Bastion Host
Last updated:2026-01-27 09:46:43
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Operation and Maintenance Security Center (Bastion Host) | bh | Supported | not supported | Operation level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AccessDevice | Access Device | Operation level | * | Supported |
| AccessDevices | External client access to assets | Operation level | * | Supported |
| CanCreateTrialResource | CanCreateTrialResource | Operation level | * | Supported |
| DescribeAccessControlRule | Describe Access Control Rule | Operation level | * | Supported |
| DescribeAccessEntry | Describe Access Entry | Operation level | * | Supported |
| DescribeAlarmSetting | Describe Alarm Setting | Operation level | * | Supported |
| DescribeAssetSyncStatus | Describe Asset Sync Status | Operation level | * | Supported |
| DescribeCdcSetting | Describe Cdc Setting | Operation level | * | Supported |
| DescribeCloudAccountSyncDetails | Describe Cloud Account Sync Details | Operation level | * | Supported |
| DescribeCloudAccounts | Describe Cloud Accounts | Operation level | * | Supported |
| DescribeDeviceCount | Describe Device Count | Operation level | * | Supported |
| DescribeDeviceCountSummary | Describe device count summary | Operation level | * | Supported |
| DescribeDevicePods | Describe Device Pods | Operation level | * | Supported |
| DescribeDomainInstallScript | Describe Domain InstallScript | Operation level | * | Supported |
| DescribeEnableDeployZone | DescribeEnableDeployZone | Operation level | * | not supported |
| DescribeEnvSetting | DescribeEnvSetting | Operation level | * | Supported |
| DescribeExportAuditLogTask | Describe Audit Log Export Tasks | Operation level | * | Supported |
| DescribeExportUserTask | Describe Export User Task | Operation level | * | Supported |
| DescribeIOADeployRegion | DescribeIOADeployRegion | Operation level | * | Supported |
| DescribeK8SDeviceDetail | Describe K8S Device Detail | Operation level | * | Supported |
| DescribeLogOutputSettings | Describe Log Output Settings | Operation level | * | Supported |
| DescribeMFAPreCheck | Describe MFA Pre Check | Operation level | * | Supported |
| DescribeOperationTaskDetail | Describe Operation Task Detail | Operation level | * | Supported |
| DescribeResourceUpgradeSchedule | Describe resource upgrade schedule | Operation level | * | Supported |
| DescribeResourcesIOAQuota | Describe Resource IOA Quota | Operation level | * | Supported |
| DescribeResourcesZone | DescribeResourcesZone | Operation level | * | not supported |
| DescribeSecuritySetting | Describe Security Setting | Operation level | * | Supported |
| DescribeSessionMonitorInfo | DescribeSessionMonitorInfo | Operation level | * | Supported |
| DescribeSyncK8SPodStatus | Describe Sync K8S Pod Status | Operation level | * | Supported |
| DescribeSystemTaskStatistics | Describe System Task Statistics | Operation level | * | Supported |
| DescribeTicketSubmitFlag | Describe Ticket Submit Flag | Operation level | * | Supported |
| DescribeTrialGuide | DescribeTrialGuide | Operation level | * | Supported |
| DescribeUserCount | Describe User Count | Operation level | * | Supported |
| DescribeUserDirectory | Describe User Directory | Operation level | * | Supported |
| DescribeUserSyncStatus | Describe User Sync Status | Operation level | * | Supported |
| DownloadReport | Download Report | Operation level | * | Supported |
| ReplaySession | Replay Session | Operation level | * | Supported |
| SearchKeyboardLogger | Search Keyboard Logger | Operation level | * | Supported |
| ShowGraph | Show Graph | Operation level | * | Supported |
| ShowTop | Show Top | Operation level | * | Supported |
| ViewReport | View Report | Operation level | * | Supported |
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AccessTrackPage | Access Track Page | Operation level | * | Supported |
| AddAppAssetGroupMembers | Add App Asset Group Members | Operation level | * | Supported |
| AddDeviceGroupMembers | Add Device Group Members | Operation level | * | Supported |
| AddUserGroupMembers | Add User Group Members | Operation level | * | Supported |
| BindAppAsset | Bind App Asset | Operation level | * | Supported |
| BindDeviceAccountKubeconfig | Bind Device Account Kubeconfig | Operation level | * | Supported |
| BindDeviceAccountPassword | Bind Device Account Password | Operation level | * | Supported |
| BindDeviceAccountPrivateKey | Bind Device Account Private Key | Operation level | * | Supported |
| BindDeviceResource | Bind Device Resource | Operation level | * | Supported |
| CreateAccessControlRule | Create Access Control Rule | Operation level | * | Supported |
| CreateAccessControlTemplate | Create Access Control Template | Operation level | * | Supported |
| CreateAccessControlTemplateRule | Create Access Control Template Rule | Operation level | * | Supported |
| CreateAccessWhiteListRule | Create Access WhiteList Rule | Operation level | * | Supported |
| CreateAcl | Create Acl | Operation level | * | Supported |
| CreateAppAsset | Create App Asset | Operation level | * | Supported |
| CreateAssetSyncJob | Create Asset Sync Job | Operation level | * | Supported |
| CreateBillingSign | Create Billing Sign | Operation level | * | Supported |
| CreateChangePwdTask | Create Change Pwd Task | Operation level | * | Supported |
| CreateCloudAccount | Create Cloud Account | Operation level | * | Supported |
| CreateCloudAccountDeviceSyncTask | Create Cloud Account Device Sync Task | Operation level | * | Supported |
| CreateCmdTemplate | Create Cmd Template | Operation level | * | Supported |
| CreateDepartment | Create Department | Operation level | * | Supported |
| CreateDeviceAccount | Create Device Account | Operation level | * | Supported |
| CreateDeviceAccountBatch | Create Device Account Batch | Operation level | * | Supported |
| CreateDeviceGroup | Create Device Group | Operation level | * | Supported |
| CreateDomain | Create Domain | Operation level | * | Supported |
| CreateExportAuditLogTask | Create Audit Log Export Task | Operation level | * | Supported |
| CreateExportDeviceTask | Create Export Device Task | Operation level | * | Supported |
| CreateExportUserTask | Create User Export Task | Operation level | * | Supported |
| CreateLogDelivery | Create Log Delivery | Operation level | * | Supported |
| CreateLogDeliveryCos | Create Log Delivery Cos | Operation level | * | Supported |
| CreateOperationTask | Create Operation Task | Operation level | * | Supported |
| CreatePushAccountTask | Create Push Account Task | Operation level | * | Supported |
| CreateReportTask | Create Report Task | Operation level | * | Supported |
| CreateResource | Create Resource | Operation level | * | Supported |
| CreateSyncK8SPodJob | Create Sync K8S Pod Job | Operation level | * | Supported |
| CreateUKey | Bind UKey and user | Operation level | * | Supported |
| CreateUKeyBatch | Batch create UKey and bind user | Operation level | * | Supported |
| CreateUser | Create User | Operation level | * | Supported |
| CreateUserBatch | Create User Batch | Operation level | * | Supported |
| CreateUserDirectory | Create User Directory | Operation level | * | Supported |
| CreateUserGroup | Create User Group | Operation level | * | Supported |
| DeleteAccessControlRules | Delete Access Control Rules | Operation level | * | Supported |
| DeleteAccessControlTemplate | Delete Access Control Template | Operation level | * | Supported |
| DeleteAccessControlTemplateRule | Delete Access Control Template Rule | Operation level | * | Supported |
| DeleteAccessWhiteListRules | Delete Access White List Rules | Operation level | * | Supported |
| DeleteAcls | Delete Acls | Operation level | * | Supported |
| DeleteAppAssetGroupMembers | Delete App Asset Group Members | Operation level | * | Supported |
| DeleteAppAssets | Delete App Assets | Operation level | * | Supported |
| DeleteChangePwdTask | Delete Change Pwd Task | Operation level | * | Supported |
| DeleteCloudAccounts | Delete Cloud Accounts | Operation level | * | Supported |
| DeleteCmdTemplates | Delete Cmd Templates | Operation level | * | Supported |
| DeleteDepartment | Delete Department | Operation level | * | Supported |
| DeleteDeviceAccounts | Delete Device Accounts | Operation level | * | Supported |
| DeleteDeviceGroupMembers | Delete Device Group Members | Operation level | * | Supported |
| DeleteDeviceGroups | Delete Device Groups | Operation level | * | Supported |
| DeleteDevices | Delete Devices | Operation level | * | Supported |
| DeleteDomains | Delete Domains | Operation level | * | Supported |
| DeleteExportAuditLogTask | Delete Audit Log Export Task | Operation level | * | Supported |
| DeleteExportDeviceTask | Delete Export DeviceT ask | Operation level | * | Supported |
| DeleteExportUserTask | Delete Export User Task | Operation level | * | Supported |
| DeleteOperationTasks | Delete Operation Tasks | Operation level | * | Supported |
| DeletePushAccountTasks | Delete Push Account Tasks | Operation level | * | Supported |
| DeleteReportTask | Delete Report Task | Operation level | * | Supported |
| DeleteReportTaskHistory | Delete Report Task History | Operation level | * | Supported |
| DeleteUKeys | Delete UKey | Operation level | * | Supported |
| DeleteUserDirectory | Delete User Directory | Operation level | * | Supported |
| DeleteUserGroupMembers | Delete User Group Members | Operation level | * | Supported |
| DeleteUserGroups | Delete User Groups | Operation level | * | Supported |
| DeleteUsers | Delete Users | Operation level | * | Supported |
| DeployTrialResourceIOA | DeployTrialResourceIOA | Operation level | * | Supported |
| DisableClientTcpAccess | DisableClientTcpAccess | Operation level | * | Supported |
| DisableExternalAccess | DisableExternalAccess | Operation level | * | Supported |
| DisableIntranetAccess | DisableIntranetAccess | Operation level | * | Supported |
| DisableWebAccess | DisableWebAccess | Operation level | * | Supported |
| EnableClientTcpAccess | EnableClientTcpAccess | Operation level | * | Supported |
| EnableExternalAccess | EnableExternalAccess | Operation level | * | Supported |
| EnableIntranetAccess | EnableIntranetAccess | Operation level | * | Supported |
| EnableWebAccess | EnableWebAccess | Operation level | * | Supported |
| ImportDeviceAccount | Import Device Account | Operation level | * | Supported |
| ImportDevices | Import Devices | Operation level | * | Supported |
| ImportExternalDevice | ImportExternalDevice | Operation level | * | Supported |
| LeaveTrackPage | Leave Track Page | Operation level | * | Supported |
| LoginOpserver | LoginOpserver | Operation level | * | Supported |
| ModifyAccessControlRule | Modify Access Control Rule | Operation level | * | Supported |
| ModifyAccessControlTemplate | Modify Access Control Template | Operation level | * | Supported |
| ModifyAccessControlTemplateRuleOrder | Modify Access Control Template Rule Order | Operation level | * | Supported |
| ModifyAccessTimePolicy | Modify Access Time Policy | Operation level | * | Supported |
| ModifyAccessWhiteListAutoStatus | Modify Access WhiteList Auto Status | Operation level | * | Supported |
| ModifyAccessWhiteListRule | Modify Access WhiteList Rule | Operation level | * | Supported |
| ModifyAccessWhiteListStatus | Modify Access WhiteList Status | Operation level | * | Supported |
| ModifyAcl | Modify Acl | Operation level | * | Supported |
| ModifyAlarmSetting | Modify Alarm Setting | Operation level | * | Supported |
| ModifyAppAsset | Modify App Asset | Operation level | * | Supported |
| ModifyAppAssetsDepartment | Modify App Assets Department | Operation level | * | Supported |
| ModifyAssetSyncFlag | Modify Asset Sync Flag | Operation level | * | Supported |
| ModifyAuthModeSetting | Modify Auth Mode Setting | Operation level | * | Supported |
| ModifyChangePwdTask | Modify Change Pwd Task | Operation level | * | Supported |
| ModifyCloudAccount | Modify Cloud Account | Operation level | * | Supported |
| ModifyCloudAccountDeviceSyncTask | Modify Cloud Account Device Sync Task | Operation level | * | Supported |
| ModifyCmdTemplate | Modify Cmd Template | Operation level | * | Supported |
| ModifyDepartment | Modify Department | Operation level | * | Supported |
| ModifyDevice | Modify Device | Operation level | * | Supported |
| ModifyDeviceGroup | Modify Device Group | Operation level | * | Supported |
| ModifyDevicesDepartment | Modify Devices Department | Operation level | * | Supported |
| ModifyDevicesPort | Modify Devices Port | Operation level | * | Supported |
| ModifyDevicesSSL | Modify devices ssl configuration | Operation level | * | Supported |
| ModifyDomain | Modify Domain | Operation level | * | Supported |
| ModifyExternalDevice | Modify External Device | Operation level | * | Supported |
| ModifyLDAPSetting | Modify LDAP Setting | Operation level | * | Supported |
| ModifyLogDelivery | Modify Log Delivery | Operation level | * | Supported |
| ModifyLogDeliveryCos | Modify Log Delivery Cos | Operation level | * | Supported |
| ModifyLogOutputSettings | Modify Log Output Settings | Operation level | * | Supported |
| ModifyLoginSetting | Modify Login Setting | Operation level | * | Supported |
| ModifyOAuthSetting | Modify OAuth Setting | Operation level | * | Supported |
| ModifyOperationTask | Modify Operation Task | Operation level | * | Supported |
| ModifyPasswordSetting | Modify Password Setting | Operation level | * | Supported |
| ModifyPushAccountTask | Modify Push Account Task | Operation level | * | Supported |
| ModifyReconnectionSetting | ModifyReconnectionSetting | Operation level | * | Supported |
| ModifyReportTask | Modify Report Task | Operation level | * | Supported |
| ModifyResource | Modify Resource | Operation level | * | Supported |
| ModifyResourceUpgradeSchedule | Modify resource upgrade schedule | Operation level | * | Supported |
| ModifySessionPauseStatus | ModifySessionPauseStatus | Operation level | * | Supported |
| ModifyTicketSubmitFlag | Modify Ticket Submit Flag | Operation level | * | Supported |
| ModifyUKey | Modify UKey bind user | Operation level | * | Supported |
| ModifyUser | Modify User | Operation level | * | Supported |
| ModifyUserBatch | Batch Modify User | Operation level | * | Supported |
| ModifyUserDirectory | Modify User Directory | Operation level | * | Supported |
| ModifyUserGroup | Modify User Group | Operation level | * | Supported |
| ModifyUsersDepartment | Modify Users Department | Operation level | * | Supported |
| ResetDeviceAccountKubeconfig | Reset Device Account Kubeconfig | Operation level | * | Supported |
| ResetDeviceAccountPassword | Reset Device Account Password | Operation level | * | Supported |
| ResetDeviceAccountPrivateKey | Reset Device Account Private Key | Operation level | * | Supported |
| ResetLogDeliveryCos | Reset Log Delivery Cos | Operation level | * | Supported |
| SyncDevicesToIOA | Sync Devices to IOA | Operation level | * | Supported |
| SyncRoleFromCam | Sync Cam Role | Operation level | * | Supported |
| SyncUserFromCam | SyncUserFromCam | Operation level | * | Supported |
| UpdateTrialGuideStep | UpdateTrialGuideStep | Operation level | * | Supported |
| VisitTrackPage | Visit Track Page | Operation level | * | Supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| ApproveTicket | Approve Ticket | Operation level | * | Supported |
| CheckLDAPConnection | Check LDAP Connection | Operation level | * | Supported |
| ConnectDomain | Connect Domain | Operation level | * | Supported |
| CreateSyncUserTask | Create Sync User Task | Operation level | * | Supported |
| DeployResource | Deploy Resource | Operation level | * | Supported |
| DescribeAccountGroups | Describe Account Groups | Operation level | * | Supported |
| DescribeDBInstances | Describe DBInstances | Operation level | * | Supported |
| DescribeInstances | Describe Instances | Operation level | * | Supported |
| DescribeLocalAccounts | Describe Local Accounts | Operation level | * | Supported |
| DescribeRegions | DescribeRegions | Operation level | * | Supported |
| DescribeSearchAccountGroupTree | Describe Search AccountGroup Tree | Operation level | * | Supported |
| DescribeSourceTypes | Describe Source Types | Operation level | * | Supported |
| DisconnectDomain | Disconnect Domain | Operation level | * | Supported |
| KillSession | Kill Session | Operation level | * | Supported |
| LockUser | Lock User | Operation level | * | Supported |
| MonitorSession | Monitor Session | Operation level | * | Supported |
| ResetLogDelivery | Reset Log Delivery | Operation level | * | Supported |
| ResetUser | Reset User | Operation level | * | Supported |
| RunChangePwdTask | Run Change Pwd Task | Operation level | * | Supported |
| RunCloudAccountDeviceSyncTask | Run Cloud Account Device Sync Task | Operation level | * | Supported |
| RunOperationTask | Run Operation Task | Operation level | * | Supported |
| RunPushAccountTask | Run Push Account Task | Operation level | * | Supported |
| SetLDAPSyncFlag | Set LDAP Sync Flag | Operation level | * | Supported |
| SyncUserToIOA | Sync User To IOA | Operation level | * | Supported |
| UnlockUser | Unlock User | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAccessControlRules | Describe Access Control Rules | Operation level | * | Supported |
| DescribeAccessControlTemplateRules | Describe Access Control Template Rules | Operation level | * | Supported |
| DescribeAccessControlTemplates | Describe Access Control Templates | Operation level | * | Supported |
| DescribeAccessWhiteListRules | Describe Access White List Rules | Operation level | * | Supported |
| DescribeAccountsWithDeviceCount | Describe Accounts With Device Count | Operation level | * | Supported |
| DescribeAcls | Describe Acls | Operation level | * | Supported |
| DescribeAppAssetGroupMembers | Describe App Asset Group Members | Operation level | * | Supported |
| DescribeAppAssets | Describe App Assets | Operation level | * | Supported |
| DescribeAssetSyncFlag | Describe Asset Sync Flag | Operation level | * | Supported |
| DescribeAvailableInstanceTypes | Describe Available Instance Types | Operation level | * | Supported |
| DescribeChangePwdTask | Describe Change Pwd Task | Operation level | * | Supported |
| DescribeChangePwdTaskDetail | Describe Change Pwd Task Detail | Operation level | * | Supported |
| DescribeCkafkaInstanceList | Describe Ckafka Instance List | Operation level | * | Supported |
| DescribeCmdTemplates | Describe Cmd Templates | Operation level | * | Supported |
| DescribeDepartments | Describe Departments | Operation level | * | Supported |
| DescribeDeviceAccounts | Describe Device Accounts | Operation level | * | Supported |
| DescribeDeviceGroupMembers | Describe Device Group Members | Operation level | * | Supported |
| DescribeDeviceGroups | Describe Device Groups | Operation level | * | Supported |
| DescribeDevices | Describe Devices | Operation level | * | Supported |
| DescribeDomains | Describe Domains | Operation level | * | Supported |
| DescribeExportDeviceTask | Describe Export Device Task | Operation level | * | Supported |
| DescribeInstanceIds | Describe InstanceIds | Operation level | * | Supported |
| DescribeLDAPUnitSet | Describe LDAP Unit Set | Operation level | * | Supported |
| DescribeLogDelivery | Describe Log Delivery | Operation level | * | Supported |
| DescribeLogDeliveryCos | Describe Log Delivery Cos | Operation level | * | Supported |
| DescribeLogDeliveryCosBucketPath | Describe Log Delivery Cos Bucket Path | Operation level | * | not supported |
| DescribeLogDeliveryCosBuckets | Describe Log Delivery Cos Buckets | Operation level | * | not supported |
| DescribeLogDeliveryCosWhiteList | Describe Log Delivery Cos White List | Operation level | * | Supported |
| DescribeLoginEvent | Describe Login Event | Operation level | * | Supported |
| DescribeOperationEvent | Describe Operation Event | Operation level | * | Supported |
| DescribeOperationTask | Describe Operation Tasks | Operation level | * | Supported |
| DescribeOperationTaskStatistics | Describe Operation Task Statistics | Operation level | * | Supported |
| DescribeOperationTasks | Describe Operation Tasks | Operation level | * | Supported |
| DescribeOperationType | Describe Operation Type | Operation level | * | Supported |
| DescribePushAccountTask | Describe Push Account Task | Operation level | * | Supported |
| DescribePushAccountTaskDetail | Describe Push Account Task Detail | Operation level | * | Supported |
| DescribeReportTask | Describe Report Task | Operation level | * | Supported |
| DescribeReportTaskHistory | Describe Report Task History | Operation level | * | Supported |
| DescribeResources | Describe Resources | Operation level | * | Supported |
| DescribeTaskTemplate | Describe Task Template | Operation level | * | Supported |
| DescribeTickets | Describe Tickets | Operation level | * | Supported |
| DescribeUKeys | List UKey and user | Operation level | * | Supported |
| DescribeUserGroupMembers | Describe User Group Members | Operation level | * | Supported |
| DescribeUserGroups | Describe User Groups | Operation level | * | Supported |
| DescribeUsers | Describe Users | Operation level | * | Supported |
| SearchAuditLog | Search Audit Log | Operation level | * | Supported |
| SearchChangePwdTaskInfo | Search Change Pwd TaskInfo | Operation level | * | Supported |
| SearchCommand | Search Command | Operation level | * | Supported |
| SearchCommandBySid | Search Command By Sid | Operation level | * | Supported |
| SearchEvent | Search Event | Operation level | * | Supported |
| SearchFile | Search File | Operation level | * | Supported |
| SearchFileBySid | Search File By Sid | Operation level | * | Supported |
| SearchFileSession | Search File Session | Operation level | * | Supported |
| SearchPushAccountTaskInfo | Search Push Account Task Info | Operation level | * | Supported |
| SearchSession | Search Session | Operation level | * | Supported |
| SearchSessionCommand | Search Session Command | Operation level | * | Supported |
| SearchStatement | Search Statement | Operation level | * | Supported |
| SearchStatementBySid | Search Statement By Sid | Operation level | * | Supported |
| SearchSubtaskResultById | Search Subtask Result By Id | Operation level | * | Supported |
| SearchTaskResult | Search Task Result | Operation level | * | Supported |
| SearchTaskResultDetail | Search Task Result Detail | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback