支持的资源级权限

资源级权限指的是能够指定允许子账号对哪些资源执行操作的能力(如仅允许 A 子账号删除 id 是 200fbce2-48e2-4152-8c81-085d1834546a 的云服务器):

  • Resource 语法说明详见:策略基本元素
  • 支持资源级权限的云服务器 Action 详见下表
  • 支持资源级权限的 Action 指定 Resource 时,也可以在路径中使用 * 通配符(如在无法或不希望指定确切资源 ID 时)
  • 未在下表内出现的 Action 则不支持资源级权限,必须将策略语句的 Resource 元素指定为 *

支持的资源类型

Resource说明
instance云服务器
disk云硬盘
vpcVPC
subnet子网
securityGroup安全组
keypair密钥对
image镜像
snapshot快照

支持的资源级权限

ActionAction 说明resource
nvm:CreateInstance创建云服务器comb:nvm:${region}:*:disk/${disk-id}
comb:nvm:${region}:*:vpc/${vpc-id}
comb:nvm:${region}:*:subnet/${subnet-id}
comb:nvm:${region}:*:securityGroup/${security-group-id}
comb:nvm:${region}:*:keypair/${keypair-name}
comb:nvm:${region}:*:image/${image-id}
nvm:RenewInstance手工续订云服务器comb:nvm:${region}:*:instance/${instance-id}
nvm:ModifyChargeType修改计费类型comb:nvm:${region}:*:instance/${instance-id}
nvm:ModifyInstanceSpec修改云服务器规格comb:nvm:${region}:*:instance/${instance-id}
nvm:DeleteInstance删除云服务器comb:nvm:${region}:*:instance/${instance-id}
nvm:DeleteInstances批量删除云服务器comb:nvm:${region}:*:instance/${instance-id}
nvm:DescribeInstance查询云服务器详情comb:nvm:${region}:*:instance/${instance-id}
nvm:StartInstance启动云服务器comb:nvm:${region}:*:instance/${instance-id}
nvm:StopInstance停止云服务器comb:nvm:${region}:*:instance/${instance-id}
nvm:RebootInstance重启云服务器comb:nvm:${region}:*:instance/${instance-id}
nvm:ModifyInstanceAttribute修改云服务器信息comb:nvm:${region}:*:instance/${instance-id}
nvm:DescribeInstancesHost查询云服务器宿主机comb:nvm:${region}:*:instance/${instance-id}
nvm:ResetInstancePassword修改云主机密码comb:nvm:${region}:*:instance/${instance-id}
nvm:AttachKeyPair向 Linux 主机注入密钥comb:nvm:${region}:*:instance/${instance-id}
comb:nvm:${region}:*:keypair/${keypair-name}
nvm:AttachDisk挂载云硬盘comb:nvm:${region}:*:instance/${instance-id}
comb:nvm:${region}:*:disk/${disk-id}
nvm:DetachDisk卸载云硬盘comb:nvm:${region}:*:instance/${instance-id}
comb:nvm:${region}:*:disk/${disk-id}
nvm:DescribeInstanceActionLogs查询操作日志comb:nvm:${region}:*:instance/${instance-id}
nvm:DescribeVncUrl查询 VNC 地址comb:nvm:${region}:*:instance/${instance-id}
nvm:CreateImage创建镜像comb:nvm:${region}:*:instance/${instance-id}
nvm:DeleteImage删除镜像comb:nvm:${region}:*:image/${image-id}
nvm:RebuildInstance从镜像恢复云服务器/更换操作系统comb:nvm:${region}:*:instance/${instance-id}
comb:nvm:${region}:*:image/${image-id}
nvm:CreateSnapshot创建云服务器快照comb:nvm:${region}:*:instance/${instance-id}
nvm:DescribeSnapshots获取云服务器快照列表comb:nvm:${region}:*:instance/${instance-id}
nvm:DeleteSnapshot删除云服务器快照comb:nvm:${region}:*:snapshot/${snapshot-id}
nvm:CreateImageFromSnapshot保存云服务器快照为镜像comb:nvm:${region}:*:snapshot/${snapshot-id}
nvm:RevertFromSnapshot从快照恢复云服务器comb:nvm:${region}:*:snapshot/${snapshot-id}
nvm:ApplySnapshotStrategy自动快照策略关联云服务器comb:nvm:${region}:*:instance/${instance-id}
nvm:CancelSnapshotStrategy取消云服务器自动快照策略comb:nvm:${region}:*:instance/${instance-id}