当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了全站加速对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内全站加速资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
全站加速支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
全站加速 |
dcdn |
domain : 域名 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
全站加速中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
dcdn:ActivateDcdnVersionOfConfigGroup |
- |
|
dcdn:AddBackOriginSource |
- |
|
dcdn:AddDcdnConfigGroup |
- |
|
dcdn:BatchCreateDcdnWafRules |
调用BatchCreateDcdnWafRules设置WAF防护规则。 |
|
dcdn:BatchDeleteDcdnKv |
根据指定的键名列表来批量删除指定KV存储空间的键值对。 |
|
dcdn:BatchDeleteDcdnKvWithHighCapacity |
根据指定的键名列表批量删除指定KV存储空间下的键值对,最大允许上传100M的请求体。 |
|
dcdn:BatchDeleteDcdnWafRules |
调用BatchDeleteDcdnWafRules批量删除WAF防护规则。 |
|
dcdn:BatchModifyDcdnWafRules |
调用BatchModifyDcdnWafRules批量修改WAF防护规则,目前仅支持修改配置Bot管理防护场景。 |
|
dcdn:BatchPutDcdnKv |
调用BatchPutDcdnKv批量设置指定Namespace的Key-Value(KV)对。 |
|
dcdn:BatchPutDcdnKvWithHighCapacity |
根据指定的键名列表来批量设置指定KV存储空间的键值对,请求体最大支持100M。 |
|
dcdn:BatchSetRDBlockIP |
- |
|
dcdn:BlockDcdnObjectCaches |
- |
|
dcdn:CheckDcdnIpaVip |
- |
|
dcdn:CheckDcdnProjectExist |
调用CheckDcdnProjectExist检查实时日志项目是否存在。 |
|
dcdn:CloneDcdnVersionOfConfigGroup |
- |
|
dcdn:CommitStagingRoutineCode |
调用CommitStagingRoutineCode把测试版本unstable的JS代码生成供线上Env环境使用的正式版本。 |
|
dcdn:CreateApp |
- |
|
dcdn:CreateAppConfig |
- |
|
dcdn:CreateAppVersion |
- |
|
dcdn:CreateBackOriginMapping |
- |
|
dcdn:CreateCustomScenePolicy |
- |
|
dcdn:CreateDcdnCertificateSigningRequest |
调用CreateDcdnCertificateSigningRequest创建 CSR(证书签名请求)文件。 |
|
dcdn:CreateDcdnWafGroup |
调用CreateDcdnWafGroup创建自定义WAF规则组。 |
|
dcdn:CreateDcdnWafList |
- |
|
dcdn:CreateDcdnWafPolicy |
调用CreateDcdnWafPolicy设置WAF防护策略。 |
|
dcdn:CreateDcdnpaybag |
- |
|
dcdn:CreateRegistryNamespace |
- |
|
dcdn:CreateRegistryUser |
- |
|
dcdn:CreateRoutine |
调用CreateRoutine创建一个边缘函数(Routine)。 |
|
dcdn:CreateSlrAndSlsProject |
调用CreateSlrAndSlsProject创建服务关联角色(SLR)以及日志服务(SLS)项目。 |
|
dcdn:CreateWasm |
- |
|
dcdn:CustomScenePolicyBindObject |
- |
|
dcdn:DcdnHttpRequestStagingTest |
- |
|
dcdn:DcdnHttpRequestTestTool |
- |
|
dcdn:DeactivateDcdnConfigOfVersion |
- |
|
dcdn:DeleteBackOriginMapping |
- |
|
dcdn:DeleteCustomDomainSampleRate |
- |
|
dcdn:DeleteCustomScenePolicy |
- |
|
dcdn:DeleteDcdnConfigGroup |
- |
|
dcdn:DeleteDcdnConfigOfVersion |
- |
|
dcdn:DeleteDcdnDeliverTask |
调用DeleteDcdnDeliverTask根据任务ID删除已订阅的报表任务。 |
|
dcdn:DeleteDcdnIpaSpecificConfig |
调用DeleteDcdnIpaSpecificConfig删除指定域名的IPA层配置。 |
|
dcdn:DeleteDcdnKv |
EdgeKv产品在全站加速边缘节点提供一个全球通用的KV(Key-Value)数据库,调用DeleteDcdnKv删除Namespace的Key-Value(KV)对。 |
|
dcdn:DeleteDcdnKvNamespace |
删除账号下某个Namespace。 |
|
dcdn:DeleteDcdnRealTimeLogProject |
调用DeleteDcdnRealTimeLogProject删除整个项目的实时日志。 |
|
dcdn:DeleteDcdnSubTask |
调用DeleteDcdnSubTask删除所有已定制的运营报表。 |
|
dcdn:DeleteDcdnUserConfig |
调用DeleteDcdnUserConfig删除用户维度的功能配置。 |
|
dcdn:DeleteDcdnVersionConfig |
- |
|
dcdn:DeleteDcdnVersionOfConfigGroup |
- |
|
dcdn:DeleteDcdnWafGroup |
调用DeleteDcdnWafGroup删除自定义WAF规则组。 |
|
dcdn:DeleteDcdnWafList |
- |
|
dcdn:DeleteDcdnWafPolicy |
调用DeleteDcdnWafPolicy删除指定防护策略。 |
|
dcdn:DeleteRoutine |
调用DeleteRoutine删除边缘函数(EdgeRoutine)的函数(Routine)配置。 |
|
dcdn:DeleteRoutineCodeRevision |
调用DeleteRoutineCodeRevision删除边缘函数指定版本的代码。 |
|
dcdn:DeleteRoutineConfEnvs |
调用DeleteRoutineConfEnvs删除边缘函数Env列表中的自定义灰度环境。 |
|
dcdn:DeleteWasm |
- |
|
dcdn:DeleteWasmCodeRevision |
- |
|
dcdn:DeployAppVersion |
- |
|
dcdn:DescribeApp |
- |
|
dcdn:DescribeAppConfigs |
- |
|
dcdn:DescribeAppState |
- |
|
dcdn:DescribeAppTenant |
- |
|
dcdn:DescribeAppVersion |
- |
|
dcdn:DescribeAppVersions |
- |
|
dcdn:DescribeApps |
- |
|
dcdn:DescribeBackOriginAreas |
- |
|
dcdn:DescribeCustomDomainSampleRate |
- |
|
dcdn:DescribeCustomScenePolicies |
- |
|
dcdn:DescribeCustomScenePolicyObject |
- |
|
dcdn:DescribeDcdnAclFields |
调用DescribeDcdnAclFields为访问控制配置界面提供规则限制项。 |
|
dcdn:DescribeDcdnActivationHistory |
- |
|
dcdn:DescribeDcdnActiveVersionOfConfigGroup |
- |
|
dcdn:DescribeDcdnBgpBpsData |
调用DescribeDcdnBgpBpsData查询BGP加速五分钟粒度带宽数据。 |
|
dcdn:DescribeDcdnBgpTrafficData |
调用DescribeDcdnBgpTrafficData查询BGP加速五分钟粒度流量数据。 |
|
dcdn:DescribeDcdnBlockedRegions |
调用DescribeDcdnBlockedRegions查询区域封禁支持的国家和地区。 |
|
dcdn:DescribeDcdnCcSignatureArgList |
- |
|
dcdn:DescribeDcdnCcSignatureObjectList |
- |
|
dcdn:DescribeDcdnCertificateDetail |
调用DescribeDcdnCertificateDetail查询DCDN证书详细信息。 |
|
dcdn:DescribeDcdnCertificateDetailById |
- |
|
dcdn:DescribeDcdnConditionIPBInfo |
- |
|
dcdn:DescribeDcdnConfigGroupDetail |
- |
|
dcdn:DescribeDcdnConfigGroupList |
- |
|
dcdn:DescribeDcdnConfigOfVersion |
- |
|
dcdn:DescribeDcdnConfigOfVersionForDiff |
- |
|
dcdn:DescribeDcdnContainerStats |
- |
|
dcdn:DescribeDcdnDdosService |
调用DescribeDcdnDdosService查询DCDN DDoS服务状态。 |
|
dcdn:DescribeDcdnDdosSpecInfo |
调用DescribeDcdnDdosSpecInfo查询DCDN DDoS用户版本规格。 |
|
dcdn:DescribeDcdnDeletedDomains |
调用DescribeDcdnDeletedDomains查询您名下已删除的域名。 |
|
dcdn:DescribeDcdnDeliverList |
调用DescribeDcdnDeliverList查询报表订阅任务列表,系统将返回所有的订阅任务列表。 |
|
dcdn:DescribeDcdnDomainByCertificate |
调用DescribeDcdnDomainByCertificate根据证书信息查询域名。 |
|
dcdn:DescribeDcdnDomainCcActivityLog |
调用DescribeDcdnDomainCcActivityLog查询频次控制规则拦截日志。 |
|
dcdn:DescribeDcdnDomainMax95BpsData |
- |
|
dcdn:DescribeDcdnDomainMd5Info |
- |
|
dcdn:DescribeDcdnDomainNamesOfVersion |
- |
|
dcdn:DescribeDcdnDomainVerifyData |
- |
|
dcdn:DescribeDcdnDomainsBySource |
调用DescribeDcdnDomainsBySource按源站查询DCDN加速域名。 |
|
dcdn:DescribeDcdnErUsageData |
调用DescribeDcdnErUsageData查询边缘函数ER的执行次数。 |
|
dcdn:DescribeDcdnFullDomainsBlockIPConfig |
调用DescribeDcdnFullDomainsBlockIPConfig查询全量封禁的相关配置。 |
|
dcdn:DescribeDcdnFullDomainsBlockIPHistory |
调用DescribeDcdnFullDomainsBlockIPHistory获取封禁历史记录。 |
|
dcdn:DescribeDcdnHttpsDomainList |
调用DescribeDcdnHttpsDomainList查询用户所有证书信息。 |
|
dcdn:DescribeDcdnIpInfo |
调用DescribeDcdnIpInfo验证指定的IP是否为阿里云DCDN节点的IP地址。 |
|
dcdn:DescribeDcdnIpaService |
调用DescribeDcdnIpaService查询全站加速IPA服务状态。包括:当前计费类型、服务开通时间、下次生效的计费类型、当前业务状态等。 |
|
dcdn:DescribeDcdnKvAccount |
调用DescribeDcdnKvAccount查询账户信息和所拥有的Namespace信息。 |
|
dcdn:DescribeDcdnKvAccountStatus |
查询账户的KV状态信息。 |
|
dcdn:DescribeDcdnKvNamespace |
调用DescribeDcdnKvNamespace查询某个Namespace的信息。 |
|
dcdn:DescribeDcdnL2Ips |
调用DescribeDcdnL2Ips查询动态加速回客户域名源站DCDN L2节点IP段。 |
|
dcdn:DescribeDcdnL2Vips |
调用DescribeDcdnL2Vips按域名查询DCDN回源IP段列表(同时包括IPv4和IPv6两种IP段)。 |
|
dcdn:DescribeDcdnRealTimeDeliveryField |
调用DescribeDcdnRealTimeDeliveryField查询实时日志所有字段。 |
|
dcdn:DescribeDcdnRefreshQuota |
调用DescribeDcdnRefreshQuota查询当日刷新URL、预热URL及刷新目录的上限和剩余次数。 |
|
dcdn:DescribeDcdnRefreshTaskById |
调用DescribeDcdnRefreshTaskById通过任务编号查询刷新或预热是否在全网生效。 |
|
dcdn:DescribeDcdnRegionAndIsp |
调用DescribeDcdnRegionAndIsp获取地域和运营商列表。 |
|
dcdn:DescribeDcdnReportList |
调用DescribeDcdnReportList查询所有的定制报表列表。 |
|
dcdn:DescribeDcdnResourcesProperty |
- |
|
dcdn:DescribeDcdnSLSRealTimeLogType |
调用DescribeDcdnSLSRealTimeLogType查询实时日志支持的业务类型列表。 |
|
dcdn:DescribeDcdnSLSRealtimeLogDelivery |
调用DescribeDcdnSLSRealtimeLogDelivery查看实时日志项目。 |
|
dcdn:DescribeDcdnSMCertificateDetail |
调用DescribeDcdnSMCertificateDetail查询国密证书的详细信息。 |
|
dcdn:DescribeDcdnSecFuncInfo |
调用DescribeDcdnSecFuncInfo为DCDN控制台界面提供边缘安全下拉列表。 |
|
dcdn:DescribeDcdnSecSpecInfo |
调用DescribeDcdnSecSpecInfo查询安全DCDN版本及安全规则。 |
|
dcdn:DescribeDcdnService |
调用DescribeDcdnService查询DCDN服务状态。包括:当前计费类型、服务开通时间、下次生效的计费类型、当前业务状态等。 |
|
dcdn:DescribeDcdnStagingIp |
调用DescribeDcdnStagingIp获取公测节点有效VIP。 |
|
dcdn:DescribeDcdnSubList |
调用DescribeDcdnSubList查询已定制的报表任务。 |
|
dcdn:DescribeDcdnTopDomainsByFlow |
调用DescribeDcdnTopDomainsByFlow查询用户按流量排名的域名,支持获取最近90天的数据。 |
|
dcdn:DescribeDcdnUserBillHistory |
调用DescribeDcdnUserBillHistory查询用户历史账单,最多查询一个月的数据。 |
|
dcdn:DescribeDcdnUserBillType |
调用DescribeDcdnUserBillType查询用户的计费类型。 |
|
dcdn:DescribeDcdnUserCertificateExpireCount |
调用DescribeDcdnUserCertificateExpireCount查询DCDN用户证书过期的域名数量。 |
|
dcdn:DescribeDcdnUserConfigs |
调用DescribeDcdnUserConfigs查询安全功能相关的配置。 |
|
dcdn:DescribeDcdnUserQuota |
调用DescribeDcdnUserQuota查询用户资源上限及已使用情况。 |
|
dcdn:DescribeDcdnUserRealTimeDeliveryField |
调用DescribeDcdnUserRealTimeDeliveryField查询用户选择的字段列表。 |
|
dcdn:DescribeDcdnUserResourcePackage |
调用DescribeDcdnUserResourcePackage查询您所有资源包信息,包括资源包总量、余量、生效时间、失效时间、状态等。 |
|
dcdn:DescribeDcdnUserSecDrop |
调用DescribeDcdnUserSecDrop查询DCDN用户某安全功能报文拦截数。 |
|
dcdn:DescribeDcdnUserSecDropByMinute |
调用DescribeDcdnUserSecDropByMinute获取边缘应用层某一时间段的安全报文拦截总数。 |
|
dcdn:DescribeDcdnUserTags |
调用DescribeDcdnUserTags查询用户标签。 |
|
dcdn:DescribeDcdnVerifyContent |
调用DescribeDcdnVerifyContent获取域名的归属校验内容。 |
|
dcdn:DescribeDcdnVersionInfo |
- |
|
dcdn:DescribeDcdnVersionOfConfigGroup |
- |
|
dcdn:DescribeDcdnWafBotAppKey |
调用DescribeDcdnWafBotAppKey查询阿里云账号对应的SDK认证密钥。该密钥用于发起SDK初始化请求,需要在集成代码中使用。 |
|
dcdn:DescribeDcdnWafDefaultRules |
调用DescribeDcdnWafDefaultRules查询WAF规则默认配置。 |
|
dcdn:DescribeDcdnWafDomains |
调用DescribeDcdnWafDomains获取接入WAF防护的加速域名,支持模糊搜索。 |
|
dcdn:DescribeDcdnWafFilterInfo |
调用DescribeDcdnWafFilterInfo查询自定义防护规则中匹配条件的匹配字段、逻辑符和匹配内容等信息。 |
|
dcdn:DescribeDcdnWafGeoInfo |
调用DescribeDcdnWafGeoInfo查询WAF区域封禁功能支持的国家和地区。 |
|
dcdn:DescribeDcdnWafGroup |
调用DescribeDcdnWafGroup查询自定义WAF规则组细则,具体规则可分页。 |
|
dcdn:DescribeDcdnWafGroups |
调用DescribeDcdnWafGroups查询自定义WAF规则组列表。 |
|
dcdn:DescribeDcdnWafList |
- |
|
dcdn:DescribeDcdnWafLists |
- |
|
dcdn:DescribeDcdnWafPolicies |
调用DescribeDcdnWafPolicies查询用户已配置的WAF防护策略详细信息。 |
|
dcdn:DescribeDcdnWafPolicy |
调用DescribeDcdnWafPolicy获取指定防护策略详细信息。 |
|
dcdn:DescribeDcdnWafPolicyDomains |
调用DescribeDcdnWafPolicyDomains查询已接入指定WAF防护策略的加速域名。 |
|
dcdn:DescribeDcdnWafPolicyValidDomains |
调用DescribeDcdnWafPolicyValidDomains查询可被自定义防护策略绑定的域名列表。 |
|
dcdn:DescribeDcdnWafQuota |
- |
|
dcdn:DescribeDcdnWafRule |
调用DescribeDcdnWafRule获取指定防护规则详细信息。 |
|
dcdn:DescribeDcdnWafRules |
调用DescribeDcdnWafRules查询用户已配置的防护规则详细信息。 |
|
dcdn:DescribeDcdnWafScenes |
调用DescribeDcdnWafScenes查询用户已使用的防护策略类型信息。 |
|
dcdn:DescribeDcdnWafService |
调用DescribeDcdnWafService查询DCDN WAF服务状态,包括服务开通时间、版本信息、当前业务状态、请求数计费方式、规则数计费方式等。 |
|
dcdn:DescribeDcdnWafSpecInfo |
调用DescribeDcdnWafSpecInfo查询使用的DCDN WAF版本信息。 |
|
dcdn:DescribeDcdnsecService |
调用DescribeDcdnsecService查询安全DCDN服务状态,包括服务开通时间、结束时间、当前业务状态等。 |
|
dcdn:DescribeDdosAllEventList |
调用DescribeDdosAllEventList查询攻击事件列表。 |
|
dcdn:DescribeDdosBpsList |
- |
|
dcdn:DescribeDdosBpsMax |
- |
|
dcdn:DescribeDdosEventMax |
- |
|
dcdn:DescribeDdosSpecialPort |
- |
|
dcdn:DescribeDomainAttackEventList |
- |
|
dcdn:DescribeDomainOverview |
- |
|
dcdn:DescribeDomainQpsList |
- |
|
dcdn:DescribeEncryptRoutineUid |
调用DescribeEncryptRoutineUid查询边缘函数ER加密后的RoutineUid等相关信息。 |
|
dcdn:DescribeEsExceptionData |
- |
|
dcdn:DescribeEsExecuteData |
- |
|
dcdn:DescribeHighlightInfo |
调用DescribeHighlightInfo查询攻击详情的高亮数据。根据被Web基础防护被拦截日志的Traceid,反查被拦截的具体原因,高亮数据就是匹配到被Web基础防护模块拦截到的内容。 |
|
dcdn:DescribeKVTimeoutRequestDistributionData |
- |
|
dcdn:DescribeKvPerfData |
- |
|
dcdn:DescribeKvRealTimeQpsData |
查询KV存储实时QPS数据。 |
|
dcdn:DescribeKvUsageData |
调用DescribeKvUsageData查询KV存储的用量数据。 |
|
dcdn:DescribeRDDomainConfig |
调用DescribeRDDomainConfig查询用户RD下的域名功能配置。 |
|
dcdn:DescribeRDDomains |
- |
|
dcdn:DescribeRegistryNamespace |
- |
|
dcdn:DescribeRegistryUser |
- |
|
dcdn:DescribeRoutine |
调用DescribeRoutine获取某个边缘函数ER(EdgeRoutine)的元信息,包括每个环境的ER配置、配置版本、代码版本等信息。 |
|
dcdn:DescribeRoutineCanaryEnvs |
调用DescribeRoutineCanaryEnvs获取边缘函数ER支持的Canary环境列表。 |
|
dcdn:DescribeRoutineCodeRevision |
调用DescribeRoutineCodeRevision获取边缘函数ER的某个版本的JS代码。 |
|
dcdn:DescribeRoutineRelatedDomains |
调用DescribeRoutineRelatedDomains查看边缘函数ER关联的域名列表。 |
|
dcdn:DescribeRoutineSpec |
调用DescribeRoutineSpec获取边缘函数可供选择的函数规格(内测阶段有3个CPU时间片规格:5ms、50ms、100ms)。 |
|
dcdn:DescribeRoutineUserInfo |
调用DescribeRoutineUserInfo获取阿里云账号绑定的相关信息(绑定的subdomain,以及创建的routine列表)。 |
|
dcdn:DescribeRuleHitsTopResource |
- |
|
dcdn:DescribeRuleIdInfo |
- |
|
dcdn:DescribeUserDcdnDdosStatus |
- |
|
dcdn:DescribeUserDcdnIpaStatus |
调用DescribeUserDcdnIpaStatus查询全站加速IPA是否开通、是否欠费。 |
|
dcdn:DescribeUserDcdnStatus |
调用DescribeUserDcdnStatus查询全站加速是否欠费、是否可用。 |
|
dcdn:DescribeUserDcdnWafStatus |
- |
|
dcdn:DescribeUserErStatus |
调用DescribeUserErStatus查看边缘函数ER是否开通或者欠费。 |
|
dcdn:DescribeUserLogserviceStatus |
调用DescribeUserLogserviceStatus查看Logservice服务是否开通或者欠费。 |
|
dcdn:DescribeWasm |
- |
|
dcdn:DescribeWasmUserInfo |
- |
|
dcdn:DetachDcdnDomainNameFromVersion |
- |
|
dcdn:DisableCustomScenePolicy |
- |
|
dcdn:DisableDcdnRDAccess |
- |
|
dcdn:EditRoutineConf |
调用EditRoutineConf修改边缘函数ER的配置。 |
|
dcdn:EditWasmConf |
- |
|
dcdn:EnableCustomScenePolicy |
- |
|
dcdn:EnableDcdnRDAccess |
- |
|
dcdn:GetAuthorizationToken |
- |
|
dcdn:GetDcdnKv |
调用GetDcdnKv查询Key-Value(KV)对的某个Key值。 |
|
dcdn:GetDcdnKvDetail |
查询键值对的值和TTL信息。 |
|
dcdn:GetDcdnKvStatus |
调用GetDcdnKvStatus按Key值查询KV状态信息。 |
|
dcdn:ListBackOriginMapping |
- |
|
dcdn:ListBackOriginSource |
- |
|
dcdn:ListDcdnEsTemplateInfo |
- |
|
dcdn:ListDcdnIpaTagResources |
- |
|
dcdn:ListDcdnKv |
调用ListDcdnKv遍历账户下指定Namespace的Key值。 |
|
dcdn:ModifyCustomScenePolicy |
- |
|
dcdn:ModifyDcdnConfigTemplate |
- |
|
dcdn:ModifyDcdnDescriptionOfVersion |
- |
|
dcdn:ModifyDcdnDomainOwner |
- |
|
dcdn:ModifyDcdnService |
- |
|
dcdn:ModifyDcdnWafGroup |
调用ModifyDcdnWafGroup修改自定义WAF规则组。 |
|
dcdn:ModifyDcdnWafList |
- |
|
dcdn:ModifyDcdnWafPolicy |
调用ModifyDcdnWafPolicy修改指定防护策略名称或状态。 |
|
dcdn:ModifyDcdnWafPolicyDomains |
调用ModifyDcdnWafPolicyDomains修改指定防护策略绑定的域名。 |
|
dcdn:ModifyDcdnWafRule |
调用ModifyDcdnWafRule修改防护规则名称、状态或规则配置信息。 |
|
dcdn:OpenDcdnService |
调用OpenDcdnService开通DCDN服务。 |
|
dcdn:PublishAppVersion |
- |
|
dcdn:PublishRoutineCodeRevision |
调用PublishRoutineCodeRevision发布指定版本的边缘函数ER代码到某个Env环境。 |
|
dcdn:PutDcdnKv |
调用PutDcdnKv设置指定Namespace的Key-Value(KV)对。 |
|
dcdn:PutDcdnKvAccount |
- |
|
dcdn:PutDcdnKvNamespace |
调用PutDcdnKvNamespace给账号下新增Namespace。 |
|
dcdn:PutDcdnKvWithHighCapacity |
- |
|
dcdn:RemoveBackOriginSource |
- |
|
dcdn:RollbackAppVersion |
- |
|
dcdn:SetDcdnBlockIP |
- |
|
dcdn:SetDcdnConfigOfVersion |
- |
|
dcdn:SetDcdnDomainRouteTunnelConfig |
- |
|
dcdn:SetDcdnFullDomainsBlockIP |
调用SetDcdnFullDomainsBlockIP可以对指定的IP或IP段,进行封禁解禁操作。 |
|
dcdn:SetDcdnUserConfig |
调用SetDcdnUserConfig设置用户的配置信息。 |
|
dcdn:SetDcdnVersionConfig |
- |
|
dcdn:SetDdosSpecialPort |
- |
|
dcdn:SetL7GlobalCfg |
- |
|
dcdn:SetRoutineSubdomain |
调用SetRoutineSubdomain设置边缘函数ER子域。 |
|
dcdn:TagDcdnIpaResources |
- |
|
dcdn:UnDeployAppVersion |
- |
|
dcdn:UntagDcdnIpaResources |
- |
|
dcdn:UpdateAppConfig |
- |
|
dcdn:UpdateAppHealthCheck |
- |
|
dcdn:UpdateBackOriginNameServer |
- |
|
dcdn:UpdateDcdnUserRealTimeDeliveryField |
调用UpdateDcdnUserRealTimeDeliveryField更新实时日志字段。 |
|
dcdn:UploadRoutineCode |
调用UploadRoutineCode上传边缘函数ER的代码。 |
|
dcdn:UploadStagingRoutineCode |
调用UploadStagingRoutineCode上传边缘函数ER的测试代码。 |
|
dcdn:UploadWasmCode |
- |
|
dcdn:VerifyDcdnDomainOwner |
调用VerifyDcdnDomainOwner校验域名的归属权。 |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "dcdn:DescribeApp", "dcdn:DescribeAppConfigs", "dcdn:DescribeAppState", "dcdn:DescribeAppTenant", "dcdn:DescribeAppVersion", "dcdn:DescribeAppVersions", "dcdn:DescribeApps", "dcdn:DescribeBackOriginAreas", "dcdn:DescribeCustomDomainSampleRate", "dcdn:DescribeCustomScenePolicies", "dcdn:DescribeCustomScenePolicyObject", "dcdn:DescribeDcdnAclFields", "dcdn:DescribeDcdnActivationHistory", "dcdn:DescribeDcdnActiveVersionOfConfigGroup", "dcdn:DescribeDcdnBgpBpsData", "dcdn:DescribeDcdnBgpTrafficData", "dcdn:DescribeDcdnBlockedRegions", "dcdn:DescribeDcdnCcSignatureArgList", "dcdn:DescribeDcdnCcSignatureObjectList", "dcdn:DescribeDcdnCertificateDetail", "dcdn:DescribeDcdnCertificateDetailById", "dcdn:DescribeDcdnConditionIPBInfo", "dcdn:DescribeDcdnConfigGroupDetail", "dcdn:DescribeDcdnConfigGroupList", "dcdn:DescribeDcdnConfigOfVersion", "dcdn:DescribeDcdnConfigOfVersionForDiff", "dcdn:DescribeDcdnContainerStats", "dcdn:DescribeDcdnDdosService", "dcdn:DescribeDcdnDdosSpecInfo", "dcdn:DescribeDcdnDeletedDomains", "dcdn:DescribeDcdnDeliverList", "dcdn:DescribeDcdnDomainByCertificate", "dcdn:DescribeDcdnDomainCcActivityLog", "dcdn:DescribeDcdnDomainMax95BpsData", "dcdn:DescribeDcdnDomainMd5Info", "dcdn:DescribeDcdnDomainNamesOfVersion", "dcdn:DescribeDcdnDomainVerifyData", "dcdn:DescribeDcdnDomainsBySource", "dcdn:DescribeDcdnErUsageData", "dcdn:DescribeDcdnFullDomainsBlockIPConfig", "dcdn:DescribeDcdnFullDomainsBlockIPHistory", "dcdn:DescribeDcdnHttpsDomainList", "dcdn:DescribeDcdnIpInfo", "dcdn:DescribeDcdnIpaService", "dcdn:DescribeDcdnKvAccount", "dcdn:DescribeDcdnKvAccountStatus", "dcdn:DescribeDcdnKvNamespace", "dcdn:DescribeDcdnL2Ips", "dcdn:DescribeDcdnL2Vips", "dcdn:DescribeDcdnRealTimeDeliveryField", "dcdn:DescribeDcdnRefreshQuota", "dcdn:DescribeDcdnRefreshTaskById", "dcdn:DescribeDcdnRegionAndIsp", "dcdn:DescribeDcdnReportList", "dcdn:DescribeDcdnResourcesProperty", "dcdn:DescribeDcdnSLSRealTimeLogType", "dcdn:DescribeDcdnSLSRealtimeLogDelivery", "dcdn:DescribeDcdnSMCertificateDetail", "dcdn:DescribeDcdnSecFuncInfo", "dcdn:DescribeDcdnSecSpecInfo", "dcdn:DescribeDcdnService", "dcdn:DescribeDcdnStagingIp", "dcdn:DescribeDcdnSubList", "dcdn:DescribeDcdnTopDomainsByFlow", "dcdn:DescribeDcdnUserBillHistory", "dcdn:DescribeDcdnUserBillType", "dcdn:DescribeDcdnUserCertificateExpireCount", "dcdn:DescribeDcdnUserConfigs", "dcdn:DescribeDcdnUserQuota", "dcdn:DescribeDcdnUserRealTimeDeliveryField", "dcdn:DescribeDcdnUserResourcePackage", "dcdn:DescribeDcdnUserSecDrop", "dcdn:DescribeDcdnUserSecDropByMinute", "dcdn:DescribeDcdnUserTags", "dcdn:DescribeDcdnVerifyContent", "dcdn:DescribeDcdnVersionInfo", "dcdn:DescribeDcdnVersionOfConfigGroup", "dcdn:DescribeDcdnWafBotAppKey", "dcdn:DescribeDcdnWafDefaultRules", "dcdn:DescribeDcdnWafDomains", "dcdn:DescribeDcdnWafFilterInfo", "dcdn:DescribeDcdnWafGeoInfo", "dcdn:DescribeDcdnWafGroup", "dcdn:DescribeDcdnWafGroups", "dcdn:DescribeDcdnWafList", "dcdn:DescribeDcdnWafLists", "dcdn:DescribeDcdnWafPolicies", "dcdn:DescribeDcdnWafPolicy", "dcdn:DescribeDcdnWafPolicyDomains", "dcdn:DescribeDcdnWafPolicyValidDomains", "dcdn:DescribeDcdnWafQuota", "dcdn:DescribeDcdnWafRule", "dcdn:DescribeDcdnWafRules", "dcdn:DescribeDcdnWafScenes", "dcdn:DescribeDcdnWafService", "dcdn:DescribeDcdnWafSpecInfo", "dcdn:DescribeDcdnsecService", "dcdn:DescribeDdosAllEventList", "dcdn:DescribeDdosBpsList", "dcdn:DescribeDdosBpsMax", "dcdn:DescribeDdosEventMax", "dcdn:DescribeDdosSpecialPort", "dcdn:DescribeDomainAttackEventList", "dcdn:DescribeDomainOverview", "dcdn:DescribeDomainQpsList", "dcdn:DescribeEncryptRoutineUid", "dcdn:DescribeEsExceptionData", "dcdn:DescribeEsExecuteData", "dcdn:DescribeHighlightInfo", "dcdn:DescribeKVTimeoutRequestDistributionData", "dcdn:DescribeKvPerfData", "dcdn:DescribeKvRealTimeQpsData", "dcdn:DescribeKvUsageData", "dcdn:DescribeRDDomainConfig", "dcdn:DescribeRDDomains", "dcdn:DescribeRegistryNamespace", "dcdn:DescribeRegistryUser", "dcdn:DescribeRoutine", "dcdn:DescribeRoutineCanaryEnvs", "dcdn:DescribeRoutineCodeRevision", "dcdn:DescribeRoutineRelatedDomains", "dcdn:DescribeRoutineSpec", "dcdn:DescribeRoutineUserInfo", "dcdn:DescribeRuleHitsTopResource", "dcdn:DescribeRuleIdInfo", "dcdn:DescribeUserDcdnDdosStatus", "dcdn:DescribeUserDcdnIpaStatus", "dcdn:DescribeUserDcdnStatus", "dcdn:DescribeUserDcdnWafStatus", "dcdn:DescribeUserErStatus", "dcdn:DescribeUserLogserviceStatus", "dcdn:DescribeWasm", "dcdn:DescribeWasmUserInfo", "dcdn:GetAuthorizationToken", "dcdn:GetDcdnKv", "dcdn:GetDcdnKvDetail", "dcdn:GetDcdnKvStatus", "dcdn:ListBackOriginMapping", "dcdn:ListBackOriginSource", "dcdn:ListDcdnEsTemplateInfo", "dcdn:ListDcdnIpaTagResources", "dcdn:ListDcdnKv" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "dcdn:ActivateDcdnVersionOfConfigGroup", "dcdn:AddBackOriginSource", "dcdn:AddDcdnConfigGroup", "dcdn:BatchCreateDcdnWafRules", "dcdn:BatchDeleteDcdnKv", "dcdn:BatchDeleteDcdnKvWithHighCapacity", "dcdn:BatchDeleteDcdnWafRules", "dcdn:BatchModifyDcdnWafRules", "dcdn:BatchPutDcdnKv", "dcdn:BatchPutDcdnKvWithHighCapacity", "dcdn:BatchSetRDBlockIP", "dcdn:BlockDcdnObjectCaches", "dcdn:CheckDcdnIpaVip", "dcdn:CheckDcdnProjectExist", "dcdn:CloneDcdnVersionOfConfigGroup", "dcdn:CommitStagingRoutineCode", "dcdn:CreateApp", "dcdn:CreateAppConfig", "dcdn:CreateAppVersion", "dcdn:CreateBackOriginMapping", "dcdn:CreateCustomScenePolicy", "dcdn:CreateDcdnCertificateSigningRequest", "dcdn:CreateDcdnWafGroup", "dcdn:CreateDcdnWafList", "dcdn:CreateDcdnWafPolicy", "dcdn:CreateDcdnpaybag", "dcdn:CreateRegistryNamespace", "dcdn:CreateRegistryUser", "dcdn:CreateRoutine", "dcdn:CreateSlrAndSlsProject", "dcdn:CreateWasm", "dcdn:CustomScenePolicyBindObject", "dcdn:DcdnHttpRequestStagingTest", "dcdn:DcdnHttpRequestTestTool", "dcdn:DeactivateDcdnConfigOfVersion", "dcdn:DeleteBackOriginMapping", "dcdn:DeleteCustomDomainSampleRate", "dcdn:DeleteCustomScenePolicy", "dcdn:DeleteDcdnConfigGroup", "dcdn:DeleteDcdnConfigOfVersion", "dcdn:DeleteDcdnDeliverTask", "dcdn:DeleteDcdnIpaSpecificConfig", "dcdn:DeleteDcdnKv", "dcdn:DeleteDcdnKvNamespace", "dcdn:DeleteDcdnRealTimeLogProject", "dcdn:DeleteDcdnSubTask", "dcdn:DeleteDcdnUserConfig", "dcdn:DeleteDcdnVersionConfig", "dcdn:DeleteDcdnVersionOfConfigGroup", "dcdn:DeleteDcdnWafGroup", "dcdn:DeleteDcdnWafList", "dcdn:DeleteDcdnWafPolicy", "dcdn:DeleteRoutine", "dcdn:DeleteRoutineCodeRevision", "dcdn:DeleteRoutineConfEnvs", "dcdn:DeleteWasm", "dcdn:DeleteWasmCodeRevision", "dcdn:DeployAppVersion", "dcdn:DescribeApp", "dcdn:DescribeAppConfigs", "dcdn:DescribeAppState", "dcdn:DescribeAppTenant", "dcdn:DescribeAppVersion", "dcdn:DescribeAppVersions", "dcdn:DescribeApps", "dcdn:DescribeBackOriginAreas", "dcdn:DescribeCustomDomainSampleRate", "dcdn:DescribeCustomScenePolicies", "dcdn:DescribeCustomScenePolicyObject", "dcdn:DescribeDcdnAclFields", "dcdn:DescribeDcdnActivationHistory", "dcdn:DescribeDcdnActiveVersionOfConfigGroup", "dcdn:DescribeDcdnBgpBpsData", "dcdn:DescribeDcdnBgpTrafficData", "dcdn:DescribeDcdnBlockedRegions", "dcdn:DescribeDcdnCcSignatureArgList", "dcdn:DescribeDcdnCcSignatureObjectList", "dcdn:DescribeDcdnCertificateDetail", "dcdn:DescribeDcdnCertificateDetailById", "dcdn:DescribeDcdnConditionIPBInfo", "dcdn:DescribeDcdnConfigGroupDetail", "dcdn:DescribeDcdnConfigGroupList", "dcdn:DescribeDcdnConfigOfVersion", "dcdn:DescribeDcdnConfigOfVersionForDiff", "dcdn:DescribeDcdnContainerStats", "dcdn:DescribeDcdnDdosService", "dcdn:DescribeDcdnDdosSpecInfo", "dcdn:DescribeDcdnDeletedDomains", "dcdn:DescribeDcdnDeliverList", "dcdn:DescribeDcdnDomainByCertificate", "dcdn:DescribeDcdnDomainCcActivityLog", "dcdn:DescribeDcdnDomainMax95BpsData", "dcdn:DescribeDcdnDomainMd5Info", "dcdn:DescribeDcdnDomainNamesOfVersion", "dcdn:DescribeDcdnDomainVerifyData", "dcdn:DescribeDcdnDomainsBySource", "dcdn:DescribeDcdnErUsageData", "dcdn:DescribeDcdnFullDomainsBlockIPConfig", "dcdn:DescribeDcdnFullDomainsBlockIPHistory", "dcdn:DescribeDcdnHttpsDomainList", "dcdn:DescribeDcdnIpInfo", "dcdn:DescribeDcdnIpaService", "dcdn:DescribeDcdnKvAccount", "dcdn:DescribeDcdnKvAccountStatus", "dcdn:DescribeDcdnKvNamespace", "dcdn:DescribeDcdnL2Ips", "dcdn:DescribeDcdnL2Vips", "dcdn:DescribeDcdnRealTimeDeliveryField", "dcdn:DescribeDcdnRefreshQuota", "dcdn:DescribeDcdnRefreshTaskById", "dcdn:DescribeDcdnRegionAndIsp", "dcdn:DescribeDcdnReportList", "dcdn:DescribeDcdnResourcesProperty", "dcdn:DescribeDcdnSLSRealTimeLogType", "dcdn:DescribeDcdnSLSRealtimeLogDelivery", "dcdn:DescribeDcdnSMCertificateDetail", "dcdn:DescribeDcdnSecFuncInfo", "dcdn:DescribeDcdnSecSpecInfo", "dcdn:DescribeDcdnService", "dcdn:DescribeDcdnStagingIp", "dcdn:DescribeDcdnSubList", "dcdn:DescribeDcdnTopDomainsByFlow", "dcdn:DescribeDcdnUserBillHistory", "dcdn:DescribeDcdnUserBillType", "dcdn:DescribeDcdnUserCertificateExpireCount", "dcdn:DescribeDcdnUserConfigs", "dcdn:DescribeDcdnUserQuota", "dcdn:DescribeDcdnUserRealTimeDeliveryField", "dcdn:DescribeDcdnUserResourcePackage", "dcdn:DescribeDcdnUserSecDrop", "dcdn:DescribeDcdnUserSecDropByMinute", "dcdn:DescribeDcdnUserTags", "dcdn:DescribeDcdnVerifyContent", "dcdn:DescribeDcdnVersionInfo", "dcdn:DescribeDcdnVersionOfConfigGroup", "dcdn:DescribeDcdnWafBotAppKey", "dcdn:DescribeDcdnWafDefaultRules", "dcdn:DescribeDcdnWafDomains", "dcdn:DescribeDcdnWafFilterInfo", "dcdn:DescribeDcdnWafGeoInfo", "dcdn:DescribeDcdnWafGroup", "dcdn:DescribeDcdnWafGroups", "dcdn:DescribeDcdnWafList", "dcdn:DescribeDcdnWafLists", "dcdn:DescribeDcdnWafPolicies", "dcdn:DescribeDcdnWafPolicy", "dcdn:DescribeDcdnWafPolicyDomains", "dcdn:DescribeDcdnWafPolicyValidDomains", "dcdn:DescribeDcdnWafQuota", "dcdn:DescribeDcdnWafRule", "dcdn:DescribeDcdnWafRules", "dcdn:DescribeDcdnWafScenes", "dcdn:DescribeDcdnWafService", "dcdn:DescribeDcdnWafSpecInfo", "dcdn:DescribeDcdnsecService", "dcdn:DescribeDdosAllEventList", "dcdn:DescribeDdosBpsList", "dcdn:DescribeDdosBpsMax", "dcdn:DescribeDdosEventMax", "dcdn:DescribeDdosSpecialPort", "dcdn:DescribeDomainAttackEventList", "dcdn:DescribeDomainOverview", "dcdn:DescribeDomainQpsList", "dcdn:DescribeEncryptRoutineUid", "dcdn:DescribeEsExceptionData", "dcdn:DescribeEsExecuteData", "dcdn:DescribeHighlightInfo", "dcdn:DescribeKVTimeoutRequestDistributionData", "dcdn:DescribeKvPerfData", "dcdn:DescribeKvRealTimeQpsData", "dcdn:DescribeKvUsageData", "dcdn:DescribeRDDomainConfig", "dcdn:DescribeRDDomains", "dcdn:DescribeRegistryNamespace", "dcdn:DescribeRegistryUser", "dcdn:DescribeRoutine", "dcdn:DescribeRoutineCanaryEnvs", "dcdn:DescribeRoutineCodeRevision", "dcdn:DescribeRoutineRelatedDomains", "dcdn:DescribeRoutineSpec", "dcdn:DescribeRoutineUserInfo", "dcdn:DescribeRuleHitsTopResource", "dcdn:DescribeRuleIdInfo", "dcdn:DescribeUserDcdnDdosStatus", "dcdn:DescribeUserDcdnIpaStatus", "dcdn:DescribeUserDcdnStatus", "dcdn:DescribeUserDcdnWafStatus", "dcdn:DescribeUserErStatus", "dcdn:DescribeUserLogserviceStatus", "dcdn:DescribeWasm", "dcdn:DescribeWasmUserInfo", "dcdn:DetachDcdnDomainNameFromVersion", "dcdn:DisableCustomScenePolicy", "dcdn:DisableDcdnRDAccess", "dcdn:EditRoutineConf", "dcdn:EditWasmConf", "dcdn:EnableCustomScenePolicy", "dcdn:EnableDcdnRDAccess", "dcdn:GetAuthorizationToken", "dcdn:GetDcdnKv", "dcdn:GetDcdnKvDetail", "dcdn:GetDcdnKvStatus", "dcdn:ListBackOriginMapping", "dcdn:ListBackOriginSource", "dcdn:ListDcdnEsTemplateInfo", "dcdn:ListDcdnIpaTagResources", "dcdn:ListDcdnKv", "dcdn:ModifyCustomScenePolicy", "dcdn:ModifyDcdnConfigTemplate", "dcdn:ModifyDcdnDescriptionOfVersion", "dcdn:ModifyDcdnDomainOwner", "dcdn:ModifyDcdnService", "dcdn:ModifyDcdnWafGroup", "dcdn:ModifyDcdnWafList", "dcdn:ModifyDcdnWafPolicy", "dcdn:ModifyDcdnWafPolicyDomains", "dcdn:ModifyDcdnWafRule", "dcdn:OpenDcdnService", "dcdn:PublishAppVersion", "dcdn:PublishRoutineCodeRevision", "dcdn:PutDcdnKv", "dcdn:PutDcdnKvAccount", "dcdn:PutDcdnKvNamespace", "dcdn:PutDcdnKvWithHighCapacity", "dcdn:RemoveBackOriginSource", "dcdn:RollbackAppVersion", "dcdn:SetDcdnBlockIP", "dcdn:SetDcdnConfigOfVersion", "dcdn:SetDcdnDomainRouteTunnelConfig", "dcdn:SetDcdnFullDomainsBlockIP", "dcdn:SetDcdnUserConfig", "dcdn:SetDcdnVersionConfig", "dcdn:SetDdosSpecialPort", "dcdn:SetL7GlobalCfg", "dcdn:SetRoutineSubdomain", "dcdn:TagDcdnIpaResources", "dcdn:UnDeployAppVersion", "dcdn:UntagDcdnIpaResources", "dcdn:UpdateAppConfig", "dcdn:UpdateAppHealthCheck", "dcdn:UpdateBackOriginNameServer", "dcdn:UpdateDcdnUserRealTimeDeliveryField", "dcdn:UploadRoutineCode", "dcdn:UploadStagingRoutineCode", "dcdn:UploadWasmCode", "dcdn:VerifyDcdnDomainOwner" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。