All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Kingsoft Cloud services that support IAM

Last updated:2023-05-24 17:06:32

Overview

IAM is applicable to most Kingsoft Cloud services. This topic lists the services that support IAM. It also describes the authorization granularity and system policies of the services, and whether the services support tag-based authorization.

Each table contains the following information:

  • Service: the name of the Kingsoft Cloud service that supports IAM. You can click the service name to view the product manual.

  • Authorization granularity: the minimum authorization granularity supported by the Kingsoft Cloud service.

    Note: Authorization granularity is classified into three levels: service, operation, and resource.

    • Service: Permissions are granted by Kingsoft Cloud service. An IAM user can either have full permissions or no permission on the service.
    • Operation: You can control whether an IAM user can perform specific operations on a type of resource in a Kingsoft Cloud service. For example, you can grant an IAM user the read-only permissions on KEC instances.
    • Resource: Permissions are granted by resource, which is the minimum authorization granularity. For example, you can grant an IAM user the restart permission on a specific KEC instance.
  • Tag-based authorization: indicates whether tag-based permission management is supported by the Kingsoft Cloud service. A check mark (√) indicates that tag-based authorization is supported, and a hyphen (-) indicates that tag-based authorization is not supported.

  • System policy: the system policy provided for the Kingsoft Cloud service. A hyphen (-) indicates that no system policy is available for the service.

Computing

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
KEC Resource KECAdminFullAccess: grants the full permissions on KEC.
KECFullAccess: grants the permissions to manage the lifecycle and images of KEC.
KECReadOnlyAccess: grants the permissions to query KEC data.
KFSFullAccess: grants the permissions to manage the lifecycle and images of Kingsoft Cloud File Storage (KFS).
KFSReadOnlyAccess: grants the permissions to query KFS data.
Elastic Physical Compute (EPC) Operation EPCFullAccess: grants the full permissions on EPC.
EPCReadOnlyAccess: grants the permissions to query EPC data.
Kingsoft Cloud Container Instance (KCI) Operation - KCIFullAccess: grants the full permissions on KCI.
KCIReadOnlyAccess: grants the read-only permissions on KCI.
Kingsoft Cloud Container Engine (KCE) Operation - KCEFullAccess: grants the full permissions on KCE, including the permissions on KEC instances, networks, SLB instances, EPC instances, and Elastic Block Storage (EBS) volumes.
KCEReadOnlyAccess: grants the read-only permissions on KCE.

Networking

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
SLB Resource SLBConsoleFullAccess: grants the full permissions to manage SLB and EIP in the console.
SLBConsoleReadOnlyAccess: grants the permissions to query SLB data in the console.
SLBFullAccess: grants the full permissions to manage SLB by calling API operations.
SLBReadOnlyAccess: grants the permissions to query SLB data by calling API operations.
Virtual Private Cloud (VPC) Resource - VPCConsoleFullAccess: grants the full permissions to manage VPC and EIP in the console.
VPCConsoleReadOnlyAccess: grants the permissions to query VPC data in the console.
VPCFullAccess: grants the full permissions to manage VPC by calling API operations.
VPCReadOnlyAccess: grants the permissions to query VPC data by calling API operations.
EIP Resource EIPConsoleFullAccess: grants the full permissions to manage EIP in the console.
EIPConsoleReadOnlyAccess: grants the permissions to query EIP data in the console.
EIPFullAccess: grants the full permissions to manage EIP by calling API operations.
EIPReadOnlyAccess: grants the permissions to query EIP data by calling API operations.
Bandwidth Share (BWS) Resource - BWSConsoleFullAccess: grants the full permissions to manage BWS in the console.
BWSConsoleReadOnlyAccess: grants the permissions to query BWS data in the console.
BWSFullAccess: grants the full permissions to manage BWS by calling API operations.
BWSReadOnlyAccess: grants the permissions to query BWS data by calling API operations.

Database

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
KRDS Resource KRDSConsoleFullAccess: grants the full permissions required in the console, including the permissions to manage KRDS, the permissions to query the KEC instance, VPC, and subnet lists, the tagging permissions, and the payment permissions.
KRDSFullAccess: grants the full permissions to manage KRDS by calling API operations.
KRDSReadAccess: grants the read-only permissions on KRDS instances.
KRDSReadAccess-NoneData: grants partial read-only permissions on KRDS in the console, including the read-only permissions on KRDS instances, parameter groups, security groups, and logs, but excluding the read-only permissions on backup pages.
Kingsoft Cloud Redis (Redis) Resource KCSConsoleFullAccess: grants the full permissions on Redis and the permissions to query the KEC instance, VPC, and subnet lists in the console.
KCSFullAccess: grants the full permissions to manage Redis by calling API operations.
KCSReadAccess: grants the read-only permissions on Redis.
Kingsoft Cloud MongoDB Operation - MongoDBConsoleFullAccess: grants the full permissions on MongoDB and the permissions to query the KEC instance, VPC, and subnet lists.
MongoDBReadAccess: grants the read-only permissions on MongoDB.
Kingsoft Cloud Distributed Relational Database Service (KDRDS) Operation - -
Memcached Operation MemcachedConsoleFullAccess: grants the full permissions on Memcached and the permissions to query the KEC instance, VPC, and subnet lists in the console.
MemcachedFullAccess: grants the full permissions to manage Memcached by calling API operations.
MemcachedReadAccess: grants the read-only permissions on Memcached.
Kingsoft Cloud Distributed Transaction Service (KDTX) Operation - -
KingDB Operation - -
Time Series Database InfluxDB (InfluxDB) Operation - InfluxDBFullAccess: grants the full permissions on InfluxDB and the permissions to query the KEC instance, EPC instance, VPC, and subnet lists.
InfluxDBReadAccess: grants the read-only permissions on InfluxDB and the permissions to query the KEC instance, EPC instance, VPC, and subnet lists.
Data Transmission Service (DTS) Operation - DTSFullAccess: grants the full permissions to manage DTS in the KRDS console.
KRDS for PostgreSQL Operation - PostgreSQLFullAccess: grants the full permissions on PostgreSQL, the permissions to query the KEC instance, VPC, and subnet lists, and the full permissions on tagging.
PostgreSQLReadOnlyAccess: grants the read-only permissions on PostgreSQL, the permissions to query the KEC instance, VPC, and subnet lists, and the tag query permissions.
KRDS for SQLServer Operation - SQLServerFullAccess: grants the full permissions on SQLServer, the permissions to query the KEC instance, VPC, and subnet lists, and the full permissions on tagging.
SQLServerReadOnlyAccess: grants the read-only permissions on SQLServer, the permissions to query the KEC instance, VPC, and subnet lists, and the tag query permissions.

Storage and CDN

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Content Delivery Network (CDN) Resource - CDNFullAccess: grants the full permissions on CDN.
CDNReadOnlyAccess: grants the permissions to query CDN data.
KS3 Resource - KS3FullAccess: grants the full permissions on KS3.
KS3ReadOnlyAccess: grants the read-only permissions on KS3.
EBS Operation EBSFullAccess: grants the full permissions on EBS.
EBSReadOnlyAccess: grants the permissions to query EBS data.
Kingsoft Cloud Edge Node Computing (KENC) Operation - -
Kingsoft Cloud Performance File Storage (KPFS) Resource - KPFSFullAccess: grants the full permissions on KPFS.
KPFSReadOnlyAccess: grants the permissions to query KPFS data.

Video services

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Kingsoft Cloud Media Cloud Transcoder (KMCT) Operation - KETFullAccess: grants the full permissions to manage KMCT by calling API operations.
KETReadOnlyAccess: grants the permissions to query KMCT data by calling API operations.
Kingsoft Cloud Live Service (KLS) Operation - KLSConsoleFullAccess: grants the full permissions to manage KLS in the console.
KLSConsoleReadOnlyAccess: grants the permissions to query KLS data in the console.
KLSFullAccess: grants the full permissions to manage KLS by calling API operations.
KLSReadOnlyAccess: grants the permissions to query KLS data by calling API operations.
Kingsoft Cloud Quality of Experience (KQoE) Operation - -

Big data

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Kingsoft Cloud MapReduce (KMR) Operation - KMRFullAccess: grants the full permissions on KMR.
Kingsoft Cloud DataCloud Operation - -
Kingsoft Cloud Query Engine Service (KQES) Operation - KQESFullAccess: grants the full permissions on KQES.
Kingsoft Cloud Elasticsearch Service (KES) Operation - KESFULLAcess: grants the full permissions on KES.
Kingsoft Cloud HBase (KHBase) Operation - KHBaseFULLAcess: grants the full permissions on KHBase.
Kingsoft Cloud Log Service (KLog) Operation - KlogReadOnlyAccess: -
KsyunKLogDefaultPolicy: -

Cloud security

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Kingsoft Cloud Advanced Defense (KAD) Operation - KADFullAccess: grants the full permissions on KAD.
Kingsoft Cloud Advanced Defense for EIP (KEAD) Operation - KEADFullAccess: grants the full permissions on KEAD.
KEADReadOnlyAccess: grants the read-only permissions on KEAD.
Kingsoft Cloud Host Security (KHS) Service - KHSFullAccess: grants the full permissions on KHS.
KHS-New Operation - KhsNewFullAccess: grants the full permissions on KHS-New.
KhsNewReadOnly: grants the read-only permissions on KHS-New.
Web Application Firewall (WAF) Operation - WAFFullAccess: grants the full permissions on WAF.
Kingsoft Cloud Advance Security (KAS) Service - KASFullAccess: grants the full permissions on KAS.
Kingsoft Cloud Key Management Service (KKMS) Operation - KKMSConsoleFullAccess: grants the full permissions to manage KKMS in the console.
KKMSConsoleReadOnlyAccess: grants the permissions to query KKMS data in the console.
Kingsoft Cloud Certificate Management (KCM) Operation - KCMFullAccess: grants the full permissions on KCM.
KCMReadOnlyAccess: grants the permissions to query KCM data.
Kingsoft Cloud Security Management (KSM) Operation - KSMFullAccess: grants the full permissions on KSM.
KSMReadOnlyAccess: grants the read-only permissions on KSM.
Business Risk Intelligence (BRI) Operation - BRIFullAccess: grants the full permissions on BRI.
Kingsoft Cloud Penetration Test (KPT) Service - KPTFullAccess: grants the full permissions on KPT.

Cloud communication

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Short Message Service (SMS) Console Operation - SmsFullAccess: grants the full permissions to manage SMS in the console.
SmsReadOnlyAccess: grants the permissions to query SMS data in the console.
SMS Gateway Operation - -
Kingsoft Cloud Voice Message Service (VMS) Operation - VoiceConsoleFullAccess: grants the full permissions to manage VMS in the console.
VMS Gateway Operation - VoiceFullAccess: grants the full permissions to send VMS messages.
Phone Number Verification (PNV) API Operation - OnePassApiAll: grants the full permissions to manage PNV by calling API operations.
OnePassApiOnlyRead: grants the permissions to query PNV data by calling API operations.
PNV Gateway Operation - OnepassGateWayAll: grants the full permissions on PNV gateways.

Development and O&M

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Kingsoft Cloud Monitor Service Operation - MonitorFullAccess: grants the full permissions to manage Kingsoft Cloud Monitor Service by calling API operations.
MonitorReadOnlyAccess: grants the permissions to query Kingsoft Cloud Monitor Service data by calling API operations.
Rabbit Message Queue (RabbitMQ) Operation - RabbitMQFullAccess: grants the full permissions on RabbitMQ and the permissions to query the KEC instance, EPC instance, VPC, and subnet lists.
RabbitMQReadAccess: grants the read-only permissions on RabbitMQ and the permissions to query the KEC instance, EPC instance, VPC, and subnet lists.
Kingsoft Cloud DevsForce (KDF) Operation - KDFFullAccess: grants the full permissions on KDF.
API Gateway Operation - -
Kingsoft Cloud Microservice Engine Operation - -

Artificial intelligence (AI)

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Kingsoft Cloud Power Learning (KPL) Operation - -

Enterprise applications

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Kingsoft Cloud Gaming (KCG) Operation - KCGFullAccess: grants the full permissions to manage KCG by calling API operations.

Management and audit

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
ActionTrail Operation - ActionTrailFullAccess: grants the permissions to query audit logs.
IAM Resource - BindVirtualMFADevice: grants the permission to bind IAM users to virtual MFA devices.
IAMChangePasswd: grants the permission to change the password to IAM users.
IAMFullAccess: grants the full permissions on IAM.
IAMReadOnlyAccess: grants the permissions to query IAM data.
MFAmodifyAccess: grants the permissions to manage MFA to users.
STSAssumeRoleAccess: grants the permission to call the AssumeRole API operation of Security Token Service (STS).
Tag V2 Operation - TAGFullAccess. grants the full permissions on Tag.
TAGReadOnlyAccess: grants the read-only permissions on Tag.

Partnership and ecosystem

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Agents Operation - AGENTFullAccess: grants the full permissions of agents.
ZAGENTDistributionAdminAccess: grants the permissions of distribution administrators.
ZAGENTDistributionCustomerAccess: grants the permissions of distribution customers.
ZAGENTDistributionFinanceAccess: grants the permissions on distribution finance.

User center

Kingsoft Cloud service Authorization granularity Tag-based authorization System policy
Finance Operation - OrderReadOnlyAccess: grants the read-only permissions on finance.
PayOrderAccess: grants the payment permission.
TradeAccountAccess: grants the full permissions on the Account page of Billing Center.
TradeAccountAccess&CloudTicket: grants the full permissions on the Account and Cloud Ticket pages of Billing Center.
TradeCouponsAccess: grants the full permissions on the Voucher page of Billing Center.
TradeFullAccess: grants the full permissions on finance.
TradeInvoiceManagementAccess: grants the full permissions on the Invoice Management page of Billing Center.
TradeSettlementConfirmAccess: grants the permission to confirm monthly statements.
TradeSettlementFeedbackAccess: grants the permission to report issues on monthly settlements.
TradeSettlementReadOnlyAccess: grants the permission to view monthly settlements.
Account Management Operation - ContactFullAccess: grants the full permissions to manage message recipients and internal messages.
SMSInMailReadOnlyAccess: grants the read-only permissions on internal messages.
SMSReceiveReadOnlyAccess: grants the read-only permissions on message recipients.
Pay-As-You-Go Operation - -
Customer Bill Operation - -
Bill Operation - BillFullAccess: grants the permissions to query bill data by calling API operations.
On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback