Updating the abnormal status

/v1/{project_id}/sdg/risk/{exception_id}/update-status

dsc:common:operate

×

Obtaining the device list

/v1/{project_id}/devices

dsc:common:list

×

Adding a device

/v1/{project_id}/devices

dsc:common:operate

×

Obtaining alarm information

/v1/{project_id}/devices/alarm-info

dsc:common:list

×

Changing alarm status

/v1/{project_id}/devices/alarm-info/status

dsc:common:operate

×

Obtaining the device status list

/v1/{project_id}/devices/monitor-info

dsc:common:list

×

Updating the device status

/v1/{project_id}/devices/status

dsc:common:operate

×

Updating device information

/v1/{project_id}/devices/{device_id}

dsc:common:operate

×

Deleting a device

/v1/{project_id}/devices/{device_id}

dsc:common:operate

×

Updating the default rule group information

/v1/{project_id}/sdg/server/scan/default-group/{group_id}

dsc:scanRuleGroup:update

×

Adding a customized rule group

/v1/{project_id}/sdg/server/scan/groups

dsc:scanRuleGroup:create

×

Updating rule group information

/v1/{project_id}/sdg/server/scan/groups

dsc:scanRuleGroup:update

×

Obtaining rule group details

/v1/{project_id}/sdg/server/scan/groups/{group_id}

dsc:scanRuleGroup:get

×

Deleting a rule group

/v1/{project_id}/sdg/server/scan/groups/{group_id}

dsc:scanRuleGroup:delete

×

Obtaining rules in a rule group

/v1/{project_id}/sdg/server/scan/groups/{group_id}/rules

dsc:scanRuleGroup:get

×

Obtaining rule details and checking whether the rule can be deleted

/v1/{project_id}/sdg/server/scan/rule-group/{rule_id}

dsc:scanRule:get

×

Adding a rule to a rule group

/v1/{project_id}/sdg/server/scan/rule/{rule_id}/group

dsc:scanRule:update

×

Adding a rule

/v1/{project_id}/sdg/server/scan/rules

dsc:scanRule:create

×

Editing a rule

/v1/{project_id}/sdg/server/scan/rules

dsc:scanRule:update

×

Query the default rule group

/v1/{project_id}/sdg/server/scan/rules/default

dsc:scanRule:list

×

Obtaining details about a rule

/v1/{project_id}/sdg/server/scan/rules/{rule_id}

dsc:scanRule:get

×

Deleting a rule

/v1/{project_id}/sdg/server/scan/rules/{rule_id}

dsc:scanRule:delete

×

Checking whether a rule group can be deleted

/v1/{project_id}/sdg/server/scan/task-group/{group_id}

dsc:scanRuleGroup:get

×

Querying the associations between template rules

/v1/{project_id}/scan-templates/{template_id}/scan-rules

dsc:scanTemplate:get

×

Deleting template rule associations in batches

/v1/{project_id}/scan-templates/{template_id}/scan-rules/{rule_ids}

dsc:scanTemplate:update

×

Modifying the rule enabling status

/v1/{project_id}/scan-templates/{template_id}/scan-rules/{rule_id}/switch

dsc:scanTemplate:update

×

Exporting an excel report

/v1/{project_id}/sdg/server/stat/jobs/{job_id}/export

dsc:common:list

×

Creating a watermark embedding task

/v1/{project_id}/data-watermark-embed-task

dsc:common:operate

×

Deleting watermark embedding tasks in batches

/v1/{project_id}/data-watermark-embed-task

dsc:common:operate

×

Editing a watermark embedding task

/v1/{project_id}/data-watermark-embed-task/{id}

dsc:common:operate

×

Deleting a watermark embedding task

/v1/{project_id}/data-watermark-embed-task/{id}

dsc:common:operate

×

Retrying or stopping a watermark embedding task

/v1/{project_id}/data-watermark-embed-task/{id}/status

dsc:common:operate

×

Creating a data watermark extraction task, forwarding the data watermark extraction task, and updating the task parameters

/v1/{project_id}/data-watermark-extract-tasks

dsc:common:operate

×

Deleting data watermark extraction tasks in batches

/v1/{project_id}/data-watermark-extract-tasks

dsc:common:operate

×

Deleting a data watermark extraction task

/v1/{project_id}/data-watermark-extract-tasks/{task_id}

dsc:common:operate

×

Embedding watermarks into a document

/v1/{project_id}/sdg/watermark/embed

dsc:watermark:embed

×

Extracting watermarks

/v1/{project_id}/sdg/watermark/extract

dsc:watermark:extract

×