tencent cloud

Tencent Smart Advisor-Chaotic Fault Generator

Product Introduction
Overview
Strengths
Scenarios
Purchase Guide
Purchase Instructions
Getting Started
Quick Start with the Console
Quick Start with API
Operation Guide
Template Library
Experiments
Fault Action
Guardrail Monitoring
Tag
Agent Management
Fault Action Library
Compute
Database
Network
Container
Big Data
Cloud Load Balancer
Message Queue
Direct Connect
Custom Actions
Cloud Streaming Services (CSS)
Permission Management Guide
Overview
Authorization Policy Syntax
Authorizable Resource Types
Service Authorization and Role Permissions
Sub-users and Authorization
API Documentation
History
Introduction
API Category
Making API Requests
Task APIs
Template Library APIs
Data Types
Error Codes
FAQs
Product Feature Issues
Action Execution Issues
Agent FAQ
Related Protocol
PRIVACY POLICY MODULE CHAOTIC FAULT GENERATOR
DATA PRIVACY AND SECURITY AGREEMENT MODULE CHAOTIC FAULT GENERATOR
Contact Us
DocumentationTencent Smart Advisor-Chaotic Fault GeneratorPermission Management GuideAuthorizable Resource Types

Authorizable Resource Types

PDF
Focus Mode
Font Size
Last updated: 2024-09-26 15:34:19
Resource-level permissions can be used to specify which resources a user can operate with. Tencent Smart Advisor-Chaotic Fault Generator (CFG) supports certain resource-level permissions. This means that for Chaotic Fault Generator operations that support resource-level permissions. You can control when to allow users to perform operations or use specified resources.
Authorizable resource types in Cloud Access Management (CAM) are as follows:
Resource Type
Resource Description Method in Authorization Policy
CFG Experiment Task Related
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
CFG Template Library Related
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
CFG Custom Action Related
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
The following table describes API operations that currently support resource-level permissions in the CFG policy and the resources and condition keys supported by each operation. When specifying resource paths, you can use the * wildcard in the paths.

List of APIs that support resource-level authorization

Experiment Related

API Call Sequence
Resource Path
DeleteTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskExecuteLogs
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskList
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskStatistics
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskStatisticsOperateCondition
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
EditTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ExecuteTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ExecuteTaskInstance
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ModifyTaskResult
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ModifyTaskStatus
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId

Template Library Related

API Call Sequence
Resource Path
DeleteTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
DescribeTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
DescribeTemplateList
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
EditTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
ModifyTemplateIsUsed
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId

Action Library Related

API Call Sequence
Resource Path
DescribeActionLibraryList
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
DeleteCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
UpdateCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
DescribeCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId

List of APIs not Supporting Resource-level Authorization

For API operations that do not support resource-level permissions in the CFG policy, you can still grant user permissions to use these operations, but you must specify the resource element of the policy statement as *.
API Call Sequence
API Description
CreateTask
This API is used to create an experiment.
CreateTemplate
This API is used to create a template library.
CreateCustomAction
This API is used to create the custom action.
DescribeActionFieldConfigList
This API is used to obtain the action field configuration parameter list.
DescribeActionLibraryList
This API is used to obtain the action library list.
DescribeCamIdentity
This API is used to obtain user CAM service authorization information.
DescribeNoticeId
This API is used to obtain the user notification template ID.
DescribeObjectMetrics
This API is used to obtain monitoring metric information of object types.
DescribeObjectTypeList
This API is used to query the object type list.
DescribeRegionList
This API is used to query the region list.
Previous Topic: Authorization Policy SyntaxNext Topic: Service Authorization and Role Permissions

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback