tencent cloud

Feedback

Data Security Center

Last updated: 2024-02-29 09:17:38

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Data Security Governance Center dsgc Supported not supported Operation level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AuthorizeDSPAMetaResources AuthorizeDSPAMetaResources Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    CreateDSPAAssessmentTask CreateDSPAAssessmentTask Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    CreateDSPACOSDiscoveryTask create cos discovery task Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    CreateDSPACategory create dspa category info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    CreateDSPACluster CreateDSPACluster Operation level * Supported
    CreateDSPAComplianceGroup create dspa compliance group info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    CreateDSPACosMetaResources CreateDSPACosMetaResources Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    CreateDSPADiscoveryRule create discovery rule Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    CreateDSPADiscoveryTask create discovery task Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    CreateDSPALevelGroup create dspa level group Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    CreateDSPAMetaResources CreateDSPAMetaResources Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    CreateDSPASelfBuildMetaResource CreateDSPASelfBuildMetaResource Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    CreateDsgcDataLevelItem Operation level * Supported
    DeleteDSPAAssessmentTask DeleteDSPAAssessmentTask Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DeleteDSPACOSDiscoveryTask delete cos discovery task Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPACOSDiscoveryTaskResult delete cos discovery task result Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPACategory delete discovery category info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPACluster DeleteDSPACluster Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DeleteDSPAComplianceGroup delete discovery compliance group info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPADiscoveryRule delete cos discovery rule info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPADiscoveryTask delete discovery task Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPADiscoveryTaskResult delete discovery task result Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPALevelGroup delete discovery level group Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DeleteDSPAMetaResource DeleteDSPAMetaResource Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DeleteDsgcDataLevelItems Operation level * Supported
    DisableDSPAMetaResourceAuth DisableDSPAMetaResourceAuth Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    EnableDSPADiscoveryRule enable & disable discovery rule Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDSPAAssessmentRisk ModifyDSPAAssessmentRisk Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    ModifyDSPACOSDiscoveryTask modify cos discovery task Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDSPACOSTaskResult adjust cos task scan result Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDSPACategory modify category info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDSPAClusterInfo ModifyDSPAClusterInfo Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    ModifyDSPAComplianceGroup modify discovery compliance group info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDSPADiscoveryRule modify discovery rule info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDSPADiscoveryTask modify discovery task info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDSPATaskResult adjust discovery task scan result Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    ModifyDsgcAlertTabAbnormalStatus Operation level * Supported
    ModifyDsgcClientInfo Operation level * Supported
    ModifyDsgcDataLevelItem Operation level * Supported
    RestartDSPAAssessmentTask RestartDSPAAssessmentTask Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    StartDSPADiscoveryTask start exec discovery task Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    StopDSPADiscoveryTask stop exec discovery task Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    UpdateDSPASelfBuildResource UpdateDSPASelfBuildResource Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeDSPAAssessmentCOSAsset DescribeDSPAAssessmentCOSAsset Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPAAssessmentControlItems DescribeDSPAAssessmentControlItems Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DescribeDSPAAssessmentRDBAsset DescribeDSPAAssessmentRDBAsset Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPAAssessmentRisks DescribeDSPAAssessmentRisks Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DescribeDSPAAssessmentTasks DescribeDSPAAssessmentTasks Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DescribeDSPAAssessmentTemplateControlItems DescribeDSPAAssessmentTemplateControlItems Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DescribeDSPAAssessmentTemplates DescribeDSPAAssessmentTemplates Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSDataAssetBuckets describe cos sensitive data asset buckets list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSDataAssetByComplianceId describe cos asset statistics Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSDataAssetDetail describe cos discovery data asset detail Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSDiscoveryTaskDetail describe cos discovery task detail Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSDiscoveryTaskFiles describe cos discovery task result detail file list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSDiscoveryTaskResult describe cos discovery task result Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSDiscoveryTasks describe cos discovery task list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACOSTaskResultDetail describe cos discovery task result detail Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPACategories describe sensitive data category list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPAComplianceGroups describe identify compliance groups Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADataSourceDbInfo describe discovery data source database info Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADiscoveryRules describe discovery rule list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADiscoveryServiceStatus query service status Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADiscoveryTaskDetail describe discovery task detail Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADiscoveryTaskResult describe discovery task result Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADiscoveryTaskResultDetail describe discovery task result detail Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADiscoveryTaskTables describe discovery scanned table list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPADiscoveryTasks describe discovery task list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPALevelDetail describe discovery level detail Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPALevelGroups describe discovery level group list Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPARDBDataAssetByComplianceId describe rdb data asset statistics Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPARDBDataAssetDetail describe rdb data asset detail Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDSPATaskResultDataSample describe scanned result data sample Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    DescribeDsgcAbnormalDataInfo Operation level * Supported
    DescribeDsgcAbnormalOperationInstanceStatistics Operation level * Supported
    DescribeDsgcAbnormalOperationStatistics Operation level * Supported
    DescribeDsgcAbnormalOperationTrend Operation level * Supported
    DescribeDsgcAbnormalUserInfos Operation level * Supported
    DescribeDsgcAlertLevelAmount Operation level * Supported
    DescribeDsgcAlertTabs Operation level * not supported
    DescribeDsgcAlertTagsCount Operation level * Supported
    DescribeDsgcAmount Operation level * Supported
    DescribeDsgcClientInfo Operation level * Supported
    DescribeDsgcDataLevelInfos Operation level * Supported
    DescribeDsgcDataLevelList Operation level * Supported
    DescribeDsgcDataTrend Operation level * Supported
    DescribeDsgcHostAmount Operation level * Supported
    DescribeDsgcHostSafeTrend Operation level * Supported
    DescribeDsgcRiskDataTopList Operation level * Supported
    DescribeDsgcRiskUserTopList Operation level * Supported
    DescribeDsgcSafeTrendList Operation level * Supported
    DescribeDsgcSensitiveDataDetailInfo Operation level * Supported
    DescribeDsgcSensitiveDataInfo Operation level * Supported
    DescribeDsgcSensitiveDataLevelInfo Operation level * Supported
    DescribeDsgcSensitiveDataTypeInfo Operation level * Supported
    DescribeDsgcSensitiveDataTypeInfoByTable Operation level * Supported
    DescribeDsgcSensitiveGroupTypeCount Operation level * Supported
    DescribeDsgcTypeGroups Operation level * Supported
    DescribeDsgcaAssociateSetting Operation level * Supported
    GetResourceConnectionStatus GetResourceConnectionStatus Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    VerifyDSPACOSRule verify cos discovery rule Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported
    VerifyDSPADiscoveryRule verify discovery rule Resource level qcs::${ApiModule}::uin/:DspaId/${DspaId} Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeDSPASupportedMetas DescribeDSPASupportedMetas Operation level * not supported
    ListDSPAClusters ListDSPAClusters Resource level qcs::dsgc:${region}:uin/${uin}:DspaId/* Supported
    ListDSPACosMetaResources ListDSPACosMetaResources Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    ListDSPAMetaResources ListDSPAMetaResources Resource level qcs::${ApiModule}:${Region}:uin/:DspaId/${DspaId} Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support