Actions Supported by Policy-based Authorization
This section describes the actions supported policy-based authorization for SecMaster.
Supported Actions
SecMaster provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Actions supported by policies are specific to APIs. Common concepts related to policies include:
- Permissions: statements that allow or deny specific operations on specified resources under specific conditions.
- APIs: REST APIs that can be called by a user who has been granted specific permissions.
- Actions: Specific operations that are allowed or denied in a custom policy.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions.
- IAM or enterprise projects: Type of projects for which an action will take effect. For example, if you set the authorization scope of a custom policy to both IAM projects and enterprise projects, the policy takes effect for user groups in either IAM or enterprise projects. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. "√" indicates that the action supports the project and "×" indicates that the action does not support the project. For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?.
The following content describes the custom policy authorization supported by SecMaster.
- [Example] Table 1 lists actions supported by APIs related to SecMaster workspace operations, such as querying the workspace list, creating a workspace, updating a workspace, querying workspace details, and deleting a workspace.
- [Example] Table 2 includes actions supported by APIs related to security report management, such as listing, viewing, creating, updating, and deleting reports.
Workspace Management
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Querying the list of workspaces |
GET /v1/{project_id}/workspaces |
secmaster:workspace:list |
√ |
× |
|
Creating a workspace |
POST /v1/{project_id}/workspaces |
secmaster:workspace:create |
√ |
× |
|
Updating a workspace |
PUT /v1/{project_id}/workspaces/{workspace_id} |
secmaster:workspace:update |
√ |
× |
|
Querying workspace details |
GET /v1/{project_id}/workspaces/{workspace_id} GET /v1/{project_id}/workspaces/{workspace_id}/recollect |
secmaster:workspace:get |
√ |
× |
|
Deleting a workspace |
DELETE /v1/{project_id}/workspaces/{workspace_id} |
secmaster:workspace:delete |
√ |
× |
Security Report Management
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Listing reports |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports |
secmaster:report:list |
√ |
× |
|
Viewing a report |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:get |
√ |
× |
|
Creating a Report |
POST /v1/{project_id}/workspaces/{workspace_id}/sa/reports |
secmaster:report:create |
√ |
× |
|
Updating a report |
PUT /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:update |
√ |
× |
|
Deleting a report |
DELETE /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:delete |
√ |
× |
Actions supported by SecMaster
|
Permission |
API |
Action |
IAM Project |
Enterprise Project |
|---|---|---|---|---|
|
Grants the permission to query playbook details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id} |
secmaster:playbook:get |
√ |
× |
|
Grants the permission to create a playbook. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks |
secmaster:playbook:create |
√ |
× |
|
Grants the permission to delete a playbook. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id} |
secmaster:playbook:delete |
√ |
× |
|
Grants the permission to update a playbook. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id} |
secmaster:playbook:update |
√ |
× |
|
Grants the permission to query the playbook list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks |
secmaster:playbook:list |
√ |
× |
|
Grants the permission to obtain playbook statistics. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/statistics |
secmaster:playbook:getStatistics |
√ |
× |
|
Grants the permission to obtain the playbook running monitoring data. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/monitor |
secmaster:playbook:getMonitor |
√ |
× |
|
Grants the permission to clone a playbook. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/clone |
secmaster:playbook:copyVersion |
√ |
× |
|
Grants the permission to review a playbook. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/approve |
secmaster:playbook:approve |
√ |
× |
|
Grants the permission to create a playbook version. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/actions |
secmaster:playbook:createVersionAction |
√ |
× |
|
Grants the permission to create a rule for a playbook version. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/rules |
secmaster:playbook:createVersionRule |
√ |
× |
|
Grants the permission to delete a playbook version. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/actions/{action_id} |
secmaster:playbook:deleteVersionAction |
√ |
× |
|
Grants the permission to delete a rule for a playbook version. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/rules/{rule_id} |
secmaster:playbook:deleteVersionRule |
√ |
× |
|
Grants the permission to obtain rule details about a playbook version. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/rules/{rule_id} |
secmaster:playbook:getVersionRule |
√ |
× |
|
Grants the permission to query the workflow (action) list of a playbook version. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/actions |
secmaster:playbook:listVersionActions |
√ |
× |
|
Grants the permission to update a playbook version. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/actions/{action_id} |
secmaster:playbook:updateVersionAction |
√ |
× |
|
Grants the permission to update a rule for a playbook version. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{version_id}/actions/{action_id} |
secmaster:playbook:updateVersionRule |
√ |
× |
|
Grants the permission to query the playbook review list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/approval |
secmaster:playbook:listApproves |
√ |
× |
|
Grants the permission to query the playbook instance list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances |
secmaster:playbook:listInstances |
√ |
× |
|
Grants the permission to query the audit log list of a playbook instance. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/auditlogs |
secmaster:playbook:getInstanceAuditlog |
√ |
× |
|
Grants the permission to create a playbook version. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions |
secmaster:playbook:createVersion |
√ |
× |
|
Grants the permission to obtain a playbook version. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id} |
secmaster:playbook:getVersion |
√ |
× |
|
Grants the permission to delete a playbook version. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id} |
secmaster:playbook:deleteVersion |
√ |
× |
|
Grants the permission to update a playbook version. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id} |
secmaster:playbook:updateVersion |
√ |
× |
|
Grants the permission to obtain the list of playbook versions. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/versions |
secmaster:playbook:listVersions |
√ |
× |
|
Grants the permission to query details about a playbook instance. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id} |
secmaster:playbook:getInstance |
√ |
× |
|
Grants the permission to query details about a playbook instance topology. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/topology |
secmaster:playbook:getInstanceTopology |
√ |
× |
|
Grants the permission to operate a playbook instance. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/operation |
secmaster:playbook:operateInstance |
√ |
× |
|
Grants the permission to query the workflow list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows |
secmaster:workflow:list |
√ |
× |
|
Grants the permission to obtain details about a workflow. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id} |
secmaster:workflow:get |
√ |
× |
|
Grants the permission to delete a workflow. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id} |
secmaster:workflow:delete |
√ |
× |
|
Grants the permission to create a workflow. |
GET /v1/{project_id}/workspacesPOST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows |
secmaster:workflow:create |
√ |
× |
|
Grants the permission to update a workflow. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id} |
secmaster:workflow:update |
√ |
× |
|
Grants the permission to obtain the list of workflow versions. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions |
secmaster:workflow:listVersions |
√ |
× |
|
Grants the permission to obtain details about a workflow version. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id} |
secmaster:workflow:getVersion |
√ |
× |
|
Grants the permission to delete a workflow version. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id} |
secmaster:workflow:deleteVersion |
√ |
× |
|
Grants the permission to create a workflow version. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions |
secmaster:workflow:createVersion |
√ |
× |
|
Grants the permission to update a workflow version. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id} |
secmaster:workflow:updateVersion |
√ |
× |
|
Grants the permission to review a workflow version. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/approval |
secmaster:workflow:approveVersion |
√ |
× |
|
Grants the permission to verify a workflow version. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/validation |
secmaster:workflow:validate |
√ |
× |
|
Grants the permission to update the debugging result of a workflow version. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/debug/result |
secmaster:workflow:simulate |
√ |
× |
|
Grants the permission to query the topology of a workflow instance. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/instances/{instance_id}/topology |
secmaster:workflow:getInstance |
√ |
× |
|
Grants the permission to update or create a workflow instance. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/instances |
secmaster:workflow:operateInstance |
√ |
× |
|
Grants the permission to query the asset connection list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials |
secmaster:connection:list |
√ |
× |
|
Grants the permissions to create an asset connection. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials |
secmaster:connection:create |
√ |
× |
|
Grants the permissions to obtain asset connection details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id} |
secmaster:connection:get |
√ |
× |
|
Grants the permissions to delete an asset connection. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id} |
secmaster:connection:delete |
√ |
× |
|
Grants the permissions to update an asset connection. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id} |
secmaster:connection:update |
√ |
× |
|
Grants the permission to query the to-do list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks |
secmaster:task:list |
√ |
× |
|
Grants the permission to create a to-do task. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/tasks |
secmaster:task:create |
√ |
× |
|
Grants the permission to update to-do tasks. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id} |
secmaster:task:update |
√ |
× |
|
Grants the permission to obtain to-do task details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id} |
secmaster:task:get |
√ |
× |
|
Grants the permission to obtain indicator details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id} |
secmaster:indicator:get |
√ |
× |
|
Grants the permission to create an indicator. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators |
secmaster:indicator:create |
√ |
× |
|
Grants the permission to update an indicator. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id} |
secmaster:indicator:update |
√ |
× |
|
Grants the permission to delete an indicator. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id} |
secmaster:indicator:delete |
√ |
× |
|
Grants the permission to query the indicator list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/search |
secmaster:indicator:list |
√ |
× |
|
Grants the permission to query the indicator type list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types |
secmaster:indicator:listTypes |
√ |
× |
|
Grants the permissions to bind an indicator type to a layout. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types/layout |
secmaster:indicator:bindLayout |
√ |
× |
|
Grants the permission to obtain alert details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id} |
secmaster:alert:get |
√ |
× |
|
Grants the permission to create an alert. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts |
secmaster:alert:create |
√ |
× |
|
Grants the permission to update an alert. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id} |
secmaster:alert:update |
√ |
× |
|
Grants the permission to query the alert list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/search |
secmaster:alert:list |
√ |
× |
|
Grants the permission to delete an alert. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts |
secmaster:alert:delete |
√ |
× |
|
Grants the permission to convert an alert to an incident. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order |
secmaster:alert:batchOrders |
√ |
× |
|
Grants the permission to query the alert type list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types |
secmaster:alert:listTypes |
√ |
× |
|
Grants the permission to query the alert category list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/category |
secmaster:alert:listCategories |
√ |
× |
|
Grants the permission to create an alert type. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types |
secmaster:alert:createType |
√ |
× |
|
Grants the permission to modify an alert type. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/{dataclass_type_id} |
secmaster:alert:updateType |
√ |
× |
|
Grants the permission to delete an alert type. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types |
secmaster:alert:deleteType |
√ |
× |
|
Grants the permission to enable or disable an alert type. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/enable |
secmaster:alert:enableType |
√ |
× |
|
Grants the permissions to bind an alert type to a layout. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/layout |
secmaster:alert:bindLayout |
√ |
× |
|
Grants the permission to obtain incident details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id} |
secmaster:incident:get |
√ |
× |
|
Grants the permission to create an incident. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents |
secmaster:incident:create |
√ |
× |
|
Grants the permission to update an incident. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id} |
secmaster:incident:update |
√ |
× |
|
Grants the permission to query the incident list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/search |
secmaster:incident:list |
√ |
× |
|
Grants the permission to obtain the incident type list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types |
secmaster:incident:listTypes |
√ |
× |
|
Grants the permission to delete an incident. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents |
secmaster:incident:delete |
√ |
× |
|
Grants the permission to query the incident category list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/category |
secmaster:incident:listCategories |
√ |
× |
|
Grants the permission to create an incident type. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types |
secmaster:incident:createType |
√ |
× |
|
Grant permission to modify an incident type. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/{dataclass_type_id} |
secmaster:incident:updateType |
√ |
× |
|
Grants the permission to delete an incident type. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types |
secmaster:incident:deleteType |
√ |
× |
|
Grants the permission to enable or disable an incident type. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/incidents/enable |
secmaster:incident:enableType |
√ |
× |
|
Grants the permissions to bind an incident type to a layout. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/layout |
secmaster:incident:bindLayout |
√ |
× |
|
Grants the permission to create an object mapping. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type} |
secmaster:dataobject:createRelation |
√ |
× |
|
Grants the permission to delete an object mapping. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type} |
secmaster:dataobject:deleteRelation |
√ |
× |
|
Grants the permission to query the object mapping list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}/search |
secmaster:dataobject:listRelation |
√ |
× |
|
Grants the permission to query the vulnerability group list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/search |
secmaster:vulnerability:listGroup |
√ |
× |
|
Grants the permission to obtain vulnerability group details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/{vul_id} |
secmaster:vulnerability:getGroup |
√ |
× |
|
Grants the permission to export the vulnerability group list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/export |
secmaster:vulnerability:exportGroup |
√ |
× |
|
Grants the permission to query the vulnerability type list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types |
secmaster:vulnerability:listType |
√ |
× |
|
Grants the permission to bind a vulnerability type to a layout. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/layout |
secmaster:vulnerability:bindLayout |
√ |
× |
|
Grants the permission to create a vulnerability type. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types |
secmaster:vulnerability:createType |
√ |
× |
|
Grants the permission to modify a vulnerability type. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/{dataclass_type_id} |
secmaster:vulnerability:updateType |
√ |
× |
|
Grants the permission to delete a vulnerability type. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types |
secmaster:vulnerability:deleteType |
√ |
× |
|
Grants the permission to enable or disable a vulnerability type. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/enable |
secmaster:vulnerability:enableType |
√ |
× |
|
Grants the permission to delete a pay-per-use order. |
DELETE /v1/{project_id}/subscriptions/orders |
secmaster:subscription:deletePostPaidOrder |
√ |
× |
|
Grants the permission to create a pay-per-use order. |
POST /v1/{project_id}/subscriptions/orders |
secmaster:subscription:createPostPaidOrder |
√ |
× |
|
Grants the permission to create a yearly/monthly order. |
POST /v1/{project_id}/subscriptions/orders/{order_id} |
secmaster:subscription:createPrePaidOrder |
√ |
× |
|
Grants the permission to view the subscribed version. |
GET /v1/{project_id}/subscriptions/version |
secmaster:subscription:getVersion |
√ |
× |
|
Grants the permission to view the metric result. |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/{metric_id}/result |
secmaster:metric:getResult |
√ |
× |
|
Grants the permission to list metric results. |
POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/results |
secmaster:metric:listResults |
√ |
× |
|
Grants the permission to list the hit metrics. |
POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/hits |
secmaster:metric:listHits |
√ |
× |
|
Grants the permission to view an agency. |
GET /v1/{project_id}/agency |
secmaster:agency:get |
√ |
× |
|
Grants the permission to create an agency. |
POST /v1/{project_id}/agency |
secmaster:agency:create |
√ |
× |
|
Grants the permission to view resource statistics. |
GET /v1/{project_id}/workspaces/{workspace_id}/resource-statistics |
secmaster:resource:getStatistics |
√ |
× |
|
Grants the permission to list resources. |
GET /v1/{project_id}/workspaces/{workspace_id}/resources |
secmaster:resource:list |
√ |
× |
|
Grants the permission to import resources. |
POST /v1/{project_id}/workspaces/{workspace_id}/sa/resources/import |
secmaster:resource:import |
√ |
× |
|
Grants the permission to obtain the resource import template. |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/resource/template |
secmaster:resource:getTemplate |
√ |
× |
|
Grants the permission to list reports. |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports |
secmaster:report:list |
√ |
× |
|
Grants the permission to view a report. |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:get |
√ |
× |
|
Grants the permission to create a report. |
POST /v1/{project_id}/workspaces/{workspace_id}/sa/reports |
secmaster:report:create |
√ |
× |
|
Grants the permission to update a report. |
PUT /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:update |
√ |
× |
|
Grants the permission to delete a report. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:delete |
√ |
× |
|
Grants the permission to set the emergency vulnerability read status. |
POST /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/read-status |
secmaster:emergencyVulnerability:updateReadStatus |
√ |
× |
|
Grants the permission to list emergency vulnerabilities. |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/list |
secmaster:emergencyVulnerability:list |
√ |
× |
|
Grants the permission to export emergency vulnerabilities. |
GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/export |
secmaster:emergencyVulnerability:export |
√ |
× |
|
Grants the permission to query the data space list. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces |
secmaster:dataspace:list |
√ |
× |
|
Grants the permission to create a data space. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces |
secmaster:dataspace:create |
√ |
× |
|
Grants the permission to query data space details. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id} |
secmaster:dataspace:get |
√ |
× |
|
Grants the permission to update a data space. |
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id} |
secmaster:dataspace:update |
√ |
× |
|
Grants the permission to delete a data space. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id} |
secmaster:dataspace:delete |
√ |
× |
|
Grants the permission to query the data pipeline list. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes |
secmaster:pipe:list |
√ |
× |
|
Grants the permission to create a data pipeline. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes |
secmaster:pipe:create |
√ |
× |
|
Grants the permission to query data pipeline details. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id} |
secmaster:pipe:get |
√ |
× |
|
Grants the permission to update a data pipeline. |
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id} |
secmaster:pipe:update |
√ |
× |
|
Grants the permission to delete a data pipeline. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id} |
secmaster:pipe:delete |
√ |
× |
|
Grants the permission to query data pipeline indexes. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index |
secmaster:pipe:getIndex |
√ |
× |
|
Grants the permission to update a data pipeline index. |
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index |
secmaster:pipe:updateIndex |
√ |
× |
|
Grants the permission to query data pipeline consumption. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption |
secmaster:pipe:getConsumption |
√ |
× |
|
Grants the permission to create pipeline consumption. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption |
secmaster:pipe:createConsumption |
√ |
× |
|
Grants the permission to delete pipeline consumption. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption |
secmaster:pipe:deleteConsumption |
√ |
× |
|
Grants the permission to query data. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/logs |
secmaster:search:listLogs |
√ |
× |
|
Grants the permission to query the data distribution histogram. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/histograms |
secmaster:search:listHistograms |
√ |
× |
|
Grants the permission to execute security analysis. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/analysis |
secmaster:search:createAnalysis |
√ |
× |
|
Grants the permission to query the list of search criteria. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions |
secmaster:searchCondition:list |
√ |
× |
|
Grants the permission to create search criteria. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions |
secmaster:searchCondition:create |
√ |
× |
|
Grants the permission to query search criteria details. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id} |
secmaster:searchCondition:get |
√ |
× |
|
Grants the permission to update search criteria. |
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id} |
secmaster:searchCondition:update |
√ |
× |
|
Grants the permission to delete search criteria. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id} |
secmaster:searchCondition:delete |
√ |
× |
|
Grants the permission to query an alert model. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules |
secmaster:alertRule:list |
√ |
× |
|
Grants the permission to create an alert model. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules |
secmaster:alertRule:create |
√ |
× |
|
Grants the permission to query alert model details. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id} |
secmaster:alertRule:get |
√ |
× |
|
Grants the permission to modify an alert model. |
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id} |
secmaster:alertRule:update |
√ |
× |
|
Grants the permission to delete an alert model. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules |
secmaster:alertRule:delete |
√ |
× |
|
Grants the permission to enable an alert model. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/enable |
secmaster:alertRule:enable |
√ |
× |
|
Grants the permission to disable an alert model. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/disable |
secmaster:alertRule:disable |
√ |
× |
|
Grants the permission to query an alert model overview. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/metrics |
secmaster:alertRule:listMetrics |
√ |
× |
|
Grants the permission to simulate an alert model. |
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/simulation |
secmaster:alertRule:createSimulation |
√ |
× |
|
Grants the permission to query an alert template. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates |
secmaster:alertRuleTemplate:list |
√ |
× |
|
Grants the permission to query alert template details. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/{template_id} |
secmaster:alertRuleTemplate:get |
√ |
× |
|
Grants the permission to query the alert template overview. |
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/metrics |
secmaster:alertRuleTemplate:listMetrics |
√ |
× |
|
Grants the permission to create a data class. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses |
secmaster:dataclass:create |
√ |
× |
|
Grants the permission to update a data class. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id} |
secmaster:dataclass:update |
√ |
× |
|
Grants the permission to delete a data class. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id} |
secmaster:dataclass:delete |
√ |
× |
|
Grants the permission to obtain data class details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id} |
secmaster:dataclass:get |
√ |
× |
|
Grants the permission to query the data class list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses |
secmaster:dataclass:list |
√ |
× |
|
Grants the permission to create a field. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields |
secmaster:dataclass:createField |
√ |
× |
|
Grants the permission to update a field. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id} |
secmaster:dataclass:updateField |
√ |
× |
|
Grants the permission to delete a field. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields |
secmaster:dataclass:deleteField |
√ |
× |
|
Grants the permission to obtain field details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id} |
secmaster:dataclass:getField |
√ |
× |
|
Grants the permission to query the field list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields |
secmaster:dataclass:listFields |
√ |
× |
|
Grants the permission to obtain type details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types/{dataclass_type_id} |
secmaster:dataclass:getType |
√ |
× |
|
Grants the permission to query the type list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types |
secmaster:dataclass:listTypes |
√ |
× |
|
Grants the permission to update the categorical mapping status. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/status |
secmaster:mapping:update |
√ |
× |
|
Grant permission to search for the categorical mapping list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/search |
secmaster:mapping:list |
√ |
× |
|
Grants the permission to obtain the categorical mapping data source. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/data-source |
secmaster:mapping:getDatasource |
√ |
× |
|
Grants the permission to obtain a categorical mapping function. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/functions |
secmaster:mapping:listFunctions |
√ |
× |
|
Grants the permission to delete a categorical mapping. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id} |
secmaster:mapping:delete |
√ |
× |
|
Grants the permission to copy a categorical mapping. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/clone |
secmaster:mapping:copy |
√ |
× |
|
Grants the permission to create a category. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers |
secmaster:mapping:createClassifier |
√ |
× |
|
Grants the permission to update a category. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id} |
secmaster:mapping:updateClassifier |
√ |
× |
|
Grants the permission to obtain category information. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id} |
secmaster:mapping:getClassifier |
√ |
× |
|
Grants the permission to delete a category. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id} |
secmaster:mapping:deleteClassifier |
√ |
× |
|
Grants the permission to create a mapping. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers |
secmaster:mapping:createMapper |
√ |
× |
|
Grants the permission to update a mapping. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id} |
secmaster:mapping:updateMapper |
√ |
× |
|
Grants the permission to query the mapping list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/search |
secmaster:mapping:listMappers |
√ |
× |
|
Grants the permission to obtain the mapping information. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id} |
secmaster:mapping:getMapper |
√ |
× |
|
Grants the permission to delete a mapping. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id} |
secmaster:mapping:deleteMapper |
√ |
× |
|
Grants the permission to obtain the layout type list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/business-type |
secmaster:layout:listBusinessTypes |
√ |
× |
|
Grants the permission to query the layout list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/search |
secmaster:layout:list |
√ |
× |
|
Grants the permission to create a layout. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts |
secmaster:layout:create |
√ |
× |
|
Grants the permission to delete a layout. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts |
secmaster:layout:delete |
√ |
× |
|
Grants the permission to update a layout. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id} |
secmaster:layout:update |
√ |
× |
|
Grants the permission to query a layout. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id} |
secmaster:layout:get |
√ |
× |
|
Grants the permission to save a layout as a template. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/template |
secmaster:layout:createTemplate |
√ |
× |
|
Grants the permission to create a layout field. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields |
secmaster:layout:createField |
√ |
× |
|
Grants the permission to obtain the layout field list. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields |
secmaster:layout:listFields |
√ |
× |
|
Grants the permission to obtain layout field details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields/{field_id} |
secmaster:layout:getField |
√ |
× |
|
Grants the permission to delete a layout field. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields |
secmaster:layout:deleteField |
√ |
× |
|
Grants the permission to obtain a page. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards |
secmaster:layout:listWizards |
√ |
× |
|
Grants the permission to create a page. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards |
secmaster:layout:createWizard |
√ |
× |
|
Grants the permission to obtain page details. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id};/v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards |
secmaster:layout:getWizard |
√ |
× |
|
Grants the permission to delete a page. |
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id} |
secmaster:layout:deleteWizard |
√ |
× |
|
Grants the permission to update a page. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards |
secmaster:layout:updateWizard |
√ |
× |
|
Grants the permissions to query the directory list. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/search;/v1/{project_id}/workspaces/{workspace_id}/soc/catalogues |
secmaster:catalogue:list |
√ |
× |
|
Grants the permission to update a directory. |
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/{catalogue_id} |
secmaster:catalogue:update |
√ |
× |
|
Grants the permission to export playbooks. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/export |
secmaster:playbook:export |
√ |
× |
|
Grants the permission to import playbooks. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/import |
secmaster:playbook:import |
√ |
× |
|
Grants the permission to download the indicator template. |
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/template/download |
secmaster:indicator:downloadTemplate |
√ |
× |
|
Grants the permission to export indicators. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/export |
secmaster:indicator:export |
√ |
× |
|
Grants the permission to import indicators. |
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/import |
secmaster:indicator:import |
√ |
× |
|
Grants the permission to query a table. |
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables |
secmaster:table:list |
√ |
× |
|
Grants the permission to create a table. |
-POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables |
secmaster:table:create |
√ |
× |
|
Grants the permission to query table details. |
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id} |
secmaster:table:get |
√ |
× |
|
Grants the permission to modify a table. |
PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id} |
secmaster:table:update |
√ |
× |
|
Grants the permission to delete a table. |
DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id} |
secmaster:table:delete |
√ |
× |
|
Grants the permission to lock a table. |
POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock |
secmaster:table:createLock |
√ |
× |
|
Grants the permission to unlock a table. |
DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock |
secmaster:table:deleteLock |
√ |
× |
|
Grants the permission to query table overview. |
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/metrics |
secmaster:table:listMetrics |
√ |
× |
|
Grants the permission to design a table. |
PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/schema |
secmaster:table:updateSchema |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
