安全云脑 SecMaster

Organizations服务中的服务控制策略（Service Control Policy，以下简称SCP）可以使用以下授权项元素设置访问控制策略。

SCP不直接进行授权，只划定权限边界。将SCP绑定到组织单元或者成员账号时，并没有直接对组织单元或成员账号授予操作权限，而是规定了成员账号或组织单元包含的成员账号的授权范围。

本章节介绍组织服务中SCP使用的元素，这些元素包含了操作（Action）、资源（Resource）和条件（Condition）。

如何使用这些元素编辑SCP自定义策略，请参考创建SCP。

操作（Action）

操作（Action）即为SCP中支持的授权项。

“访问级别”列描述如何对操作进行分类（list、read和write等）。此分类可帮助您了解在SCP中相应操作对应的访问级别。
“资源类型”列指每个操作是否支持资源级权限。
- 资源类型支持通配符号*表示所有。如果此列没有值（-），则必须在SCP语句的Resource元素中指定所有资源类型（“*”）。
- 如果该列包含资源类型，则必须在具有该操作的语句中指定该资源的URN。
- 资源类型列中必需资源在表中用星号（*）标识，表示使用此操作必须指定该资源类型。
关于SecMaster定义的资源类型的详细信息请参见资源类型（Resource）。
“条件键”列包括了可以在SCP语句的Condition元素中支持指定的键值。
- 如果该授权项资源类型列存在值，则表示条件键仅对列举的资源类型生效。
- 如果该授权项资源类型列没有值（-），则表示条件键对整个授权项生效。
- 如果此列没有值（-），表示此操作不支持指定条件键。
关于SecMaster定义的条件键的详细信息请参见条件（Condition）。

您可以在SCP语句的Action元素中指定以下SecMaster的相关操作。

表1 SecMaster支持的授权项
授权项	描述	访问级别	资源类型（*为必须）	条件键
secmaster:playbook:get	授予权限获取剧本详情。	read	playbook *	-
secmaster:playbook:create	授予权限创建剧本。	write	playbook *	-
secmaster:playbook:delete	授予权限删除剧本。	write	playbook *	-
secmaster:playbook:update	授予权限更新剧本。	write	playbook *	-
secmaster:playbook:list	授予权限获取剧本列表。	list	playbook *	-
secmaster:playbook:getStatistics	授予权限获取剧本统计数据。	read	playbook *	-
secmaster:playbook:getMonitor	授予权限获取剧本运行监控数据。	read	playbook *	-
secmaster:playbook:copyVersion	授予权限克隆剧本版本。	write	playbook *	-
secmaster:playbook:approve	授予权限审核剧本。	write	playbook *	-
secmaster:playbook:listApproves	授予权限查询审核列表。	list	playbook *	-
secmaster:playbook:listInstances	授予权限查询实例列表。	list	playbook *	-
secmaster:playbook:getInstanceAuditlog	授予权限查询实例审计日志列表。	list	playbook *	-
secmaster:playbook:createVersion	授予权限创建剧本版本。	write	playbook *	-
secmaster:playbook:createVersionRule	授予权限创建剧本版本规则。	write	playbook *	-
secmaster:playbook:createVersionAction	授予权限创建剧本版本动作。	write	playbook *	-
secmaster:playbook:getVersion	授予权限获取剧本版本。	read	playbook *	-
secmaster:playbook:getVersionRule	授予权限获取剧本版本规则。	read	playbook *	-
secmaster:playbook:deleteVersion	授予权限删除剧本版本。	write	playbook *	-
secmaster:playbook:deleteVersionRule	授予权限删除剧本版本规则。	write	playbook *	-
secmaster:playbook:deleteVersionAction	授予权限删除剧本版本动作。	write	playbook *	-
secmaster:playbook:updateVersion	授予权限更新剧本版本。	write	playbook *	-
secmaster:playbook:updateVersionRule	授予权限更新剧本版本规则。	write	playbook *	-
secmaster:playbook:updateVersionAction	授予权限更新剧本版本动作。	write	playbook *	-
secmaster:playbook:listVersions	授予权限获取剧本版本列表。	list	playbook *	-
secmaster:playbook:listVersionActions	授予权限获取剧本版本动作列表。	list	playbook *	-
secmaster:playbook:getInstance	授予权限查询实例详情。	read	playbook *	-
secmaster:playbook:getInstanceTopology	授予权限查询实例拓扑详情。	read	playbook *	-
secmaster:playbook:operateInstance	授予权限操作剧本实例。	write	playbook *	-
secmaster:workflow:list	授予权限查询流程列表。	list	workflow *	-
secmaster:workflow:get	授予权限获取流程的详情。	read	workflow *	-
secmaster:workflow:delete	授予权限删除流程。	write	workflow *	-
secmaster:workflow:create	授予权限创建流程。	write	workflow *	-
secmaster:workflow:update	授予权限更新流程。	write	workflow *	-
secmaster:workflow:listVersions	授予权限获取流程版本的列表。	list	workflow *	-
secmaster:workflow:getVersion	授予权限获取流程的版本详情。	read	workflow *	-
secmaster:workflow:deleteVersion	授予权限删除流程的版本。	write	workflow *	-
secmaster:workflow:createVersion	授予权限创建流程版本。	write	workflow *	-
secmaster:workflow:updateVersion	授予权限更新流程的版本。	write	workflow *	-
secmaster:workflow:approveVersion	授予权限审核流程版本。	write	workflow *	-
secmaster:workflow:validate	授予权限校验流程的版本。	write	workflow *	-
secmaster:workflow:simulate	授予权限更新流程版本调试结果。	write	workflow *	-
secmaster:workflow:getInstance	授予权限流程实例拓扑图。	read	workflow *	-
secmaster:workflow:operateInstance	授予权限更新或创建流程实例。	write	workflow *	-
secmaster:connection:list	授予权限查询资产连接列表。	list	connection *	-
secmaster:connection:create	授予权限创建资产连接。	write	connection *	-
secmaster:connection:get	授予权限获取资产连接详情。	read	connection *	-
secmaster:connection:delete	授予权限删除资产连接。	write	connection *	-
secmaster:connection:update	授予权限更新资产连接。	write	connection *	-
secmaster:workspace:list	授予权限查询工作空间列表。	list	workspace *	-
secmaster:workspace:create	授予权限创建工作空间。	write	workspace *	-
secmaster:workspace:update	授予权限更新工作空间。	write	workspace *	-
secmaster:workspace:get	授予权限获取工作空间详情。	read	workspace *	-
secmaster:workspace:delete	授予权限删除工作空间。	write	workspace *	-
secmaster:task:list	授予权限查询待办列表。	list	task *	-
secmaster:task:create	授予权限创建待办。	write	task *	-
secmaster:task:update	授予权限更新待办。	write	task *	-
secmaster:task:get	授予权限获取待办详情。	read	task *	-
secmaster:indicator:get	授予权限获取情报详情。	read	indicator *	-
secmaster:indicator:create	授予权限创建情报。	write	indicator *	-
secmaster:indicator:update	授予权限更新情报。	write	indicator *	-
secmaster:indicator:delete	授予权限删除情报。	write	indicator *	-
secmaster:indicator:list	授予权限查询情报列表。	read	indicator *	-
secmaster:indicator:listTypes	授予权限查询情报类型列表。	list	indicator *	-
secmaster:indicator:bindLayout	授予权限绑定情报类型与布局关联。	write	indicator *	-
secmaster:alert:get	授予权限获取告警详情。	read	alert *	-
secmaster:alert:create	授予权限创建告警。	write	alert *	-
secmaster:alert:update	授予权限更新告警。	write	alert *	-
secmaster:alert:list	授予权限搜索告警列表。	list	alert *	-
secmaster:alert:delete	授予权限删除告警。	write	alert *	-
secmaster:alert:batchOrders	授予权限告警转事件。	list	alert *	-
secmaster:alert:listTypes	授予权限查询告警类型列表。	list	alert *	-
secmaster:alert:listCategories	授予权限查询告警类别列表。	list	alert *	-
secmaster:alert:createType	授予权限创建告警类型。	write	alert *	-
secmaster:alert:updateType	授予权限修改告警类型。	write	alert *	-
secmaster:alert:deleteType	授予权限删除告警类型。	write	alert *	-
secmaster:alert:enableType	授予权限启用/禁用告警类型。	write	alert *	-
secmaster:alert:bindLayout	授予权限绑定告警类型与布局关联。	write	alert *	-
secmaster:incident:get	授予权限获取事件详情。	read	incident *	-
secmaster:incident:create	授予权限创建事件。	write	incident *	-
secmaster:incident:update	授予权限更新事件。	write	incident *	-
secmaster:incident:list	授予权限搜索事件列表。	list	incident *	-
secmaster:incident:listTypes	授予权限获取事件的类型列表。	list	incident *	-
secmaster:incident:delete	授予权限删除事件。	write	incident *	-
secmaster:incident:listCategories	授予权限查询事件类别列表。	list	incident *	-
secmaster:incident:createType	授予权限创建事件类型。	write	incident *	-
secmaster:incident:updateType	授予权限修改事件类型。	write	incident *	-
secmaster:incident:deleteType	授予权限删除事件类型。	write	incident *	-
secmaster:incident:enableType	授予权限启用/禁用事件类型。	write	incident *	-
secmaster:incident:bindLayout	授予权限绑定事件类型与布局的关联。	write	incident *	-
secmaster:dataobject:createRelation	授予权限创建对象关系。	write	dataobject *	-
secmaster:dataobject:deleteRelation	授予权限删除对象关系。	write	dataobject *	-
secmaster:dataobject:listRelation	授予权限搜索对象关系列表。	list	dataobject *	-
secmaster:vulnerability:listGroup	授予权限查询漏洞组列表。	list	vulnerability *	-
secmaster:vulnerability:getGroup	授予权限获取漏洞组详情。	read	vulnerability *	-
secmaster:vulnerability:exportGroup	授予权限导出漏洞组列表。	list	vulnerability *	-
secmaster:vulnerability:listType	授予权限查询漏洞类型列表。	list	vulnerability *	-
secmaster:vulnerability:bindLayout	授予权限绑定漏洞类型与布局关联。	write	vulnerability *	-
secmaster:vulnerability:createType	授予权限创建漏洞类型。	write	vulnerability *	-
secmaster:vulnerability:updateType	授予权限修改漏洞类型。	write	vulnerability *	-
secmaster:vulnerability:deleteType	授予权限删除漏洞类型。	write	vulnerability *	-
secmaster:vulnerability:enableType	授予权限启用/禁用漏洞类型。	write	vulnerability *	-
secmaster:subscription:deletePostPaidOrder	授予权限删除按需订单。	write	-	-
secmaster:subscription:createPostPaidOrder	授予权限创建按需订单。	write	-	-
secmaster:subscription:createPrePaidOrder	授予权限创建包周期订单。	write	-	-
secmaster:subscription:getVersion	授予权限查看订购版本。	read	-	-
secmaster:metric:getResult	授予权限查看指标结果。	read	metric *	-
secmaster:metric:listResults	授予权限列出指标结果。	list	metric *	-
secmaster:metric:listHits	授予权限列出指标Hits结果。	list	metric *	-
secmaster:agency:get	授予权限查看委托。	read	-	-
secmaster:agency:create	授予权限创建委托。	write	-	-
secmaster:resource:getStatistics	授予权限查看资源统计。	read	resource *	-
secmaster:resource:list	授予权限列出资源。	list	resource *	-
secmaster:resource:import	授予权限导入资源。	write	resource *	-
secmaster:resource:getTemplate	授予权限获取资源导入模板。	read	resource *	-
secmaster:report:list	授予权限列出报告。	list	report *	-
secmaster:report:get	授予权限查看报告。	read	report *	-
secmaster:report:create	授予权限创建报告。	write	report *	-
secmaster:report:update	授予权限更新报告。	write	report *	-
secmaster:report:delete	授予权限删除报告。	write	report *	-
secmaster:emergencyVulnerability:updateReadStatus	授予权限设置应急漏洞读取状态。	write	emergencyVulnerability *	-
secmaster:emergencyVulnerability:list	授予权限列出应急漏洞。	list	emergencyVulnerability *	-
secmaster:emergencyVulnerability:export	授予权限导出应急漏洞。	read	emergencyVulnerability *	-
secmaster:dataspace:list	授予权限查询数据空间列表。	list	dataspace *	-
secmaster:dataspace:create	授予权限创建数据空间。	write	dataspace *	-
secmaster:dataspace:get	授予权限查询数据空间详情。	read	dataspace *	-
secmaster:dataspace:update	授予权限更新数据空间。	write	dataspace *	-
secmaster:dataspace:delete	授予权限删除数据空间。	write	dataspace *	-
secmaster:pipe:list	授予权限查询数据管道列表。	list	pipe *	-
secmaster:pipe:create	授予权限创建数据管道。	write	pipe *	-
secmaster:pipe:get	授予权限查询数据管道详情。	read	pipe *	-
secmaster:pipe:update	授予权限更新数据管道。	write	pipe *	-
secmaster:pipe:delete	授予权限删除数据管道。	write	pipe *	-
secmaster:pipe:getIndex	授予权限查询数据管道索引。	read	pipe *	-
secmaster:pipe:updateIndex	授予权限更新数据管道索引。	write	pipe *	-
secmaster:pipe:getConsumption	授予权限查询数据管道消费。	read	pipe *	-
secmaster:pipe:createConsumption	授予权限创建数据管道消费。	write	pipe *	-
secmaster:pipe:deleteConsumption	授予权限删除数据管道消费。	write	pipe *	-
secmaster:search:listLogs	授予权限查询数据。	list	workspace *	-
secmaster:search:listHistograms	授予权限查询数据分布直方图。	list	workspace *	-
secmaster:search:createAnalysis	授予权限执行分析。	write	workspace *	-
secmaster:searchCondition:list	授予权限查询检索条件列表。	list	searchCondition *	-
secmaster:searchCondition:create	授予权限创建检索条件。	write	searchCondition *	-
secmaster:searchCondition:get	授予权限查询检索条件详情。	read	searchCondition *	-
secmaster:searchCondition:update	授予权限更新检索条件。	write	searchCondition *	-
secmaster:searchCondition:delete	授予权限删除检索条件。	write	searchCondition *	-
secmaster:alertRule:list	授予权限查询告警模型。	list	alertRule *	-
secmaster:alertRule:create	授予权限创建告警模型。	write	alertRule *	-
secmaster:alertRule:get	授予权限查询告警模型详情。	read	alertRule *	-
secmaster:alertRule:update	授予权限修改告警模型。	write	alertRule *	-
secmaster:alertRule:delete	授予权限删除告警模型。	write	alertRule *	-
secmaster:alertRule:enable	授予权限启用告警模型。	write	alertRule *	-
secmaster:alertRule:disable	授予权限停用告警模型。	write	alertRule *	-
secmaster:alertRule:listMetrics	授予权限查询告警模型总览。	list	alertRule *	-
secmaster:alertRule:createSimulation	授予权限模拟告警模型。	write	alertRule *	-
secmaster:alertRuleTemplate:list	授予权限查询告警模板。	list	alertRuleTemplate *	-
secmaster:alertRuleTemplate:get	授予权限查询告警模板详情。	read	alertRuleTemplate *	-
secmaster:alertRuleTemplate:listMetrics	授予权限查询告警模板总览。	list	alertRuleTemplate *	-
secmaster:dataclass:create	授予权限创建数据类。	write	dataclass *	-
secmaster:dataclass:update	授予权限更新数据类。	write	dataclass *	-
secmaster:dataclass:delete	授予权限删除数据类。	write	dataclass *	-
secmaster:dataclass:get	授予权限获取数据类详情。	read	dataclass *	-
secmaster:dataclass:list	授予权限查询数据类列表。	list	dataclass *	-
secmaster:dataclass:createField	授予权限创建字段。	write	dataclass *	-
secmaster:dataclass:updateField	授予权限更新字段。	write	dataclass *	-
secmaster:dataclass:deleteField	授予权限删除字段。	write	dataclass *	-
secmaster:dataclass:getField	授予权限获取字段详情。	read	dataclass *	-
secmaster:dataclass:listFields	授予权限查询字段列表。	list	dataclass *	-
secmaster:dataclass:getType	授予权限获取类型详情。	read	dataclass *	-
secmaster:dataclass:listTypes	授予权限查询类型列表。	list	dataclass *	-
secmaster:mapping:update	授予权限更新分类映射状态。	write	mapping *	-
secmaster:mapping:list	授予权限搜索分类映射列表。	list	mapping *	-
secmaster:mapping:getDatasource	授予权限获取分类映射数据源。	read	mapping *	-
secmaster:mapping:listFunctions	授予权限获取分类映射函数。	list	mapping *	-
secmaster:mapping:delete	授予权限删除分类映射。	write	mapping *	-
secmaster:mapping:copy	授予权限复制分类映射。	write	mapping *	-
secmaster:mapping:createClassifier	授予权限创建分类。	write	mapping *	-
secmaster:mapping:updateClassifier	授予权限更新分类。	write	mapping *	-
secmaster:mapping:getClassifier	授予权限获取分类信息。	read	mapping *	-
secmaster:mapping:deleteClassifier	授予权限删除分类。	write	mapping *	-
secmaster:mapping:createMapper	授予权限创建映射。	write	mapping *	-
secmaster:mapping:updateMapper	授予权限更新映射。	write	mapping *	-
secmaster:mapping:listMappers	授予权限查询映射列表。	list	mapping *	-
secmaster:mapping:getMapper	授予权限获取映射信息。	read	mapping *	-
secmaster:mapping:deleteMapper	授予权限删除映射。	write	mapping *	-
secmaster:layout:listBusinessTypes	授予权限获取布局类型列表。	list	layout *	-
secmaster:layout:list	授予权限查询布局列表。	list	layout *	-
secmaster:layout:create	授予权限创建布局。	write	layout *	-
secmaster:layout:delete	授予权限删除布局。	write	layout *	-
secmaster:layout:update	授予权限更新布局。	write	layout *	-
secmaster:layout:get	授予权限查询布局。	read	layout *	-
secmaster:layout:createTemplate	授予权限另存为模板。	write	layout *	-
secmaster:layout:createField	授予权限创建布局字段。	write	layout *	-
secmaster:layout:listFields	授予权限获取布局字段列表。	list	layout *	-
secmaster:layout:getField	授予权限获取布局字段详情。	read	layout *	-
secmaster:layout:updateFiled	授予权限更新布局字段。	write	layout *	-
secmaster:layout:deleteField	授予权限删除布局字段。	write	layout *	-
secmaster:layout:listWizards	授予权限获取页面。	list	layout *	-
secmaster:layout:createWizard	授予权限创建页面。	write	layout *	-
secmaster:layout:getWizard	授予权限获取页面详情。	read	layout *	-
secmaster:layout:deleteWizard	授予权限删除页面。	write	layout *	-
secmaster:layout:updateWizard	授予权限更新页面。	write	layout *	-
secmaster:catalogue:list	授予权限目录列表查询。	list	catalogue *	-
secmaster:catalogue:update	授予权限更新目录。	write	catalogue *	-
secmaster:playbook:export	授予权限导出剧本。	read	playbook *	-
secmaster:playbook:import	授予权限导入剧本。	write	playbook *	-
secmaster:indicator:downloadTemplate	授予权限下载指标模板。	read	indicator *	-
secmaster:indicator:export	授予权限导出指标。	read	indicator *	-
secmaster:indicator:import	授予权限导入指标。	write	indicator *	-
secmaster:table:list	授予权限查询表。	list	table *	-
secmaster:table:create	授予权限创建表。	write	table *	-
secmaster:table:get	授予权限查询表详情。	read	table *	-
secmaster:table:update	授予权限修改表。	write	table *	-
secmaster:table:delete	授予权限删除表。	write	table *	-
secmaster:table:createLock	授予权限锁止表。	write	table *	-
secmaster:table:deleteLock	授予权限解锁表。	write	table *	-
secmaster:table:listMetrics	授予权限查询表总览。	list	table *	-
secmaster:table:updateSchema	授予权限设计表。	write	table *	-

SecMaster的API通常对应着一个或多个授权项。表2展示了API与授权项的关系，以及该API需要依赖的授权项。

表2 API与操作项的关系
API	对应的操作项	依赖的操作项
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}	secmaster:playbook:get	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks	secmaster:playbook:create	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}	secmaster:playbook:delete	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}	secmaster:playbook:update	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks	secmaster:playbook:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/statistics	secmaster:playbook:getStatistics	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/monitor	secmaster:playbook:getMonitor	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/clone	secmaster:playbook:copyVersion	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/approve	secmaster:playbook:approve	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/approval	secmaster:playbook:listApproves	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances	secmaster:playbook:listInstances	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/auditlogs	secmaster:playbook:getInstanceAuditlog	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions	secmaster:playbook:createVersion	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules	secmaster:playbook:createVersionRule	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions	secmaster:playbook:createVersionAction	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}	secmaster:playbook:getVersion	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules/{rule_id}	secmaster:playbook:getVersionRule	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}	secmaster:playbook:deleteVersion	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules/{rule_id}	secmaster:playbook:deleteVersionRule	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions/{action_id}	secmaster:playbook:deleteVersionAction	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}	secmaster:playbook:updateVersion	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules/{rule_id}	secmaster:playbook:updateVersionRule	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions/{action_id}	secmaster:playbook:updateVersionAction	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/versions	secmaster:playbook:listVersions	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions	secmaster:playbook:listVersionActions	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}	secmaster:playbook:getInstance	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/topology	secmaster:playbook:getInstanceTopology	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/operation	secmaster:playbook:operateInstance	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows	secmaster:workflow:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}	secmaster:workflow:get	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}	secmaster:workflow:delete	-
GET /v1/{project_id}/workspacesPOST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows	secmaster:workflow:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}	secmaster:workflow:update	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions	secmaster:workflow:listVersions	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}	secmaster:workflow:getVersion	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}	secmaster:workflow:deleteVersion	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions	secmaster:workflow:createVersion	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}	secmaster:workflow:updateVersion	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/approval	secmaster:workflow:approveVersion	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/validation	secmaster:workflow:validate	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/debug/result	secmaster:workflow:simulate	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/instances/{instance_id}/topology	secmaster:workflow:getInstance	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/instances	secmaster:workflow:operateInstance	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials	secmaster:connection:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials	secmaster:connection:create	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id}	secmaster:connection:get	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id}	secmaster:connection:delete	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id}	secmaster:connection:update	-
GET /v1/{project_id}/workspaces	secmaster:workspace:list	-
POST /v1/{project_id}/workspaces	secmaster:workspace:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}	secmaster:workspace:update	-
GET /v1/{project_id}/workspaces/v1/{project_id}/workspaces/{workspace_id}	secmaster:workspace:get	-
DELETE /v1/{project_id}/workspaces/{workspace_id}	secmaster:workspace:delete	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks	secmaster:task:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/tasks	secmaster:task:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id}	secmaster:task:update	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id}	secmaster:task:get	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id}	secmaster:indicator:get	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators	secmaster:indicator:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id}	secmaster:indicator:update	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id}	secmaster:indicator:delete	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/search	secmaster:indicator:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types	secmaster:indicator:listTypes	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types/layout	secmaster:indicator:bindLayout	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id}	secmaster:alert:get	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts	secmaster:alert:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id}	secmaster:alert:update	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/search	secmaster:alert:list	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts	secmaster:alert:delete	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order	secmaster:alert:batchOrders	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types	secmaster:alert:listTypes	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/category	secmaster:alert:listCategories	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types	secmaster:alert:createType	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/{dataclass_type_id}	secmaster:alert:updateType	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types	secmaster:alert:deleteType	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/enable	secmaster:alert:enableType	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/layout	secmaster:alert:bindLayout	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id}	secmaster:incident:get	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents	secmaster:incident:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id}	secmaster:incident:update	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/search	secmaster:incident:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types	secmaster:incident:listTypes	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents	secmaster:incident:delete	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/category	secmaster:incident:listCategories	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types	secmaster:incident:createType	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/{dataclass_type_id}	secmaster:incident:updateType	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types	secmaster:incident:deleteType	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/incidents/enable	secmaster:incident:enableType	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/layout	secmaster:incident:bindLayout	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}	secmaster:dataobject:createRelation	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}	secmaster:dataobject:deleteRelation	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}/search	secmaster:dataobject:listRelation	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/search	secmaster:vulnerability:listGroup	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/{vul_id}	secmaster:vulnerability:getGroup	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/export	secmaster:vulnerability:exportGroup	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types	secmaster:vulnerability:listType	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/layout	secmaster:vulnerability:bindLayout	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types	secmaster:vulnerability:createType	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/{dataclass_type_id}	secmaster:vulnerability:updateType	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types	secmaster:vulnerability:deleteType	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/enable	secmaster:vulnerability:enableType	-
DELETE /v1/{project_id}/subscriptions/orders	secmaster:subscription:deletePostPaidOrder	-
POST /v1/{project_id}/subscriptions/orders	secmaster:subscription:createPostPaidOrder	-
POST /v1/{project_id}/subscriptions/orders/{order_id}	secmaster:subscription:createPrePaidOrder	-
GET /v1/{project_id}/subscriptions/version	secmaster:subscription:getVersion	-
GET /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/{metric_id}/result	secmaster:metric:getResult	-
POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/results	secmaster:metric:listResults	-
POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/hits	secmaster:metric:listHits	-
GET /v1/{project_id}/agency	secmaster:agency:get	-
POST /v1/{project_id}/agency	secmaster:agency:create	-
GET /v1/{project_id}/workspaces/{workspace_id}/resource-statistics	secmaster:resource:getStatistics	-
GET /v1/{project_id}/workspaces/{workspace_id}/resources	secmaster:resource:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/sa/resources/import	secmaster:resource:import	-
GET /v1/{project_id}/workspaces/{workspace_id}/sa/resource/template	secmaster:resource:getTemplate	-
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports	secmaster:report:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:get	-
POST /v1/{project_id}/workspaces/{workspace_id}/sa/reports	secmaster:report:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:update	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id}	secmaster:report:delete	-
POST /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/read-status	secmaster:emergencyVulnerability:updateReadStatus	-
GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/list	secmaster:emergencyVulnerability:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/export	secmaster:emergencyVulnerability:export	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces	secmaster:dataspace:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces	secmaster:dataspace:create	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id}	secmaster:dataspace:get	-
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id}	secmaster:dataspace:update	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id}	secmaster:dataspace:delete	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes	secmaster:pipe:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes	secmaster:pipe:create	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}	secmaster:pipe:get	-
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}	secmaster:pipe:update	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}	secmaster:pipe:delete	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index	secmaster:pipe:getIndex	-
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index	secmaster:pipe:updateIndex	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption	secmaster:pipe:getConsumption	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption	secmaster:pipe:createConsumption	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption	secmaster:pipe:deleteConsumption	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/logs	secmaster:search:listLogs	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/histograms	secmaster:search:listHistograms	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/analysis	secmaster:search:createAnalysis	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions	secmaster:searchCondition:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions	secmaster:searchCondition:create	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id}	secmaster:searchCondition:get	-
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id}	secmaster:searchCondition:update	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id}	secmaster:searchCondition:delete	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules	secmaster:alertRule:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules	secmaster:alertRule:create	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}	secmaster:alertRule:get	-
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id}	secmaster:alertRule:update	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules	secmaster:alertRule:delete	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/enable	secmaster:alertRule:enable	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/disable	secmaster:alertRule:disable	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/metrics	secmaster:alertRule:listMetrics	-
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/simulation	secmaster:alertRule:createSimulation	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates	secmaster:alertRuleTemplate:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/{template_id}	secmaster:alertRuleTemplate:get	-
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/metrics	secmaster:alertRuleTemplate:listMetrics	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses	secmaster:dataclass:create	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}	secmaster:dataclass:update	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}	secmaster:dataclass:delete	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}	secmaster:dataclass:get	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses	secmaster:dataclass:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields	secmaster:dataclass:createField	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id}	secmaster:dataclass:updateField	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields	secmaster:dataclass:deleteField	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id}	secmaster:dataclass:getField	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields	secmaster:dataclass:listFields	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types/{dataclass_type_id}	secmaster:dataclass:getType	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types	secmaster:dataclass:listTypes	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/status	secmaster:mapping:update	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/search	secmaster:mapping:list	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/data-source	secmaster:mapping:getDatasource	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/functions	secmaster:mapping:listFunctions	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}	secmaster:mapping:delete	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/clone	secmaster:mapping:copy	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers	secmaster:mapping:createClassifier	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id}	secmaster:mapping:updateClassifier	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id}	secmaster:mapping:getClassifier	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id}	secmaster:mapping:deleteClassifier	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers	secmaster:mapping:createMapper	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id}	secmaster:mapping:updateMapper	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/search	secmaster:mapping:listMappers	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id}	secmaster:mapping:getMapper	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id}	secmaster:mapping:deleteMapper	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/business-type	secmaster:layout:listBusinessTypes	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/search	secmaster:layout:list	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts	secmaster:layout:create	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts	secmaster:layout:delete	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}	secmaster:layout:update	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}	secmaster:layout:get	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/template	secmaster:layout:createTemplate	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields	secmaster:layout:createField	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields	secmaster:layout:listFields	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields/{field_id}	secmaster:layout:getField	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields/{field_id}	secmaster:layout:updateFiled	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields	secmaster:layout:deleteField	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards	secmaster:layout:listWizards	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards	secmaster:layout:createWizard	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id};/v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards	secmaster:layout:getWizard	-
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id}	secmaster:layout:deleteWizard	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards	secmaster:layout:updateWizard	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/search;/v1/{project_id}/workspaces/{workspace_id}/soc/catalogues	secmaster:catalogue:list	-
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/{catalogue_id}	secmaster:catalogue:update	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/export	secmaster:playbook:export	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/import	secmaster:playbook:import	-
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/template/download	secmaster:indicator:downloadTemplate	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/export	secmaster:indicator:export	-
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/import	secmaster:indicator:import	-
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables	secmaster:table:list	-
-POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables	secmaster:table:create	-
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}	secmaster:table:get	-
PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}	secmaster:table:update	-
DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}	secmaster:table:delete	-
POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock	secmaster:table:createLock	-
DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock	secmaster:table:deleteLock	-
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/metrics	secmaster:table:listMetrics	-
PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/schema	secmaster:table:updateSchema	-

资源类型（Resource）

资源类型（Resource）表示SCP所作用的资源。如表3中的某些操作指定了可以在该操作指定的资源类型，则必须在具有该操作的SCP语句中指定该资源的URN，SCP仅作用于此资源；如未指定，Resource默认为“*”，则SCP将应用到所有资源。您也可以在SCP中设置条件，从而指定资源类型。

SecMaster定义了以下可以在SCP的Resource元素中使用的资源类型。

表3 SecMaster支持的资源类型
资源类型	URN
workspace	secmaster:<region>:<account-id>:workspace:<workspace-id>
playbook	secmaster:<region>:<account-id>:playbook:<workspace-id>/<playbook-id>
workflow	secmaster:<region>:<account-id>:workflow:<workspace-id>/<workflow-id>
connection	secmaster:<region>:<account-id>:connection:<workspace-id>/<connection-id>
task	secmaster:<region>:<account-id>:task:<workspace-id>/<task-id>
indicator	secmaster:<region>:<account-id>:indicator:<workspace-id>/<indicator-id>
alert	secmaster:<region>:<account-id>:alert:<workspace-id>/<alert-id>
incident	secmaster:<region>:<account-id>:incident:<workspace-id>/<incident-id>
dataobject	secmaster:<region>:<account-id>:dataobject:<workspace-id>/<dataobject-id>
metric	secmaster:<region>:<account-id>:metric:<workspace-id>/<metric-id>
resource	secmaster:<region>:<account-id>:resource:<workspace-id>/<resource-id>
report	secmaster:<region>:<account-id>:report:<workspace-id>/<report-id>
emergencyVulnerability	secmaster:<region>:<account-id>:emergencyVulnerability:<workspace-id>/<emergency-vulnerability-id>
dataspace	secmaster:<region>:<account-id>:dataspace:<workspace-id>/<dataspace-id>
pipe	secmaster:<region>:<account-id>:pipe:<workspace-id>/<pipe-id>
alertRule	secmaster:<region>:<account-id>:alertRule:<workspace-id>/<alertRule-id>
vulnerability	secmaster:<region>:<account-id>:vulnerability:<workspace-id>/<vulnerability-id>
alertRuleTemplate	secmaster:<region>:<account-id>:alertRuleTemplate:<workspace-id>/<alertRuleTemplate-id>
searchCondition	secmaster:<region>:<account-id>:searchCondition:<workspace-id>/<searchCondition-id>
dataclass	secmaster:<region>:<account-id>:dataclass:<workspace-id>/<dataclass-id>
mapping	secmaster:<region>:<account-id>:mapping:<workspace-id>/<mapping-id>
layout	secmaster:<region>:<account-id>:layout:<workspace-id>/<layout-id>
catalogue	secmaster:<region>:<account-id>:catalogue:<workspace-id>/<catalogue-id>
table	secmaster:<region>:<account-id>:table:<workspace-id>/<table-id>

条件（Condition）

SecMaster服务不支持在SCP中的条件键中配置服务级的条件键。SecMaster可以使用适用于所有服务的全局条件键，请参考全局条件键。

父主题： 安全与合规

上一篇：企业主机安全 HSS

下一篇：云防火墙 CFW

意见反馈

文档内容是否对您有帮助？

有帮助没帮助

提供反馈

提交成功！非常感谢您的反馈，我们会继续努力做到更好！您可在我的云声建议查看反馈及问题处理状态。

系统繁忙，请稍后重试

在使用文档中是否遇到以下问题

内容与产品页面不一致

内容不易理解

缺失示例代码

步骤不可操作

搜不到想要的内容

缺少最佳实践

意见反馈（选填）

0/500

请至少选择一项反馈信息并填写问题反馈

字符长度不能超过500

直接提交取消

如您有其它疑问，您也可以通过华为云社区问答频道来与我们联系探讨

智能客服提问云社区提问

安全云脑 SecMaster

操作（Action）

资源类型（Resource）

条件（Condition）

相关文档

意见反馈

文档内容是否对您有帮助？

7*24

备案

专业服务

退订

建议反馈

售前咨询热线