支持的授权项
策略包含系统策略和自定义策略,如果系统策略不满足授权要求,管理员可以创建自定义策略,并通过给用户组授予自定义策略来进行精细的访问控制。策略支持的操作与API相对应,授权项列表说明如下:
- 权限:允许或拒绝某项操作。
- 对应API接口:自定义策略实际调用的API接口。
- 授权项:自定义策略中支持的Action,在自定义策略中的Action中写入授权项,可以实现授权项对应的权限功能。
- 依赖的授权项:部分Action存在对其他Action的依赖,需要将依赖的Action同时写入授权项,才能实现对应的权限功能。
- IAM项目(Project)/企业项目(Enterprise Project):自定义策略的授权范围,包括IAM项目与企业项目。授权范围如果同时支持IAM项目和企业项目,表示此授权项对应的自定义策略,可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目,不支持企业项目,表示仅能在IAM中给用户组授权并生效,如果在企业管理中授权,则该自定义策略不生效。
“√”表示支持,“x”表示暂不支持
权限
API
授权项
依赖项
IAM项目(Project)
查询WAF独享引擎信息
GET /v1/{project_id}/premium-waf/instance/{instance_id}
waf:premiumInstance:get
-
√
删除WAF独享引擎信息
DELETE /v1/{project_id}/premium-waf/instance/{instance_id}
waf:premiumInstance:delete
-
√
重命名WAF独享引擎
PUT /v1/{project_id}/premium-waf/instance/{instance_id}
waf:premiumInstance:put
-
√
创建WAF独享引擎实例
POST /v1/{project_id}/premium-waf/instance
waf:premiumInstance:create
-
√
查询WAF独享引擎列表
GET /v1/{project_id}/premium-waf/instance
waf:premiumInstance:list
-
√
创建独享模式域名
POST /v1/{project_id}/premium-waf/host
waf:instance:create
-
√
查询独享模式域名列表
GET /v1/{project_id}/premium-waf/host
waf:instance:list
-
√
修改独享模式域名配置
PUT /v1/{project_id}/premium-waf/host/{host_id}
waf:instance:put
-
√
查看独享模式域名配置
GET /v1/{project_id}/premium-waf/host/{host_id}
waf:instance:get
-
√
删除独享模式域名
DELETE /v1/{project_id}/premium-waf/host/{host_id}
waf:instance:delete
-
√
修改独享模式域名防护状态
PUT /v1/{project_id}/premium-waf/host/{host_id}/protect-status
waf:instance:put
-
√
修改独享模式域名接入状态
PUT /v1/{project_id}/premium-waf/host/{host_id}/access_status
waf:instance:put
-
√
查询防护策略列表
GET /v1/{project_id}/waf/policy
waf:policy:list
-
√
创建防护策略
POST /v1/{project_id}/waf/policy
waf:policy:create
-
√
根据Id查询防护策略
GET /v1/{project_id}/waf/policy/{policy_id}
waf:policy:get
-
√
更新防护策略
PATCH /v1/{project_id}/waf/policy/{policy_id}
waf:policy:put
-
√
删除防护策略
DELETE /v1/{project_id}/waf/policy/{policy_id}
waf:policy:delete
-
√
查询黑白名单规则列表
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip
waf:whiteBlackIpRule:list
-
√
创建黑白名单规则
POST /v1/{project_id}/waf/policy/{policy_id}/whiteblackip
waf:whiteBlackIpRule:create
-
√
查询黑白名单防护规则
GET /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}
waf:whiteBlackIpRule:get
-
√
更新黑白名单防护规则
PUT /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}
waf:whiteBlackIpRule:put
-
√
删除黑白名单防护规则
DELETE /v1/{project_id}/waf/policy/{policy_id}/whiteblackip/{rule_id}
waf:whiteBlackIpRule:delete
-
√
查询CC规则列表
GET /v1/{project_id}/waf/policy/{policy_id}/cc
waf:ccRule:list
-
√
创建CC规则
POST /v1/{project_id}/waf/policy/{policy_id}/cc
waf:ccRule:create
-
√
根据ID查询CC防护规则
GET /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}
waf:ccRule:get
-
√
更新CC防护规则
PUT /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}
waf:ccRule:put
-
√
删除CC防护规则
DELETE /v1/{project_id}/waf/policy/{policy_id}/cc/{rule_id}
waf:ccRule:delete
-
√
查询精准防护规则列表
GET /v1/{project_id}/waf/policy/{policy_id}/custom
waf:preciseProtectionRule:list
-
√
创建精准防护规则
POST /v1/{project_id}/waf/policy/{policy_id}/custom
waf:preciseProtectionRule:create
-
√
根据Id 查询精准防护规则
GET /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}
waf:preciseProtectionRule:get
-
√
更新精准防护规则
PUT /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}
waf:preciseProtectionRule:put
-
√
删除精准防护规则
DELETE /v1/{project_id}/waf/policy/{policy_id}/custom/{rule_id}
waf:preciseProtectionRule:delete
-
√
查询隐私屏蔽规则列表
GET /v1/{project_id}/waf/policy/{policy_id}/privacy
waf:privacyRule:list
-
√
创建隐私屏蔽规则
POST /v1/{project_id}/waf/policy/{policy_id}/privacy
waf:privacyRule:create
-
√
根据Id 查询隐私屏蔽防护规则
GET /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}
waf:privacyRule:get
-
√
更新隐私屏蔽防护规则
PUT /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}
waf:privacyRule:put
-
√
删除隐私屏蔽防护规则
DELETE /v1/{project_id}/waf/policy/{policy_id}/privacy/{rule_id}
waf:privacyRule:delete
-
√
查询防篡改规则列表
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper
waf:antiTamperRule:list
-
√
创建防篡改规则
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper
waf:antiTamperRule:create
-
√
根据Id 查询防篡改防护规则
GET /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}
waf:antiTamperRule:get
-
√
删除防篡改防护规则
DELETE /v1/{project_id}/waf/policy/{policy_id}/antitamper/{rule_id}
waf:antiTamperRule:delete
-
√
某个网页防篡改规则更新缓存
POST /v1/{project_id}/waf/policy/{policy_id}/antitamper/{antitamperid}/refresh
waf:antiTamperRule:create
-
√
查询误报屏蔽规则列表
GET /v1/{project_id}/waf/policy/{policy_id}/ignore
waf:falseAlarmMaskRule:list
-
√
创建误报屏蔽规则
POST /v1/{project_id}/waf/policy/{policy_id}/ignore
waf:falseAlarmMaskRule:create
-
√
查询误报屏蔽防护规则
GET /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}
waf:falseAlarmMaskRule:get
-
√
更新误报屏蔽防护规则
PUT /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}
waf:falseAlarmMaskRule:put
-
√
删除误报屏蔽防护规则
DELETE /v1/{project_id}/waf/policy/{policy_id}/ignore/{rule_id}
waf:falseAlarmMaskRule:delete
-
√
查询证书列表
GET /v1/{project_id}/waf/certificate
waf:certificate:get
-
√
创建证书
POST /v1/{project_id}/waf/certificate
waf:certificate:create
-
√
查询证书
GET /v1/{project_id}/waf/certificate/{certificate_id}
waf:certificate:list
-
√
修改证书
PUT /v1/{project_id}/waf/certificate/{certificate_id}
waf:certificate:put
-
√
删除证书
DELETE /v1/{project_id}/waf/certificate/{certificate_id}
waf:certificate:delete
-
√
绑定证书到域名
POST /v1/{project_id}/waf/certificate/{certificate_id}/apply-to-hosts
waf:certificate:apply
-
√
查询安全总览请求与攻击数量
GET /v1/{project_id}/waf/overviews/statistics
waf:event:get
-
√
查询安全总览分类统计TOP信息
GET /v1/{project_id}/waf/overviews/classification
waf:event:get
-
√
查询攻击事件列表
GET /v1/{project_id}/waf/event
waf:event:get
-
√
查询攻击事件详情
GET /v1/{project_id}/waf/event/{eventid}
waf:event:get
-
√
