操作场景
您可以通过使用访问管理(Cloud Access Management,CAM)策略让用户拥有在 API 网关(APIgateway)控制台中查看和使用特定资源的权限。本文档提供了查看和使用特定资源的权限示例,指导用户如何使用控制台的特定部分的策略。
操作示例
APIgateway 的全读写策略
APIgateway 的只读策略
如果您希望用户拥有查询 API 网关 的权限,但是不具有创建、删除、发布、修改的权限,您可以对该用户使用名称为:
QcloudAPIGWReadOnlyAccess
的策略。该策略是通过让用户分别对这些具备查看权限来达到目的,包含 API 网关中所有以单词 Describe 开头的、GenerateApiDocument、Monitor 查看操作。授权特定资源的操作权限
如果您希望授权用户拥有特定服务资源的操作权限,可将以下策略关联到该用户。
具体操作步骤如下:
说明:
第一个 action 表示,具体的资源 ID,具备全读写权限。
包含了具体某个serviceID的授权。
包含了所有api的授权,全读写。
其中UIN后面表示主账号UIN,service后面表示具体serviceID。
第二个 action 表示,其他操作级接口,具备查看权限。
以 Describe 开头的均表示查看列表、查看详情。
{"statement": [{"action": ["apigw:*"],"effect": "allow","resource": ["qcs::apigw::uin/100003771234:service/service-birpukkk","qcs::apigw::uin/100003771234:api/*"]},{"action": ["apigw:CheckActionToInstance","apigw:CheckCloneApis","apigw:DescribeApi","apigw:DescribeApiApp","apigw:DescribeApiAppBindApisStatus","apigw:DescribeApiBindApiAppsStatus","apigw:DescribeApiEnvironmentStrategy","apigw:DescribeApiForApiApp","apigw:DescribeApiKey","apigw:DescribeApiKeysStatus","apigw:DescribeApiUsagePlan","apigw:DescribeApisStatus","apigw:DescribeIPStrategy","apigw:DescribeIPStrategyApisStatus","apigw:DescribeIPStrategysStatus","apigw:DescribeLogRules","apigw:DescribePlugin","apigw:DescribeResourcePackStatus","apigw:DescribeService","apigw:DescribeServiceEnvionmentList","apigw:DescribeServiceEnvionmentReleaseHistory","apigw:DescribeServiceEnvironmentApiKeys","apigw:DescribeServiceEnvironmentKeyMonitorUpload","apigw:DescribeServiceEnvironmentList","apigw:DescribeServiceEnvironmentReleaseHistory","apigw:DescribeServiceEnvironmentStrategy","apigw:DescribeServiceForApiApp","apigw:DescribeServiceSubDomainMappings","apigw:DescribeServiceSubDomains","apigw:DescribeServiceUsagePlan","apigw:DescribeServiceVersion","apigw:DescribeSubDomain","apigw:DescribeUsagePlan","apigw:DescribeUsagePlanEnvironments","apigw:DescribeUsagePlanSecretIds","apigw:DescribeUsagePlansStatus","apigw:DescribeUserFeatureSupport","apigw:DescribePluginsByApi","apigw:DescribeExclusiveInstanceDetail","apigw:DescribeExclusiveInstancesStatus","apigw:DescribePlugins"],"effect": "allow","resource": ["*"]}],"version": "2.0"}