tencent cloud

Tencent Cloud Smart Advisor

Release Notes
Product Introduction
Overview
Features
Product Strengths
Scenarios
Customer Cases
Purchase Guide
Getting Started
Using TSA to Perform a Cloud Risk Assessment
Using TSA to Execute a Chaos Experiment on CFG
Operation Guide
Operation Guide to TSA-Cloud Architecture
Operation Guide to TSA-Cloud Risk Assessment
Operation Guide to TSA-Chaotic Fault Generator
Operation Guide to TSA-Digital Assets
Permission Management
API Documentation
History
Introduction
API Category
Making API Requests
Other APIs
Task APIs
Cloud Architecture Console APIs
Data Types
Error Codes
FAQs
FAQs: TSA
FAQs: TSA-Cloud Risk Assessment
FAQs: TSA-Cloud Architecture
FAQs: TSA-Chaotic Fault Generator
Related Protocol
Tencent Cloud Smart Advisor Service Level Agreement
PRIVACY POLICY MODULE CHAOTIC FAULT GENERATOR
DATA PRIVACY AND SECURITY AGREEMENT MODULE CHAOTIC FAULT GENERATOR
Contact Us
문서Tencent Cloud Smart AdvisorOperation GuidePermission ManagementPermission Management for TSA-Chaotic Fault GeneratorAuthorizable Resource Types

Authorizable Resource Types

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2026-03-31 22:07:27
Resource-level authorization specifies which resources a user can perform operations on.
TSA-Chaotic Fault Generator (TSA-CFG) supports resource-level authorization. This means that for TSA-CFG operations that support resource-level authorization, you can control when users are allowed to perform operations or use specific resources.
Authorizable resource types in Cloud Access Management (CAM) are as follows:
Resource Type
Resource Description Method in Authorization Policy
TSA-CFG experiment-related resources
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
TSA-CFG template library-related resources
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
TSA-CFG custom action-related resources
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
The following table describes the TSA-CFG API operations that support resource-level authorization, along with the resources and condition keys supported by each operation. When specifying a resource path, you can use the * wildcard in the path.

List of API Operations That Support Resource-Level Authorization

Experiment-related API Operations

API Operation
Resource Path
DeleteTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskExecuteLogs
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskList
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskStatistics
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
DescribeTaskStatisticsOperateCondition
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
EditTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ExecuteTask
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ExecuteTaskInstance
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ModifyTaskResult
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId
ModifyTaskStatus
qcs::cfg:$region:$account:taskid/*
qcs::cfg:$region:$account:taskid/$TaskId

Template Library-related API Operations

API Operation
Resource Path
DeleteTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
DescribeTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
DescribeTemplateList
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
EditTemplate
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId
ModifyTemplateIsUsed
qcs::cfg::$account:template/*
qcs::cfg::$account:template/$TemplateId

Action Library-related API Operations

API Operation
Resource Path
DescribeActionLibraryList
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
DeleteCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
UpdateCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId
DescribeCustomAction
qcs::cfg::$account:actionid/*
qcs::cfg::$account:actionid/$ActionId

List of API Operations That Do Not Support Resource-Level Authorization

For TSA-CFG API operations that do not support resource-level authorization, you can still grant users the permissions to perform these operations, but the resource element in the policy statement must be specified as *.
API Operation
API Description
CreateTask
Creates an experiment
CreateTemplate
Creates a template library
CreateCustomAction
Creates a custom action
DescribeActionFieldConfigList
Obtains a list of action field configuration parameters
DescribeActionLibraryList
Obtains an action library list
DescribeCamIdentity
Obtains the CAM authorization information of the user
DescribeNoticeId
Obtains the user notification template ID
DescribeObjectMetrics
Obtains the monitoring metrics for object types
DescribeObjectTypeList
Queries the object type list
DescribeRegionList
Queries the region list
이전 주제: Authorization Policy Syntax다음 주제: Service Authorization and Role Permissions

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백