全部产品
存储与CDN 数据库 安全 应用服务 数加·人工智能 数加·大数据基础服务 互联网中间件 视频服务 阿里云办公 培训与认证 物联网

高速通道相关API的鉴权规则

更新时间:2017-06-07 13:26:11

当子账号通过Open API 对主账号的高速通道资源进行访问时,高速通道后台向 RAM 进行权限检查,以确保资源拥有者的确将相关资源的相关权限授予了调用者。

每个不同的Open API 会根据涉及到的资源以及 API 的语义来确定需要检查哪些资源的权限。具体地,每个 API 的鉴权规则见下表:

Action Resource Condition
vpc:DescribeAccessPoints acs:vpc:*:$accountid:*
vpc:CreatePhysicalConnection acs:vpc:$regionid:$accountid:physicalconnection/*
vpc:DescribePhysicalConnections acs:vpc:$regionid:$accountid:physicalconnection/*
vpc:ModifyPhysicalConnectionAttribute acs:vpc:$regionid:$accountid:physicalconnection/$physicalconnectionid
vpc:EnablePhysicalConnection acs:vpc:$regionid:$accountid:physicalconnection/$physicalconnectionid
vpc:CancelPhysicalConnection acs:vpc:$regionid:$accountid:physicalconnection/$physicalconnectionid
vpc:TerminatePhysicalConnection acs:vpc:$regionid:$accountid:physicalconnection/$physicalconnectionid
vpc:DeletePhysicalConnection acs:vpc:$regionid:$accountid:physicalconnection/$physicalconnectionid
vpc:CreateVirtualBorderRouter acs:vpc:$regionid:$accountid:virtualborderrouter/*
acs:vpc:$regionid:$accountid:physicalconnection/$physicalconnectionid
vpc:DescribeVirtualBorderRouters acs:vpc:$regionid:$accountid:virtualborderrouter/*
vpc:ModifyVirtualBorderRouterAttribute acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
vpc:DeleteVirtualBorderRouter acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
vpc:DescribeVirtualBorderRoutersForPhysicalConnection acs:vpc:$regionid:$accountid:virtualborderrouter/* “vpd:PhysicalConnection”:”acs:vpc:$regionid:$accountid:physicalconnection/$physicalconnectionid”
vpc:TerminateVirtualBorderRouter acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
vpc:RecoverVirtualBorderRouter acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
vpc:CreateRouteEntry acs:vpc:$regionid:$accountid:routertable/$routertableid
vpc:DescribeRouteTables acs:vpc:$regionid:$accountid:routertable/* VRouter中的路由表:
“vpc:VRouter”:”acs:vpc$regionid:$accountid:vrouter/$vrouterid”
VirtualBorderRouter中的路由表:
“vpc:VirtualBorderRouter”:”acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid”
vpc:DeleteRouteEntry acs:vpc:$regionid:$accountid:routertable/$routertableid
vpc:CreateRouterInterface 所属路由器RouterType为VRouter:
acs:vpc:$regionid:$accountid:routerinterface/*
acs:vpc:$regionid:$accountid:vrouter/$vrouterid
所属路由器RouterType为VirtualBorderRouter:
acs:vpc:$regionid:$accountid:routerinterface/*
acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
vpc:ConnectRouterInterface acs:vpc:$regionid:$accountid:routerinterface/$routerinterfaceid
vpc:DescribeRouterInterfaces acs:vpc:$regionid:$accountid:routerinterface/*
vpc:DeactivateRouterInterface acs:vpc:$regionid:$accountid:routerinterface/$routerinterfaceid
vpc:ActivateRouterInterface acs:vpc:$regionid:$accountid:routerinterface/$routerinterfaceid
vpc:ModifyRouterInterfaceAttribute acs:vpc:$regionid:$accountid:routerinterface/$routerinterfaceid
vpc:ModifyRouterInterfaceSpec acs:vpc:$regionid:$accountid:routerinterface/$routerinterfaceid
vpc:DeleteRouterInterface acs:vpc:$regionid:$accountid:routerinterface/$routerinterfaceid
本文导读目录