CGS Permissions and Supported Actions
This section describes fine-grained permissions management for your CGS resources. If your Huawei Cloud account does not need individual IAM users, you can skip this section.
By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. Users inherit permissions from their groups and can perform operations on cloud services as allowed by the permissions.
You can grant users permissions by using roles and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.
Supported Actions
CGS provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.
- Permission: a statement in a policy that allows or denies certain operations.
- Actions: added to a custom policy to control permissions for specific operations
Permission
Action
Related Action
Obtain CGS quota statistics.
cgs:quota:get
-
Obtain the yearly/monthly quota list.
cgs:quota:list
-
Subscribe to yearly/monthly CGS quota.
cgs:quota:operate
-
Query system process information.
cgs:cluster:list
- cce:addonInstance:*
- cce:node:list
- cce:cluster:list
Enable or disable protection for a container cluster.
cgs:cluster:operate
- cce:addonInstance:*
Query the image list.
cgs:images:list
-
Synchronize and scan images.
cgs:images:operate
-
Query container image information.
cgs:images:get
-
Query configurations.
cgs:configuration:list
-
Modify configurations.
cgs:configuration:operate
-
Query image security information.
cgs:imageSecure:list
-
Handle image security events.
cgs:imageSecure:operate
-
Obtain image scanning results.
cgs:imageSecure:get
-
Obtain the runtime event list.
cgs:runtimeSecure:list
-
Obtain runtime monitoring information.
cgs:runtimeSecure:get
-
Handle runtime monitoring events.
cgs:runtimeSecure:operate
-
Handle security agency authorization for CGS.
cgs:privilege:operate
-
Query CGS authorization.
cgs:privilege:get
-
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot