Authorizable Resource Types
Last updated: 2025-04-24 14:47:15
With Cloud Access Management (CAM), you can grant resource-level permissions for users.
In CAM, the types of Lighthouse resources that can be authorized are as follows:
Resource Type | Resource Description Method in Authorization Policy |
Instance | qcs::lighthouse:$region:$account:instance/* |
Image | qcs::lighthouse:$region:$account:blueprint/* |
Snapshot | qcs::lighthouse:$region:$account:snapshot/* |
Key | qcs::lighthouse:$region:$account:keypair/* |
The table below lists the API operations of Lighthouse that currently support resource-level permissions, as well as their resources and condition keys. When setting the resource path, you need to replace the variable parameters such as
$region and $account with your actual parameter values. You can also use the * wildcard in the path.
For relevant concepts such as region, action, account, and resource in CAM policies, see Resource Description Method.Note:
Lighthouse API operations not listed here do not support resource-level permissions. You can still authorize a user to perform such an API operation, but you must specify
* as the resource element of the policy statement.Instance
API | Resource |
ModifyInstancesBundle | qcs::lighthouse:$region:$account:instance/$instanceId |
RenewInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
IsolateInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
ModifyInstancesAttribute | qcs::lighthouse:$region:$account:instance/$instanceId |
ModifyInstancesRenewFlag | qcs::lighthouse:$region:$account:instance/$instanceId |
RebootInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
ResetInstance | qcs::lighthouse:$region:$account:instance/$instanceId |
ResetInstancesPassword | qcs::lighthouse:$region:$account:instance/$instanceId |
StartInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
StopInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
TerminateInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
DescribeInstancesDeniedActions | qcs::lighthouse:$region:$account:instance/$instanceId |
DescribeInstancesReturnable | qcs::lighthouse:$region:$account:instance/$instanceId |
DescribeInstancesTrafficPackages | qcs::lighthouse:$region:$account:instance/$instanceId |
DescribeInstanceVncUrl | qcs::lighthouse:$region:$account:instance/$instanceId |
DescribeResetInstanceBlueprints | qcs::lighthouse:$region:$account:instance/$instanceId |
Snapshot
API | Resource |
CreateInstanceSnapshot | qcs::lighthouse:$region:$account:instance/$instanceIdqcs::lighthouse:$region:$account:snapshot/* |
DeleteSnapshots | qcs::lighthouse:$region:$account:snapshot/$snapshotId |
ApplyInstanceSnapshot | qcs::lighthouse:$region:$account:instance/$instanceIdqcs::lighthouse:$region:$account:snapshot/$snapshotId |
DescribeSnapshotsDeniedActions | qcs::lighthouse:$region:$account:snapshot/$snapshotId |
ModifySnapshotAttribute | qcs::lighthouse:$region:$account:snapshot/$snapshotId |
Firewall
API | Resource |
CreateFirewallRules | qcs::lighthouse:$region:$account:instance/$instanceId |
DeleteFirewallRules | qcs::lighthouse:$region:$account:instance/$instanceId |
DescribeFirewallRules | qcs::lighthouse:$region:$account:instance/$instanceId |
ModifyFirewallRules | qcs::lighthouse:$region:$account:instance/$instanceId |
ModifyFirewallRuleDescription | qcs::lighthouse:$region:$account:instance/$instanceId |
Key
API | Resource |
DeleteKeyPairs | qcs::lighthouse:$region:$account:keypair/$keypairId |
AssociateInstancesKeyPairs | qcs::lighthouse:$region:$account:instance/$instanceIdqcs::lighthouse:$region:$account:keypair/$keypairId |
DisassociateInstancesKeyPairs | qcs::lighthouse:$region:$account:instance/$instanceIdqcs::lighthouse:$region:$account:keypair/$keypairId |
Image
API | Resource |
CreateBlueprint | qcs::lighthouse:$region:$account:instance/$instanceIdqcs::lighthouse:$region:$account:blueprint/* |
DeleteBlueprints | qcs::lighthouse:$region:$account:blueprint/$blueprintId |
DescribeBlueprintInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
ModifyBlueprintAttribute | qcs::lighthouse:$region:$account:blueprint/$blueprintId |
Bundle
API | Resource |
DescribeModifyInstanceBundles | qcs::lighthouse:$region:$account:instance/$instanceId |
Billing
API | Resource |
InquirePriceRenewInstances | qcs::lighthouse:$region:$account:instance/$instanceId |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback