Global system policies

Last updated:2020-07-19 00:07:27

Global system policies

The following tables list built-in global system policies of Kingsoft Cloud.

Policies irrelevant to services

Overview

Policy Policy KRN Description Version Default or not
AdministratorAccess krn:ksc:iam::ksc:policy/AdministratorAccess Describes management permissions of a system administrator, which are maximum permissions. v1 Yes

Details

Policy Policy document Permission
AdministratorAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "*", "Resource": "*"}]} Describes the permissions to manage all services of Kingsoft Cloud, such as KEC, EIP, VPC, SLB, CDN, KMR, IAM and KRDS.

Policies related to CDN

Overview

Policy Policy KRN Description Version Default or not
CDNFullAccess krn:ksc:iam::ksc:policy/CDNFullAccess Describes the permissions to manage CDN. v1 Yes
CDNReadOnlyAccess krn:ksc:iam::ksc:policy/CDNReadOnlyAccess Describes the permissions to query CDN data. v1 Yes

Details

Policy Policy document Permission
CDNFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "cdn:*", "Resource": "*"}]} Describes the permissions to manage CDN, for example, to manage refreshing, preloading, traffic and bandwidth, real-time hit rate status code, and user quota.
CDNReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":[ "cdn:Get*", "cdn:List*"], "Resource": "*"}]} Describes the permissions to query CDN data, for example, to query the refreshing list and details, preloading list and details, traffic and bandwidth, real-time hit rate status code, user quota, and quota usage.

Policies related to KEC

Overview

Policy Policy KRN Description Version Default or not
KECAdminFullAccess krn:ksc:iam::ksc:policy/KECAdminFullAccess Describes the permissions to manage KEC. v1 Yes
KECFullAccess krn:ksc:iam::ksc:policy/KECFullAccess Describes the permissions to manage KEC through the API. v1 Yes
KECReadOnlyAccess krn:ksc:iam::ksc:policy/KECReadOnlyAccess Describes the permissions to query KEC data through the API. v1 Yes

Details

Policy Policy document Permission
KECAdminFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kec:*", "Resource": "*"},{"Effect": "Allow", "Action": "vpc:*", "Resource": "*"},{"Effect": "Allow", "Action": "slb:*", "Resource": "*"},{"Effect": "Allow", "Action": "eip:*", "Resource": "*"} ]} Describes the permissions to manage KEC, for example, to manage KEC instances, VPCs, SLB instances, and EIPs.
KECFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kec:*", "Resource": "*"}]} Describes the permissions manage KEC through the API, for example, to manage instances and mappings, monitor instances and modify network interface attributes.
KECReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"kec:Describe*", "Resource": "*"}]} Describes the permissions to query KEC data through the API, for example, to query the host and image information.

Policies related to VPC

Overview

Policy Policy KRN Description Version Default or not
VPCFullAccess krn:ksc:iam::ksc:policy/VPCFullAccess Describes the permissions to manage VPC through the API. v1 Yes
VPCReadOnlyAccess krn:ksc:iam::ksc:policy/VPCReadOnlyAccess Describes the permissions to query VPC data through the API. v1 Yes
VPCConsoleFullAccess krn:ksc:iam::ksc:policy/VPCConsoleFullAccess Describes the permissions to manage VPC and EIP in the console. v1 Yes
VPCConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/VPCConsoleReadOnlyAccess Describes the permissions to query VPC data in the console. v1 Yes

Details

Policy Policy document Permission
VPCFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "vpc:*", "Resource": "*"}]} Describes the permissions to manage VPC through the API, for example, to manage VPCs, subnets, routes, network ACLs, NAT settings, tunnels, and peer connections.
VPCReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"vpc:Describe*", "Resource": "*"}]} Describes the permissions to query VPC data through the API, for example, to query VPCs, subnets, routes, network ACLs, and NAT settings.
VPCConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:*","eip:*","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to manage VPC in the console, for example, to manage VPCs, subnets, routes, network ACLs, NAT settings, tunnels, peer connections, EIPs, and port mapping.
VPCConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:Describe*","eip:Describe*","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to query VPC data in the console, for example, to query VPCs, subnets, routes, network ACLs, NAT settings, EIPs, and port mapping.

Policies related to EIP

Overview

Policy Policy KRN Description Version Default or not
EIPFullAccess krn:ksc:iam::ksc:policy/EIPFullAccess Describes the permissions to manage EIP through the API. v1 Yes
EIPReadOnlyAccess krn:ksc:iam::ksc:policy/EIPReadOnlyAccess Describes the permissions to query EIP data through the API. v1 Yes
EIPConsoleFullAccess krn:ksc:iam::ksc:policy/EIPConsoleFullAccess Describes the permissions to manage EIP in the console. v1 Yes
EIPConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/EIPConsoleReadOnlyAccess Describes the permissions to query EIP data in the console. v1 Yes

Details

Policy Policy document Permission
EIPFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "eip:*", "Resource": "*"}]} Describes the permissions to manage EIP through the API, for example, to manage EIPs and port mapping.
EIPReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["eip:Describe*", "eip:GetLines"], "Resource": "*"}]} Describes the permissions to query EIP data through the API, for example, to query links, EIPs, and port mapping.
EIPConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["eip:*","vpc:DescribeNetworkInterfaces","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to manage EIP in the console, for example, to manage EIPs and port mapping.
EIPConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["eip:Describe*","vpc:DescribeNetworkInterfaces","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to query EIP data in the console, for example, to query EIPs and port mapping.

Policies related to SLB

Overview

Policy Policy KRN Description Version Default or not
SLBFullAccess krn:ksc:iam::ksc:policy/SLBFullAccess Describes the permissions to manage SLB through the API. v1 Yes
SLBReadOnlyAccess krn:ksc:iam::ksc:policy/SLBReadOnlyAccess Describes the permissions to query SLB data through the API. v1 Yes
SLBConsoleFullAccess krn:ksc:iam::ksc:policy/SLBConsoleFullAccess Describes the permissions to manage SLB and EIP in the console. v1 Yes
SLBConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/SLBConsoleReadOnlyAccess Describes the permissions to query SLB data in the console. v1 Yes

Details

Policy Policy document Permission
SLBFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "slb:*", "Resource": "*"}]} Describes the permissions to manage SLB through the API, for example, to manage SLB instances, listeners, health check, and backend servers.
SLBReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"slb:Describe*", "Resource": "*"}]} Describes the permissions to query SLB data through the API, for example, to query SLB instances, listeners, health check, and backend servers.
SLBConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["slb:*","eip:*","vpc:DescribeNetworkInterfaces","vpc:DescribeVpcs","vpc:DescribeSubnets","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to manage SLB in the console, for example, to manage SLB instances, listeners, health check, backend servers, EIPs, and port mapping.
SLBConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["slb:Describe*","eip:Describe*","vpc:DescribeNetworkInterfaces","vpc:DescribeVpcs","vpc:DescribeSubnets","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to query SLB data in the console, for example, to query SLB instances, listeners, health check, backend servers, EIPs, and port mapping.

Policies related to IAM

Overview

Policy Policy KRN Description Version Default or not
IAMFullAccess krn:ksc:iam::ksc:policy/IAMFullAccess Describes the permissions to manage IAM in the console and through the API. v1 Yes
IAMReadOnlyAccess krn:ksc:iam::ksc:policy/IAMReadOnlyAccess Describes the permissions to query IAM data in the console and through the API. v1 Yes

Details

Policy Policy document Permission
IAMFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "iam:*", "Resource": "*"}]} Describes the permissions to manage IAM in the console and through the API, for example, to manage IAM users, AccessKeys, and policies.
IAMReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["iam:Get*", "iam:List*"], "Resource": "*"}]} Describes the permissions to query IAM data in the console and through the API, for example, to query IAM users, AccessKeys, and policies.

Policies related to EPC

Overview

Policy Policy KRN Description Version Default or not
EPCFullAccess krn:ksc:iam::ksc:policy/EPCFullAccess Describes the permissions to manage EPC in the console and through the API. v1 Yes
EPCReadOnlyAccess krn:ksc:iam::ksc:policy/EPCReadOnlyAccess Describes the permissions to query EPC data in the console and through the API. v1 Yes

Details

Policy Policy document Permission
EPCFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "epc:*", "Resource": "*"}]} Describes the permissions to manage EPC in the console and through the API, for example, to manage the EPC lifecycle, subnets, and images.
EPCReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["epc:Get*", "epc:List*"], "Resource": "*"}]} Describes the permissions to query EPC data in the console and through the API, for example, to query EPC instances and images.

Policies related to KMR

Overview

Policy Policy KRN Description Version Default or not
KMRFullAccess krn:ksc:iam::ksc:policy/KMRFullAccess Describes the permissions to manage KMR in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KMRFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kmr:*", "Resource": "*"}]} Describes the permissions to manage KMR in the console and through the API, for example, to manage clusters, SSH keys, jobs, and EIPs.

Policies related to DNS

Overview

Policy Policy KRN Description Version Default or not
DNSFullAccess krn:ksc:iam::ksc:policy/DNSFullAccess Describes the permissions to manage DNS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
DNSFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "dns:*", "Resource": "*"}]} Describes the permissions to manage DNS in the console and through the API, for example, to manage domain names and DNS records.

Policies related to WAF

Overview

Policy Policy KRN Description Version Default or not
WAFFullAccess krn:ksc:iam::ksc:policy/WAFFullAccess Describes the permissions to manage WAF in the console and through the API. v1 Yes

Details

Policy Policy document Permission
WAFFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "waf:*", "Resource": "*"}]} Describes the permissions to manage WAF in the console and through the API.

Policies related to KAS

Overview

Policy Policy KRN Description Version Default or not
KASFullAccess krn:ksc:iam::ksc:policy/KASFullAccess Describes the permissions to manage KAS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KASFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kas:*", "Resource": "*"}]} Describes the permissions to manage KAS in the console and through the API.

Policies related to KAD

Overview

Policy Policy KRN Description Version Default or not
KADFullAccess krn:ksc:iam::ksc:policy/KADFullAccess Describes the permissions to manage KAD in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KADFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kad:*", "Resource": "*"}]} Describes the permissions to manage KAD in the console and through the API.

Policies related to KRDS

Overview

Policy Policy KRN Description Version Default or not
KRDSFullAccess krn:ksc:iam::ksc:policy/KRDSFullAccess Describes the permissions to manage KRDS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KRDSFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "krds:*", "Resource": "*"}]} Describes the permissions to manage KRDS in the console and through the API.

Policies related to KIS

Overview

Policy Policy KRN Description Version Default or not
KISFullAccess krn:ksc:iam::ksc:policy/KISFullAccess Describes the permissions to manage KIS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KISFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kis:*", "Resource": "*"}]} Describes the permissions to manage KIS in the console and through the API.

Policies related to BWS

Overview

Policy Policy KRN Description Version Default or not
BWSFullAccess krn:ksc:iam::ksc:policy/BWSFullAccess Describes the permissions to manage BWS through the API. v1 Yes
BWSReadOnlyAccess krn:ksc:iam::ksc:policy/BWSReadOnlyAccess Describes the permissions to query BWS data through the API. v1 Yes
BWSConsoleFullAccess krn:ksc:iam::ksc:policy/BWSConsoleFullAccess Describes the permissions to manage BWS in the console. v1 Yes
BWSConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/BWSConsoleReadOnlyAccess Describes the permissions to query BWS data in the console. v1 Yes

Details

Policy Policy document Permission
BWSFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "bws:*", "Resource": "*"}]} Describes the permissions to manage BWS through the API, for example, to create or delete BWS instances and add or remove EIPs.
BWSReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"bws:Describe*", "Resource": "*"}]} Describes the permissions to query BWS data through the API.
BWSConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["bws:*","eip:*","vpc:DescribeInternetGateways","slb:DescribeLoadBalancers","epc:ListEpcs","kec:DescribeInstances"],"Resource":"*"}]} Describes the permissions to manage BWS in the console, for example, to manage BWS instances and EIPs.
BWSConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:Describe*","eip:Describe*","kec:DescribeInstances","epc:ListEpcs","slb:DescribeLoadBalancers"],"Resource":"*"}]} Describes the permissions to query BWS data in the console, for example, to query BWS instances, EIPs, SLB instances, and KEC instances.

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈