All Products
Search
Document Center

Drive and Photo Service:Scopes

Last Updated:Jan 17, 2025

Note

A scope defines a set of actions that a client or user is authorized to perform.

1. Scopes

(1) Drive-related scopes

Scope

Description

DRIVE.ALL

Perform all drive-related operations, such as creating, modifying, deleting, and querying drives.

DRIVE.CREATE

Create drives.

DRIVE.UPDATE

Modify drive information.

DRIVE.DELETE

Delete drives.

DRIVE.GET

Query drive information.

DRIVE.LIST

List drives.

(2) Shared directory-related scopes

Scope

Description

SHARE.ALL

Perform all shared directory-related operations, such as querying shared directory information, modifying shared directory information, and deleting shared directories.

SHARE.CREATE

Create shared directories.

SHARE.UPDATE

Modify shared directory information.

SHARE.DELETE

Delete shared directories.

SHARE.GET

Query shared directory information.

SHARE.LIST

List shared directories.

(3) File-related scopes

Scope

Description

FILE.ALL

Perform all file-related operations, such as creating, modifying, and deleting files.

FILE.MOVE

Move files.

FILE.COPY

Copy files.

FILE.DELETE

Delete files, permanently delete files from the recycle bin, and clear the recycle bin.

FILE.CREATE

Create files, obtain upload URLs, and complete upload.

FILE.UPDATE

Modify file information.

FILE.GET

Query file information and obtain download URLs.

FILE.LIST

List files in a drive and list files in the recycle bin.

FILE.RESTORE

Restore files in the recycle bin.

(4) User-related scopes

Scope

Description

USER.ALL

Perform all user-related operations, such as querying user information, modifying user attributes, and deleting users.

USER.UPDATE

Modify user attributes, including the status, description, nickname, and profile picture.

USER.UPDATE_ROLE

Change the role of a user.

USER.UPDATE_INFO

Change the nickname and profile picture of a user.

USER.GET

Query user information.

USER.LIST

List users.

(5) OSS bucket-related scopes

Scope

Description

STORAGE.ALL

Perform all Object Storage Service (OSS) bucket-related operations. Only the List operation is supported.

STORAGE.LIST

List OSS buckets.

(6) Scopes related to files stored in OSS buckets

Scope

Description

STORAGEFILE.ALL

Perform all operations on the files stored in an OSS bucket. Only the List operation is supported.

STORAGEFILE.LIST

List files in an OSS bucket.

(7) Account-related scope

Scope

Description

ACCOUNT.ALL

Perform all account-related operations, such as registering mobile numbers, changing passwords, and binding accounts to users.

(8) OAuth-related scope

Scope

Description

OAUTH.ALL

Access Photo and Service (PDS) by using third-party authentication based on OAuth.

2. Preset roles

Note

PDS provides the following preset roles.

(1) superadmin

{
  "actions": [
    "DRIVE.ALL",
    "SHARE.ALL",
    "FILE.ALL",
    "USER.ALL",
    "STORAGE.ALL",
    "STORAGEFILE.ALL",
    "ACCOUNT.ALL",
    "OAUTH.ALL"
  ],
  "resources": ["*"]
}

(2) admin

{
  "actions": [
    "DRIVE.ALL",
    "SHARE.ALL",
    "FILE.ALL",
    "STORAGE.ALL",
    "STORAGEFILE.ALL",
    "USER.UPDATE_STATUS",
    "USER.UPDATE_INFO"
    "USER.GET",
    "USER.LIST",
    "ACCOUNT.ALL",
    "OAUTH.ALL"
  ],
  "resources": ["*"]
}

(3) user

{
  "actions": [
    "DRIVE.GET",
    "DRIVE.LIST",
    "SHARE.ALL",
    "FILE.ALL",
    "USER.UPDATE_INFO",
    "USER.GET",
    "ACCOUNT.ALL",
    "OAUTH.ALL"
  ],
  "resources": ["/users/{user_id}/*"]
}