Updated on 2024-08-23 GMT+08:00

Cloud Operations Center (COC)

The Organizations service provides Service Control Policies (SCPs) to set access control policies.

SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU.

This section describes the elements used by Organizations SCPs. The elements include actions, resources, and conditions.

For details about how to use these elements to create a custom SCP, see Creating an SCP.

Actions

Actions are specific operations that are allowed or denied in an SCP.

  • The Access Level describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
  • The Resource Type column indicates whether the action supports resource-level permissions.
    • You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
    • If resource types are specified for this column, specify the resource URN in the statement that contains the action.
    • Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.

    For details about the resource types defined by COC, see Resources.

  • The Condition Key column contains keys that you can specify in the Condition element of an SCP statement.
    • If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
    • If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
    • If the Condition Key column of an action is empty (-), the action does not support any condition keys.

    For details about the condition keys defined by COC, see Conditions.

The following table lists the actions that you can define in SCP statements for COC.

Table 1 Actions supported by COC

Action

Description

Access Level

Resource Type (*: required)

Condition Key

coc:customDashboard:update

Allows you to modify the permissions on a custom dashboard.

write

-

-

coc:customDashboard:get

Allows you to query the permissions on a custom dashboard.

read

-

-

coc:document:create

Allows you to create documents.

write

document

-

coc:document:listRunbookAtomics

Allows you to view the atomic capability list of a job.

list

document

-

coc:document:getRunbookAtomicDetails

Allows you to query details about an atomic capability of a job.

read

document

-

coc:document:list

Allows you to query the document list.

list

document

-

coc:document:delete

Allows you to delete documents.

write

document

-

coc:document:update

Allows you to modify documents.

write

document

-

coc:document:get

Allows you to view documents.

read

document

-

coc:document:analyzeRisk

Allows you to analyze document risks.

read

document

-

coc:systemConfig:get

Allows you to obtain the details about system configurations.

write

-

-

coc:systemConfig:create

Allows you to create system configurations.

read

-

-

coc:job:list

Allows you to query details about a service ticket.

write

job

-

coc:job:action

Allows you to perform operations on service tickets.

write

job

-

coc:instance:autoBatchInstances

Enables automatic instance batching.

list

instance

-

coc:instance:executeDocument

Allows you to execute documents on an ECS.

write

instance

-

coc:quota:get

Allows you to query instance quotas.

write

-

-

coc:job:get

Allows you to query details about a service ticket.

write

job

-

coc:schedule:list

Allows you to query the scheduled task list.

read

schedule

-

coc:schedule:enable

Allows you to enable scheduled tasks.

read

schedule

-

coc:schedule:update

Allows you to update scheduled tasks.

list

schedule

-

coc:schedule:disable

Allows you to disable the scheduled task list.

write

schedule

-

coc:schedule:approve

Allows you to review the scheduled task list.

write

schedule

-

coc:schedule:create

Allows you to create a scheduled task list.

write

schedule

-

coc:schedule:delete

Allows you to delete scheduled tasks.

write

schedule

-

coc:schedule:count

Allows you to query the number of scheduled tasks.

write

schedule

-

coc:schedule:get

Allows you to query scheduled tasks.

write

schedule

-

coc:schedule:getHistories

Allows you to query the execution history of a scheduled task.

read

schedule

-

coc:parameter:list

Allows you to query the parameter list.

read

parameter

-

coc:parameter:delete

Allows you to delete parameters.

read

parameter

-

coc:parameter:update

Allows you to update parameters.

list

parameter

-

coc:parameter:create

Allows you to create parameters.

write

parameter

-

coc:parameter:get

Allows you to query parameter details.

write

parameter

-

coc:complianceReport:list

Allows you to query the compliance report list.

write

-

-

coc:patchBaseline:list

Allows you to query the patch baseline list.

read

-

-

coc:patchBaseline:get

Allows you to query the details about a patch baseline.

list

-

-

coc:patchBaseline:update

Allows you to update patch baselines.

list

-

-

coc:patchBaseline:registerDefault

Allows you to set the preset patch baseline.

write

-

-

coc:patchBaseline:delete

Allows you to delete patch baselines.

write

-

-

coc:patchBaseline:create

Allows you to create patch baselines.

write

-

-

coc:patchBaseline:getDefault

Allows you to query the preset patch baseline.

write

-

-

coc:patchBaseline:opsSystemGet

Allows you to view patch OS baselines.

write

-

-

coc:complianceReport:get

Allows you to query details about a compliance report.

read

-

-

coc:instance:scanOSCompliance

Allows you to scan OS patches on a server.

read

instance

-

coc:instance:installPatches

Allows you to install patches for ECSs.

read

instance

-

coc:patchBaseline:updateCustomBaseline

Allows you to update user-defined baselines.

read

-

-

coc:instance:startRDSInstance

Allows you to enable RDS DB instances.

write

instance

-

coc:instance:stopRDSInstance

Allows you to stop an RDS DB instance.

write

instance

-

coc:instance:restartRDSInstance

Allows you to reboot an RDS DB instance.

write

instance

-

coc:instance:start

Allows you to start ECSs.

write

instance

-

coc:instance:reboot

Allows you to restart ECSs.

write

instance

-

coc:instance:stop

Allows you to disable ECSs.

write

instance

-

coc:serverResourcesDetail:get

Allows you to obtain ESC resource information.

write

-

-

coc:instance:reinstallOS

Allows you to reinstall ECS OSs.

write

instance

-

coc:account:get

Allows you to query the list of managed accounts on a host.

write

-

-

coc:accountPasswordChangePolicy:get

Allows you to query enabled password change policies.

write

-

-

coc:accountEncryptionKey:list

Allows you to query added DEW keys.

write

-

-

coc:accountBaseline:list

Allows you to query the account baseline list.

list

accountBaseline

-

coc:accountAutoManagement:getRelations

Allows you to query information about components for which automatic management is enabled.

list

-

-

coc:accountEncryptionKey:listDEWKeys

Allows you to query existing DEW keys.

list

-

-

coc:accountBaseline:get

Allows you to query the account list in a baseline.

list

accountBaseline

-

coc:accountBaseline:create

Allows you to create account baselines.

list

accountBaseline

-

coc:accountBaseline:deleteAccount

Allows you to delete account permissions from a baseline.

list

accountBaseline

-

coc:account:add

Allows you to import a host account.

list

-

-

coc:instance:resetPassword

Allows you to reset the password of a host account.

write

instance

-

coc:accountBaseline:delete

Allows you to delete account baselines.

write

accountBaseline

-

coc:accountAutoManagement:updateStatus

Allows you to update the automatic management statuses.

write

-

-

coc:accountAutoManagement:addRelations

Allows you to enable automatic management by component.

write

-

-

coc:accountBaseline:update

Allows you to modify account baselines.

write

accountBaseline

-

coc:accountPasswordChangePolicy:disable

Allows you to disable the password change policy.

write

-

-

coc:accountAutoManagement:deleteRelations

Allows you to disable automatic management by component.

write

-

-

coc:accountPasswordChangePolicy:enable

Allows you to enable the password change policy.

write

-

-

coc:accountEncryptionKey:add

Allows you to add an encryption key.

write

-

-

coc:account:sync

Allows you to synchronize accounts of hosts.

write

-

-

coc:account:getManagedStatus

Allows you to query the management step status.

write

-

-

coc:account:getPassword

Allows you to query the accounts and their passwords.

write

-

-

coc:accountAutoManagement:getStatus

Allows you to query whether the automatic management function is enabled.

write

-

-

coc:hostiAccount:describe

Allows you to query information about a hosting service account.

read

-

-

coc:vendorAccount:update

Allows you to update cloud vendor accounts.

read

-

-

coc:application:GetDiagnosisTaskDetails

Allows you to query application resource diagnosis tasks.

read

application

-

coc:application:CreateDiagnosisTask

Allows you to create application diagnosis tasks.

write

application

-

coc:vendorAccount:list

Allows you to query the list of cloud vendor accounts.

list

-

-

coc:vendorAccount:create

Allows you to create a cloud vendor account.

write

-

-

coc:vendorAccount:delete

Allows you to delete cloud vendor accounts.

list

-

-

coc:customApplication:get

Allows you to query custom application details.

write

application

-

coc:site:list

Allows you to query the region list.

write

-

-

coc:instance:listResources

Allows you to query the resource list.

list

instance

-

coc:application:listResources

Allows you to query the application resource list.

list

application

-

coc:application:list

Allows you to query the application list.

list

application

-

coc:customApplication:list

Allows you to query the user-defined application list.

list

application

-

coc:application:listGroups

Allows you to query the permission of a specified application group list.

list

application

-

coc:region:list

Allows you to query the region list.

list

-

-

coc:application:deleteGroup

Allows you to delete application groups.

list

application

-

coc:application:updateResources

Allows you to modify application resources.

list

application

-

coc:application:create

Allows you to create applications.

write

application

-

coc:application:addResources

Allows you to add resources to an application.

write

application

-

coc:application:createGroup

Allows you to create an application group.

write

application

-

coc:instance:syncResources

Allows you to synchronize the resource list.

write

instance

-

coc:application:removeResources

Allows you to remove permissions of an application resource.

write

application

-

coc:application:delete

Allows you to delete an application.

write

application

-

coc:application:update

Allows you to modify the permissions of an application.

write

application

-

coc:application:updateGroup

Allows you to modify the permissions of an application group.

write

application

-

coc:contingencyPlan:list

Allows you to query the contingency plan list.

write

contingencyPlan

-

coc:contingencyPlan:delete

Allows you to delete a contingency plan.

write

contingencyPlan

-

coc:contingencyPlan:create

Allows you to create a contingency plan.

write

contingencyPlan

-

coc:contingencyPlan:update

Allows you to modify a user's permissions on a contingency plan.

list

contingencyPlan

-

coc:wechatkey:create

Allows you to create an enterprise WeChat application key.

write

-

-

coc:wechatkey:delete

Allows you to delete the enterprise WeChat application key.

write

-

-

coc:appkey:update

Allows you to update mobile app keys.

write

-

-

coc:wechatkey:update

Allows you to modify keys of WeCom.

write

-

-

coc:appkey:create

Allows you to create a mobile application key.

write

-

-

coc:appkey:delete

Allows you to delete mobile application keys.

write

-

-

coc:appkey:get

Allows you to view mobile application keys.

write

-

-

coc:wechatkey:get

Allows you to view WeCom application keys.

write

-

-

coc:systemConfig:update

Allows you to modify system configurations.

write

-

-

coc:hostAccount:delete

Allows SRE engineers to delete hosting accounts.

read

-

-

coc:hostAccount:update

Allows you to edit SRE hosting accounts.

read

-

-

coc:hostAccount:disable

Allows you to cancel the hosting service.

list

-

-

coc:hostAccount:create

Allows you to add a hosting account.

read

-

-

coc:hostAccount:list

Allows you to query SRE hosting accounts.

write

-

-

coc:hostAccount:enable

Allows you to enable the hosting service for accounts.

write

-

-

coc:systemConfig:list

Allows you to obtain the system configuration list.

write

-

-

coc:agency:create

Allows you to create a tenant agency.

write

-

-

coc:agency:get

Allows you to query agency information of a tenant.

read

-

-

coc:notificationRule:get

Allows you to query notification rule details.

write

-

-

coc:notification:listTypes

Allows you to query notification types.

write

-

-

coc:notification:listTemplates

Allows you to query the notification template list.

read

-

-

coc:notification:listModes

Allows you to query the notification mode.

list

-

-

coc:notificationRule:list

Allows you to query the notification rule list.

list

-

-

coc:notificationRule:update

Allows you to update notification rules.

list

-

-

coc:notificationRule:delete

Allows you to delete notification rules.

list

-

-

coc:notificationRule:create

Allows you to create notification rules.

list

-

-

coc:notificationRule:disable

Allows you to disable notification rules.

write

-

-

coc:ticket:get

Allows you to query incident ticket details.

write

-

-

coc:contingencyPlan:getHistories

Allows you to query the contingency plan history.

write

contingencyPlan

-

coc:ticket:listEnumTypes

Allows you to query the enumeration type list of incident tickets.

write

-

-

coc:ticket:listEnumValues

Allows you to query the enumerated value list of an incident ticket.

write

-

-

coc:ticket:getOperationHistories

Allows you to query the operation history of an incident ticket.

list

-

-

coc:ticket:listActions

Allows you to query the list of operations that can be performed.

list

-

-

coc:ticket:getEnumValues

Allows you to query details about enumerated values of an incident ticket.

list

-

-

coc:ticket:list

Allows you to query the incident ticket list.

list

-

-

coc:ticket:update

Allows you to modify incident tickets.

list

-

-

coc:contingencyPlan:downloadFile

Allows you to download attachments in contingency plans.

list

contingencyPlan

-

coc:ticket:delete

Allows you to delete incident tickets.

list

-

-

coc:ticket:downloadFile

Allows you to download attachments for incident tickets.

list

-

-

coc:ticket:action

Allows you to handle incident tickets.

write

-

-

coc:ticket:uploadFile

Allows you to upload attachments for incident tickets.

write

-

-

coc:ticket:create

Allows you to create incident tickets.

write

-

-

coc:contingencyPlan:uploadFile

Allows you to upload attachments for the contingency plan.

write

contingencyPlan

-

coc:ticket:getEnumTypes

Allows you to query details about incident ticket enumeration types.

write

-

-

coc:personnel:list

Allows you to query the personnel list.

write

-

-

coc:personnel:update

Allows you to update personnel information.

write

-

-

coc:personnel:add

Allows you to add personnel.

write

-

-

coc:personnel:remove

Allows you to remove personnel.

read

-

-

coc:notificationRule:confirm

Allows you to confirm notification rules.

list

-

-

coc:instance:changeOS

Allows you to change the OS of an ECS.

write

instance

-

coc:oncall:listPersonnels

Allows you to query the list of on-call personnel in schedules.

write

-

-

coc:oncall:listScenes

Allows you to view on-call scheduling scenarios.

write

-

-

coc:oncall:listRoles

Allows you to query on-call personnel roles in schedules.

write

-

-

coc:oncall:updatePersonnels

Allows you to update the on-call personnel in schedules.

list

-

-

coc:oncall:updateScene

Allows you to update on-call scheduling scenarios.

list

-

-

coc:oncall:removePersonnels

Allows you to remove on-call personnel from schedules.

list

-

-

coc:oncall:updateRole

Allows you to update on-call personnel roles in schedules.

write

-

-

coc:oncall:createRole

Allows you to create on-call personnel roles in schedules.

write

-

-

coc:oncall:deleteScene

Allows you to delete on-call scheduling scenarios.

write

-

-

coc:oncall:deleteRole

Allows you to delete on-call personnel roles from schedules

write

-

-

coc:oncall:addPersonnels

Allows you to add on-call personnel to schedules.

write

-

-

coc:oncall:createScene

Allows you to create on-call scheduling scenarios.

write

-

-

coc:transferRule:get

Allows you to query details about a forwarding rule.

write

-

-

coc:transferRule:list

Allows you to query the forwarding rule list.

write

-

-

coc:transferRule:delete

Allows you to delete forwarding rules.

write

-

-

coc:transferRule:disable

Allows you to disable forwarding rules.

list

-

-

coc:transferRule:enable

Allows you to enable forwarding rules.

list

-

-

coc:transferRule:create

Allows you to create forwarding rules.

write

-

-

coc:transferRule:update

Allows you to update forwarding rules.

write

-

-

coc:notificationRule:enable

Allows you to enable notification rules.

write

-

-

coc:transferRule:getHistory

Allows you to query the messages about incidents transferred recently.

write

-

-

coc:quotas:list

Allows you to query the list of purchased quotas.

write

-

-

coc:orders:change

Allows you to update Cloud Operations Center orders.

read

-

-

coc:orders:create

Allows you to create CloudOperationsCenter orders.

list

-

-

coc:integration:list

Allows you to query the integration configuration list.

write

-

-

coc:integration:get

Allows you to query integration configuration details.

write

-

-

coc:integration:getHistory

Allows you to query historical incident messages of integration configurations.

list

-

-

coc:integration:update

Allows you to modify integration configurations.

list

-

-

coc:integration:enable

Allows you to enable integration configurations.

list

-

-

coc:integration:disable

Allows you to disable integration configurations.

write

-

-

coc:integration:access

Allows you to access integration configurations.

write

-

-

coc:integration:remove

Allows you to remove integration configurations.

write

-

-

coc:attackTargetRecord:list

Allows you to view the execution record list of an attack target.

write

attackTargetRecord

-

coc:drillPlan:list

Allows you to query the drill plan list.

write

drillPlan

-

coc:attackRecord:list

Allows you to view the attack record list.

list

attackRecord

-

coc:faultMode:list

Allows you to query the failure mode list.

list

faultMode

-

coc:monitorMetricRecord:list

Allows you to query the monitoring metric data list.

list

-

-

coc:attackTask:list

Allows you to view the attack task list.

list

attackTask

-

coc:attackTarget:listCcePods

Allows you to query the pod list of attack targets from CCE clusters.

list

-

-

coc:improvementTask:list

Allows you to query the improvement item list.

list

-

-

coc:drillTask:list

Allows you to view the drill task list.

list

drillTask

-

coc:attackTarget:listCceWorkloads

Allows you to query the workload list of attack targets from CCE clusters.

list

-

-

coc:attackTarget:listCceNamespaces

Allows you to query the namespace list of attack targets from CCE clusters.

list

-

-

coc:drillPlan:listDelay

Allows you to query the list of delayed drill plans.

list

drillPlan

-

coc:monitorMetric:list

Allows you to query the monitoring metric list.

list

-

-

coc:faultMode:delete

Allows you to delete failure modes.

list

faultMode

-

coc:faultMode:update

Allows you to update failure modes.

list

faultMode

-

coc:drillTask:create

Allows you to create drill tasks.

write

drillTask

-

coc:attackTargetRecord:operate

Allows you to retry execution records of attack targets.

write

attackTargetRecord

-

coc:drillReport:create

Allows you to create drill reports.

write

-

-

coc:drillTask:delete

Allows you to delete drill tasks.

write

drillTask

-

coc:faultMode:create

Allows you to create failure modes.

write

faultMode

-

coc:drillRecord:create

Allows you to start a drill.

write

drillRecord

-

coc:drillPlan:create

Allows you to create a drill plan.

write

drillPlan

-

coc:drillReport:update

Allows you to update drill reports.

write

-

-

coc:application:CreateResourceTopo

Allows you to create resource topologies.

write

application

-

coc:drillTask:update

Allows you to modify drill tasks.

write

drillTask

-

coc:improvementTask:create

Allows you to create improvement items.

write

-

-

coc:drillPlan:update

Allows you to update drill plans.

write

drillPlan

-

coc:attackRecord:changeMetricType

Allows you to modify a metric type in an attack record.

write

attackRecord

-

coc:improvementTask:update

Allows you to handle improvement items.

write

-

-

coc:attackTask:create

Allows you to create attack tasks.

write

attackTask

-

coc:drillPlan:countStatus

Allows you to query the number of drill tasks that are in a specified drill plan state.

write

drillPlan

-

coc:faultMode:get

Allows you to query the details about a specified failure mode.

read

faultMode

-

coc:contingencyPlan:get

Allows you to query contingency plan details.

read

contingencyPlan

-

coc:drillRecord:get

Allows you to query drill record details.

read

drillRecord

-

coc:drillTask:get

Allows you to query drill task details.

read

drillTask

-

coc:drillPlan:countDelay

Allows you to query the number of delayed drill plans.

read

drillPlan

-

coc:improvementTask:get

Allows you to query the details about an improvement item.

read

-

-

coc:drillReport:get

Allows you to query details about a drill report.

read

-

-

coc:drillPlan:get

Allows you to query details about a specified drill plan

read

drillPlan

-

coc:attackTask:get

Allows you to view details about an attack task.

read

attackTask

-

coc:alarm:listHandleHistories

Allows you to query the historical alarm handling list.

read

-

-

coc:alarm:list

Allows you to query the alarm list.

list

-

-

coc:alarm:createAlarmLinkedIncident

Allows you to create incidents associated with alarms.

list

-

-

coc:alarm:clear

Allows you to clear alarms.

write

-

-

coc:instance:getAlarms

Allows you to view the alarm list of a resource.

write

instance

-

coc:alarm:get

Allows you to query alarm information.

read

-

-

coc:alarm:count

Allows you to query the number of alarms.

read

-

-

coc:instance:listAlarms

Allows you to query the alarm list of all resources.

read

instance

-

coc:task:list

Allows you to query the O&M transaction list.

list

-

-

coc:task:create

Allows you to create O&M transactions

list

-

-

coc:task:complete

Allows you to end O&M transactions.

write

-

-

coc:task:cancel

Allows you to cancel O&M transactions.

write

-

-

coc:task:accept

Allows you to receive O&M transact.ions.

write

-

-

coc:task:get

Allows you to query details about an O&M transaction.

write

-

-

coc:task:count

Allows you to query the O&M transaction list.

read

-

-

coc:warroom:get

Allows you to query details about a war room.

read

-

-

coc:warroom:listConfigurations

Allows you to query the public enumeration configurations of war rooms.

list

-

-

coc:warroom:list

Allows you to query the war room list.

write

-

-

coc:warroom:listNotificationTemplates

Allows you to query the war room notification template list.

list

-

-

coc:warroom:listMeetings

Allows you to query the war room list.

list

-

-

coc:warroom:listRoles

Allows you to query the war room role list.

list

-

-

coc:warroom:listAffectedApplications

Allows you to query the list of applications of a war room.

list

-

-

coc:warroomMeetingRule:list

Allows you to query the war room startup rule list.

list

-

-

coc:warroom:getOperationHistory

Allows you to query war room operation history.

list

-

-

coc:warroom:addRolePersonnels

Allows you to add roles to war rooms.

list

-

-

coc:warroom:modifyBasicInformation

Allows you to modify basic war room information.

list

-

-

coc:warroomMeetingRule:delete

Allows you to delete war room setup rules.

list

-

-

coc:warroom:addAffectedApplications

Allows you to add applications to war rooms.

write

-

-

coc:warroom:addPersonnels

Allows you to add personnel to war rooms.

write

-

-

coc:warroomMeetingRule:update

Allows you to update war room startup rules.

write

-

-

coc:warroom:removeAffectedApplications

Allows you to remove the affected applications from war rooms.

write

-

-

coc:warroom:sendNotification

Allows you to update or send notifications in war rooms.

write

-

-

coc:warroom:removePersonnels

Allows you to remove personnel from war rooms.

write

-

-

coc:warroom:create

Allows you to create war rooms.

write

-

-

coc:warroom:sendNotificationBriefing

Allows you to send notification briefings in war rooms.

write

-

-

coc:warroom:updateAffectedApplications

Allows you to update applications in war rooms.

write

-

-

coc:warroomMeetingRule:create

Allows you to create war room startup rules.

write

-

-

coc:slo:list

Allows you to query the SLO list.

write

-

-

coc:slo:listSli

Allows you to query the SLI list.

write

-

-

coc:slo:update

Allows you to modify SLOs.

write

-

-

coc:slo:delete

Allows you to delete SLOs.

list

-

-

coc:slo:updateSli

Allows you to update the SLI list.

list

-

-

coc:slo:listInterruptRecords

Allows you to query the interruption record list.

write

-

-

coc:slo:listInterruptRecordsChangeHistory

Allows you to modify an interruption record.

write

-

-

coc:slo:updateInterruptRecords

Allows you to update interruption records.

write

-

-

coc:slo:createInterruptRecords

Allows you to create interruption records.

list

-

-

coc:slaTemplate:list

Allows you to query the SLA template list.

list

slaTemplate

-

coc:slaRecord:list

Allows you to query the SLA service ticket list.

write

-

-

coc:slo:get

Allows you to query SLO details.

write

-

-

coc:slaTemplate:update

Allows you to modify SLA template.

list

slaTemplate

-

coc:slaTemplate:enable

Allows you to enable the SLA template.

list

slaTemplate

-

coc:slaTemplate:delete

Allows you to delete the SLA template.

list

slaTemplate

-

coc:slaTemplate:disable

Allows you to disable an SLA template.

write

slaTemplate

-

coc:slaTemplate:create

Allows you to create an SLA template.

write

slaTemplate

-

coc:slo:create

Allows you to create an SLO.

write

-

-

coc:slaTemplate:get

Allows you to query details about an SLA template.

write

slaTemplate

-

coc:slaRecord:get

Allows you to query the details about an SLA service ticket.

write

-

-

coc:prrTemplate:list

Allows you to view the PRR template list.

write

-

-

coc:prrReview:list

Allows you to view the PRR review list.

read

-

-

coc:prrCheckItem:list

Allows you to view the PRR check item list.

read

-

-

coc:prrTemplate:create

Allows you to create a PRR template.

list

-

-

coc:prrReview:create

Allows you to initiate PRR reviews.

list

-

-

coc:prrReview:addImprovementTask

Allows you to add PRR improvement items.

list

-

-

coc:prrReview:update

Allows you to continue to initiate PRR review.s

write

-

-

coc:prrTemplate:delete

Allows you to delete PRR templates.

write

-

-

coc:prrTemplate:update

Allows you to modify PRR templates.

write

-

-

coc:prrReview:auditResult

Allows you to record PRR review conclusions.

write

-

-

coc:prrReview:delete

Allows you to revoke PRR reviews.

write

-

-

coc:prrReview:recordSummary

Allows you to input PRR review minutes.

write

-

-

coc:prrTemplate:get

Allows you to query details about PRR templates.

write

-

-

coc:prrReview:get

Allows you to query details about a PRR review.

write

-

-

coc:tag:list

Allows you to query the tag list.

write

-

-

coc:tag:create

Allows you to create tags.

read

-

-

coc:*:listSSHKeypairs

Allows you to query the SSH key list.

read

-

-

Each API of Cloud Cloud Operations Center usually supports one or more actions. Table 2 lists supported actions and their dependencies.

Table 2 Actions and dependencies supported by Cloud Connect APIs

API

Action

Dependency

GET /v1/patch/instance/compliant

coc:instance:scanOSCompliance

-

GET /v1/patch/instance/compliant/{instance_compliant_id}

coc:instance:scanOSCompliance

-

POST /v1/job/scripts

coc:document:create

-

DELETE /v1/job/scripts/{script_uuid

coc:document:delete

-

POST /v1/job/scripts/{script_uuid}

coc:instance:executeDocument

-

GET /v1/job/scripts/{script_uuid}

coc:document:get

-

GET /v1/job/scripts

coc:document:list

-

PUT /v1/job/scripts/{script_uuid}

coc:document:update

-

GET /v1/job/script/orders/{execute_uuid}/batches/{batch_index}

coc:instance:autoBatchInstances

-

GET /v1/job/script/orders/{execute_uuid}

coc:job:get

-

GET /v1/job/script/orders/{execute_uuid}/statistics

coc:job:get

-

GET /v1/job/script/orders/{execute_uuid}/batches

coc:instance:autoBatchInstances

-

GET /v1/job/script/orders

coc:job:list

-

PUT /v1/job/script/orders/{execute_uuid}/operation

coc:job:action

-

GET /v1/resources

coc:instance:countResources

-

POST https://coc-intl.myhuaweicloud.com/v1/resources/sync

coc:instance:syncResources

-

GET https://coc-intl.myhuaweicloud.com/v1/applications

coc:application:countResourceRelations

-

Resources

A resource type indicates the resources that an SCP applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.

The following table lists the resource types that you can define in SCP statements for Cloud Operations Center.

Table 3 Resource types supported by CloudOperationsCenter

Resource Type

URN

instance

ecs:<region>:<account-id>:instance:<server-id>

instance

bms:<region>:<account-id>:instance:<server-id>

document

coc::<account-id>:document:<document-name>

job

coc::<account-id>:job:<job-id>

application

coc::<account-id>:application:<application-id>

schedule

coc::<account-id>:schedule:<schedule-id>

faultMode

coc::<account-id>:faultMode:<fault-mode-id>

contingencyPlan

coc::<account-id>:contingencyPlan:<contingency-plan-id>

attackTask

coc::<account-id>:attackTask:<attack-task-name>

attackRecord

coc::<account-id>:attackRecord:<attack-record-id>

attackTargetRecord

coc::<account-id>:attackTargetRecord:<attack-target-record-id>

drillTask

coc::<account-id>:drillTask:<drill-task-id>

drillRecord

coc::<account-id>:drillRecord:<drill-record-id>

drillPlan

coc::<account-id>:drillPlan:<drill-plan-id>

slaTemplate

coc::<account-id>:slaTemplate:<sla_template-id>

parameter

coc:<region>:<account-id>:parameter:<parameter-name>

accountBaseline

coc::<account-id>:accountBaseline:<account_baseline_id>

resourceView

coc::<account-id>:resourceView:<resourceViewId>

instance

rds:<region>:<account-id>:instance:<instance-id>

Conditions

Cloud Operations Center does not support service-specific condition keys in SCPs.

It can only use global condition keys applicable to all services. For details, see Global Condition Keys.