Cloud HDFS
Last updated:2026-01-27 09:47:42
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Cloud HDFS | chdfs | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AssociateAccessGroups | associate access groups | Resource level | qcs::chdfs:$region:$account:mountpoint/$mountPointId | Supported |
| CreateAccessGroup | create access group | Resource level | qcs::chdfs:$region:$account:vpc/$vpcId qcs::chdfs:$region:$account:unVpcId/$unVpcId |
Supported |
| CreateAccessRules | batch create access rules | Resource level | qcs::chdfs:$region:$account:accessgroup/$accessGroupId | Supported |
| CreateFileSystem | create file system | Operation level | * | Supported |
| CreateInventoryConfig | create inventory config | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| CreateLifeCycleRules | batch create life cycle rules | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| CreateMountPoint | create mount point | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| CreatePathProtectionRule | create path protection rule | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| CreateRestoreTasks | batch create restore tasks | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| CreateTrashConfig | create trash config | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | not supported |
| DeleteAccessGroup | delete access group | Resource level | qcs::chdfs:$region:$account:accessgroup/$accessGroupId | Supported |
| DeleteAccessRules | batch delete access rules | Resource level | qcs::chdfs:${region}:uin/${uin}:accessgroup/$accessGroupId | Supported |
| DeleteFileSystem | delete file system | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| DeleteInventoryConfig | delete inventory config | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| DeleteLifeCycleRules | batch delete life cycle rules | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| DeleteMountPoint | delete mount point | Resource level | qcs::chdfs:$region:$account:mountpoint/$mountPointId | Supported |
| DeletePathProtectionRule | delete path protection rule | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| DeleteTrashConfig | delete trash config | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | not supported |
| DisassociateAccessGroups | disassociate access groups | Resource level | qcs::chdfs:$region:$account:mountpoint/$mountPointId | Supported |
| ModifyAccessGroup | modify access group | Resource level | qcs::chdfs:$region:$account:accessgroup/$accessGroupId | Supported |
| ModifyAccessRules | batch modify access rules | Resource level | qcs::chdfs:${region}:uin/${uin}:accessgroup/$accessGroupId | Supported |
| ModifyFileSystem | modify file system | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| ModifyInventoryConfig | modify inventory config | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| ModifyLifeCycleRules | batch modify life cycle rules | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| ModifyMountPoint | modify mount point | Resource level | qcs::chdfs:$region:$account:mountpoint/$mountPointId | Supported |
| ModifyPathProtectionRule | modify path protection rule | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| ModifyResourceTags | modify resource tags | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| ModifyTrashConfig | modify trash config | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | not supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAccessGroup | describe access group | Resource level | qcs::chdfs:${region}:$account:accessgroup/$accessGroupId | Supported |
| DescribeFileSystem | describe file system | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| DescribeMountPoint | describe mount point | Resource level | qcs::chdfs:$region:$account:mountpoint/$mountPointId | Supported |
| DescribeTrashConfig | describe trash config | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | not supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAccessGroups | describe access groups | Resource level | qcs::chdfs:$region:$account:accessgroup/$accessGroupId | Supported |
| DescribeAccessRules | describe access rules | Resource level | qcs::chdfs:$region:$account:accessgroup/$accessGroupId | Supported |
| DescribeFileSystems | describe file systems | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| DescribeInventoryConfigs | describe inventory configs | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| DescribeLifeCycleRules | describe life cycle rules | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| DescribeMountPoints | describe mount points | Resource level | qcs::chdfs:$region:$account:mountpoint/$mountPointId | Supported |
| DescribePathProtectionRules | describe path protection rules | Resource level | qcs::chdfs:${region}:uin/${uin}:filesystem/$fileSystemId | Supported |
| DescribeResourceTags | describe resource tags | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
| DescribeRestoreTasks | describe restore tasks | Resource level | qcs::chdfs:$region:$account:filesystem/$fileSystemId | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback