tencent cloud

Feedback

Cloud File Storage

Last updated: 2024-06-15 10:00:56

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Cloud File Storage cfs Supported Supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    ActivateAccessCert ActivateAccessCert Operation level * Supported
    AddMountTarget Add a mount target Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    BindAccessCert BindAccessCert Resource level qcs::cfs::uin/${uin}:filesystem/${FileSystemId} Supported
    BindAutoSnapshotPolicy bind auto policy Resource level qcs::cfs:${Region}:uin/:asp/${AutoSnapshotPolicyId} Supported
    CreateAccessCert CreateAccessCert Operation level * Supported
    CreateAutoSnapshotPolicy create auto policy Operation level * Supported
    CreateCfsFileSystem Creates a file system Operation level * Supported
    CreateCfsPGroup Creates a permission group Operation level * Supported
    CreateCfsRule Creates a permission group rule Resource level qcs::cfs:$region:$account:pgroup/$pGroupId Supported
    CreateCfsSnapshot create cfs filesystem snapshot Resource level qcs::cfs:${region}:uin/${uin}:filesystem/${FileSystemId} Supported
    CreateMigrationTask create migration task Operation level * Supported
    DeactivateAccessCert DeactivateAccessCert Operation level * Supported
    DeleteAccessCert DeleteAccessCert Operation level * Supported
    DeleteAutoSnapshotPolicy delete snapshot policy Resource level qcs::cfs:${Region}:uin/:asp/${AutoSnapshotPolicyId} Supported
    DeleteCfsFileSystem Deletes a file system Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    DeleteCfsPGroup Deletes a permission group Resource level qcs::cfs:$region:$account:pgroup/$pGroupId Supported
    DeleteCfsRule Deletes a permission group rule Resource level qcs::cfs:$region:$account:pgroup/$pGroupId Supported
    DeleteCfsSnapshot delete cfs filesystem snapshot Resource level qcs::cfs:${Region}:uin/:snap/${SnapshotId} Supported
    DeleteMigrationTask delete migration task Operation level * Supported
    DeleteMountTarget Deletes a mount target Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    ModifyFileSystemAutoScaleUpRule ModifyFileSystemAutoScaleUpRule Resource level qcs::cfs:${region}:uin/${uin}:filesystem/${FileSystemId} Supported
    OverrideCfsRules Overwrite a list of permission group rules Resource level qcs::cfs:$region:$account:pgroup/$pGroupId Supported
    ScaleUpFileSystem ScaleUpFileSystem Resource level qcs::cfs:${region}:uin/${uin}:filesystem/${FileSystemId} Supported
    SignUpCfsService Activates the CFS service Operation level * Supported
    StopMigrationTask stop migration task Operation level * Supported
    UnbindAccessCert UnbindAccessCert Resource level qcs::cfs::uin/${uin}:filesystem/${FileSystemId} Supported
    UnbindAutoSnapshotPolicy unbind auto policy Resource level qcs::cfs:${Region}:uin/:asp/${AutoSnapshotPolicyId} Supported
    UpdateAccessCert UpdateAccessCert Operation level * Supported
    UpdateAccessChannel UpdateAccessChannel Resource level qcs::cfs::uin/${uin}:filesystem/${FileSystemId} Supported
    UpdateAutoSnapshotPolicy update auto policy Resource level qcs::cfs:${Region}:uin/:asp/${AutoSnapshotPolicyId} Supported
    UpdateCfsFileSystemName Updates a file system name Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    UpdateCfsFileSystemPGroup Updates the permission group for a file system Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    UpdateCfsFileSystemSizeLimit Updates the capacity limit of a file system Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    UpdateCfsPGroup Updates the information of a permission group Resource level qcs::cfs:$region:$account:pgroup/$pGroupId Supported
    UpdateCfsRule Updates a permission group rule Resource level qcs::cfs:$region:$account:pgroup/$pGroupId Supported
    UpdateCfsSnapshotAttribute update snapshot name or alive days Resource level qcs::cfs:${Region}:uin/:snap/${SnapshotId} Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAccessCerts DescribeAccessCerts Operation level * Supported
    DescribeAutoSnapshotPolicies describe snapshot policy Resource level qcs::cfs:${Region}:uin/:asp/${AutoSnapshotPolicyId} not supported
    DescribeCfsSnapshots describe snapshots Resource level qcs::cfs:${Region}:uin/:snap/${SnapshotId} Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAccessChannels DescribeAccessChannels Operation level * Supported
    DescribeBucketList describe buckets list Operation level * Supported
    DescribeCfsFileSystemClients Queries clients of a file system Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    DescribeCfsFileSystems Queries file systems Resource level qcs::cfs:${Region}:uin/:filesystem/${FileSystemId} Supported
    DescribeCfsPGroups Queries the list of permission groups Operation level * Supported
    DescribeCfsRules Queries permission group rules Resource level qcs::cfs:$region:$account:pgroup/$pGroupId Supported
    DescribeCfsServiceStatus Operation level * not supported
    DescribeKmsKeys Queries the list of KMS keys Operation level * Supported
    DescribeMigrationTasks describe migration tasks list Operation level * Supported
    DescribeMountTargets Queries the mount targets of a file system Resource level qcs::cfs:$region:$account:filesystem/$fileSystemId Supported
    DescribeSnapshotOperationLogs get snapshot operation logs Resource level qcs::cfs:${Region}:uin/:snap/${SnapshotId} Supported
    DownloadAccessCert DownloadAccessCert Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support