108
阿里云
鉴权规则__RAM子用户访问_API-Reference_日志服务-阿里云
当子账号通过 Log Service Open API 对主账号的资源进行访问时,Log Service后台向 RAM 进行权限检查,以确保资源拥有者的确将相关资源的相关权限授予了调用者。
每个不同的 Log Service API 会根据涉及到的资源以及 API 的语义来确定需要检查哪些资源的权限。具体地,各类 API 的鉴权规则见下表
Logstore
| Action | Resource |
|---|---|
| log:GetLogStore | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName} |
| log:ListLogStores | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/* |
| log:CreateLogStore | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/* |
| log:DeleteLogStore | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName} |
| log:UpdateLogStore | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName} |
Loghub
数据写入以及消费类API,其中获取数据游标API GetCursor以及获取数据API GetLogs共用同一个Action log:GetCursorOrData。
| Action | Resource |
|---|---|
| log:GetCursorOrData | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName} |
| log:ListShards | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName} |
| log:PostLogStoreLogs | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName} |
Config
| Action | Resource |
|---|---|
| log:CreateConfig | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/* |
| log:UpdateConfig | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName} |
| log:DeleteConfig | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName} |
| log:GetConfig | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName} |
| log:ListConfig | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/* |
Machine Group
| Actions | Resources |
|---|---|
| log:CreateMachineGroup | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/* |
| log:UpdateMachineGroup | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName} |
| log:DeleteMachineGroup | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName} |
| log:GetMachineGroup | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName} |
| log:ListMachineGroup | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/* |
| log:ListMachines | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName} |
Config和Machine Group交互类API
| Actions | Resources |
|---|---|
| log:ApplyConfigToGroup | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName} acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName} |
| log:RemoveConfigFromGroup | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName} acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName} |
| log:GetAppliedMachineGroups | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName} |
| log:GetAppliedConfigs | acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName} |
最后更新:2016-11-23 16:04:03
上一篇: 动作列表__RAM子用户访问_API-Reference_日志服务-阿里云
下一篇: 数据模型__公共资源说明_API-Reference_日志服务-阿里云
- 常见错误说明__附录_大数据计算服务-阿里云
- 发送短信接口__API使用手册_短信服务-阿里云
- 接口文档__Android_安全组件教程_移动安全-阿里云
- 运营商错误码(联通)__常见问题_短信服务-阿里云
- 设置短信模板__使用手册_短信服务-阿里云
- OSS 权限问题及排查__常见错误及排除_最佳实践_对象存储 OSS-阿里云
- 消息通知__操作指南_批量计算-阿里云
- 设备端快速接入(MQTT)__快速开始_阿里云物联网套件-阿里云
- 查询API调用流量数据__API管理相关接口_API_API 网关-阿里云
- 使用STS访问__JavaScript-SDK_SDK 参考_对象存储 OSS-阿里云