All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Global system policies

Last updated:2021-10-29 17:57:34

The following tables describe the built-in global system policies of Kingsoft Cloud.

Policies irrelevant to services

Overview

Policy Policy KRN Description Version Default or not
AdministratorAccess krn:ksc:iam::ksc:policy/AdministratorAccess Describes management permissions of a system administrator, which are maximum permissions. v1 Yes

Details

Policy Policy document Permission
AdministratorAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "*", "Resource": "*"}]} Describes the permissions to manage all services of Kingsoft Cloud, such as KEC, Elastic IP (EIP), Virtual Private Cloud (VPC), Server Load Balancing (SLB), Content Delivery Network (CDN), Kingsoft Cloud MapReduce (KMR), IAM, and Kingsoft Cloud Relational Database Service (KRDS).

Policies related to CDN

Overview

Policy Policy KRN Description Version Default or not
CDNFullAccess krn:ksc:iam::ksc:policy/CDNFullAccess Describes the permissions to manage CDN. v1 Yes
CDNReadOnlyAccess krn:ksc:iam::ksc:policy/CDNReadOnlyAccess Describes the permissions to query CDN data. v1 Yes

Details

Policy Policy document Permission
CDNFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "cdn:*", "Resource": "*"}]} Describes the permissions to manage CDN, for example, to manage refreshing, preloading, traffic and bandwidth, real-time hit rate and status code, and user quota.
CDNReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":[ "cdn:Get*", "cdn:List*"], "Resource": "*"}]} Describes the permissions to query CDN data, for example, to query the refreshed CND nodes and their details, preloaded CND nodes and their details, traffic and bandwidth, real-time hit rate and status code, user quota, and quota usage.

Policies related to KEC

Overview

Policy Policy KRN Description Version Default or not
KECAdminFullAccess krn:ksc:iam::ksc:policy/KECAdminFullAccess Describes the permissions to manage KEC. v1 Yes
KECFullAccess krn:ksc:iam::ksc:policy/KECFullAccess Describes the permissions to manage KEC through the API. v1 Yes
KECReadOnlyAccess krn:ksc:iam::ksc:policy/KECReadOnlyAccess Describes the permissions to query KEC data through the API. v1 Yes

Details

Policy Policy document Permission
KECAdminFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kec:*", "Resource": "*"},{"Effect": "Allow", "Action": "vpc:*", "Resource": "*"},{"Effect": "Allow", "Action": "slb:*", "Resource": "*"},{"Effect": "Allow", "Action": "eip:*", "Resource": "*"} ]} Describes the permissions to manage KEC, for example, to manage KEC instances, VPCs, SLB instances, and EIPs.
KECFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kec:*", "Resource": "*"}]} Describes the permissions to manage KEC through the API, for example, to manage instances and images, and modify network interface attributes.
KECReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"kec:Describe*", "Resource": "*"}]} Describes the permissions to query KEC data through the API, for example, to query the instance and image information.

Policies related to VPC

Overview

Policy Policy KRN Description Version Default or not
VPCFullAccess krn:ksc:iam::ksc:policy/VPCFullAccess Describes the permissions to manage VPC through the API. v1 Yes
VPCReadOnlyAccess krn:ksc:iam::ksc:policy/VPCReadOnlyAccess Describes the permissions to query VPC data through the API. v1 Yes
VPCConsoleFullAccess krn:ksc:iam::ksc:policy/VPCConsoleFullAccess Describes the permissions to manage VPC and EIP in the console. v1 Yes
VPCConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/VPCConsoleReadOnlyAccess Describes the permissions to query VPC data in the console. v1 Yes

Details

Policy Policy document Permission
VPCFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "vpc:*", "Resource": "*"}]} Describes the permissions to manage VPC through the API, for example, to manage VPCs, subnets, routes, network access control lists (ACLs), Network Address Translation (NAT) settings, tunnels, and peer connections.
VPCReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"vpc:Describe*", "Resource": "*"}]} Describes the permissions to query VPC data through the API, for example, to query VPCs, subnets, routes, network ACLs, and NAT settings.
VPCConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:*","eip:*","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to manage VPC in the console, for example, to manage VPCs, subnets, routes, network ACLs, NAT settings, tunnels, peer connections, EIPs, and port mapping.
VPCConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:Describe*","eip:Describe*","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to query VPC data in the console, for example, to query VPCs, subnets, routes, network ACLs, NAT settings, EIPs, and port mapping.

Policies related to EIP

Overview

Policy Policy KRN Description Version Default or not
EIPFullAccess krn:ksc:iam::ksc:policy/EIPFullAccess Describes the permissions to manage EIP through the API. v1 Yes
EIPReadOnlyAccess krn:ksc:iam::ksc:policy/EIPReadOnlyAccess Describes the permissions to query EIP data through the API. v1 Yes
EIPConsoleFullAccess krn:ksc:iam::ksc:policy/EIPConsoleFullAccess Describes the permissions to manage EIP in the console. v1 Yes
EIPConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/EIPConsoleReadOnlyAccess Describes the permissions to query EIP data in the console. v1 Yes

Details

Policy Policy document Permission
EIPFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "eip:*", "Resource": "*"}]} Describes the permissions to manage EIP through the API, for example, to manage EIPs and port mapping.
EIPReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["eip:Describe*", "eip:GetLines"], "Resource": "*"}]} Describes the permissions to query EIP data through the API, for example, to query links, EIPs, and port mapping.
EIPConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["eip:*","vpc:DescribeNetworkInterfaces","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to manage EIP in the console, for example, to manage EIPs and port mapping.
EIPConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["eip:Describe*","vpc:DescribeNetworkInterfaces","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to query EIP data in the console, for example, to query EIPs and port mapping.

Policies related to SLB

Overview

Policy Policy KRN Description Version Default or not
SLBFullAccess krn:ksc:iam::ksc:policy/SLBFullAccess Describes the permissions to manage SLB through the API. v1 Yes
SLBReadOnlyAccess krn:ksc:iam::ksc:policy/SLBReadOnlyAccess Describes the permissions to query SLB data through the API. v1 Yes
SLBConsoleFullAccess krn:ksc:iam::ksc:policy/SLBConsoleFullAccess Describes the permissions to manage SLB and EIP in the console. v1 Yes
SLBConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/SLBConsoleReadOnlyAccess Describes the permissions to query SLB data in the console. v1 Yes

Details

Policy Policy document Permission
SLBFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "slb:*", "Resource": "*"}]} Describes the permissions to manage SLB through the API, for example, to manage SLB instances, listeners, health checks, and backend servers.
SLBReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"slb:Describe*", "Resource": "*"}]} Describes the permissions to query SLB data through the API, for example, to query SLB instances, listeners, health checks, and backend servers.
SLBConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["slb:*","eip:*","vpc:DescribeNetworkInterfaces","vpc:DescribeVpcs","vpc:DescribeSubnets","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to manage SLB in the console, for example, to manage SLB instances, listeners, health checks, backend servers, EIPs, and port mapping.
SLBConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["slb:Describe*","eip:Describe*","vpc:DescribeNetworkInterfaces","vpc:DescribeVpcs","vpc:DescribeSubnets","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]} Describes the permissions to query SLB data in the console, for example, to query SLB instances, listeners, health checks, backend servers, EIPs, and port mapping.

Policies related to IAM

Overview

Policy Policy KRN Description Version Default or not
IAMFullAccess krn:ksc:iam::ksc:policy/IAMFullAccess Describes the permissions to manage IAM in the console and through the API. v1 Yes
IAMReadOnlyAccess krn:ksc:iam::ksc:policy/IAMReadOnlyAccess Describes the permissions to query IAM data in the console and through the API. v1 Yes

Details

Policy Policy document Permission
IAMFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "iam:*", "Resource": "*"}]} Describes the permissions to manage IAM in the console and through the API, for example, to manage IAM users, AccessKeys, and policies.
IAMReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["iam:Get*", "iam:List*"], "Resource": "*"}]} Describes the permissions to query IAM data in the console and through the API, for example, to query IAM users, AccessKeys, and policies.

Policies related to Elastic Physical Compute (EPC)

Overview

Policy Policy KRN Description Version Default or not
EPCFullAccess krn:ksc:iam::ksc:policy/EPCFullAccess Describes the permissions to manage EPC in the console and through the API. v1 Yes
EPCReadOnlyAccess krn:ksc:iam::ksc:policy/EPCReadOnlyAccess Describes the permissions to query EPC data in the console and through the API. v1 Yes

Details

Policy Policy document Permission
EPCFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "epc:*", "Resource": "*"}]} Describes the permissions to manage EPC in the console and through the API, for example, to manage the EPC lifecycle, subnets, and images.
EPCReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["epc:Get*", "epc:List*"], "Resource": "*"}]} Describes the permissions to query EPC data in the console and through the API, for example, to query EPC instances and images.

Policies related to KMR

Overview

Policy Policy KRN Description Version Default or not
KMRFullAccess krn:ksc:iam::ksc:policy/KMRFullAccess Describes the permissions to manage KMR in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KMRFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kmr:*", "Resource": "*"}]} Describes the permissions to manage KMR in the console and through the API, for example, to manage clusters, SSH keys, jobs, and EIPs.

Policies related to DNS

Overview

Policy Policy KRN Description Version Default or not
DNSFullAccess krn:ksc:iam::ksc:policy/DNSFullAccess Describes the permissions to manage DNS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
DNSFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "dns:*", "Resource": "*"}]} Describes the permissions to manage DNS in the console and through the API, for example, to manage domain names and DNS records.

Policies related to Web Application Firewall (WAF)

Overview

Policy Policy KRN Description Version Default or not
WAFFullAccess krn:ksc:iam::ksc:policy/WAFFullAccess Describes the permissions to manage WAF in the console and through the API. v1 Yes

Details

Policy Policy document Permission
WAFFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "waf:*", "Resource": "*"}]} Describes the permissions to manage WAF in the console and through the API.

Policies related to Kingsoft Cloud Advance Security (KAS)

Overview

Policy Policy KRN Description Version Default or not
KASFullAccess krn:ksc:iam::ksc:policy/KASFullAccess Describes the permissions to manage KAS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KASFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kas:*", "Resource": "*"}]} Describes the permissions to manage KAS in the console and through the API.

Policies related to Kingsoft Cloud Advanced Defense (KAD)

Overview

Policy Policy KRN Description Version Default or not
KADFullAccess krn:ksc:iam::ksc:policy/KADFullAccess Describes the permissions to manage KAD in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KADFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kad:*", "Resource": "*"}]} Describes the permissions to manage KAD in the console and through the API.

Policies related to KRDS

Overview

Policy Policy KRN Description Version Default or not
KRDSFullAccess krn:ksc:iam::ksc:policy/KRDSFullAccess Describes the permissions to manage KRDS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KRDSFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "krds:*", "Resource": "*"}]} Describes the permissions to manage KRDS in the console and through the API.

Policies related to Kingsoft Cloud Integrated Service (KIS)

Overview

Policy Policy KRN Description Version Default or not
KISFullAccess krn:ksc:iam::ksc:policy/KISFullAccess Describes the permissions to manage KIS in the console and through the API. v1 Yes

Details

Policy Policy document Permission
KISFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kis:*", "Resource": "*"}]} Describes the permissions to manage KIS in the console and through the API.

Policies related to Bandwidth Share (BWS)

Overview

Policy Policy KRN Description Version Default or not
BWSFullAccess krn:ksc:iam::ksc:policy/BWSFullAccess Describes the permissions to manage BWS through the API. v1 Yes
BWSReadOnlyAccess krn:ksc:iam::ksc:policy/BWSReadOnlyAccess Describes the permissions to query BWS data through the API. v1 Yes
BWSConsoleFullAccess krn:ksc:iam::ksc:policy/BWSConsoleFullAccess Describes the permissions to manage BWS in the console. v1 Yes
BWSConsoleReadOnlyAccess krn:ksc:iam::ksc:policy/BWSConsoleReadOnlyAccess Describes the permissions to query BWS data in the console. v1 Yes

Details

Policy Policy document Permission
BWSFullAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "bws:*", "Resource": "*"}]} Describes the permissions to manage BWS through the API, for example, to create or delete BWS instances and add or remove EIPs.
BWSReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"bws:Describe*", "Resource": "*"}]} Describes the permissions to query BWS data through the API.
BWSConsoleFullAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["bws:*","eip:*","vpc:DescribeInternetGateways","slb:DescribeLoadBalancers","epc:ListEpcs","kec:DescribeInstances"],"Resource":"*"}]} Describes the permissions to manage BWS in the console, for example, to manage BWS instances and EIPs.
BWSConsoleReadOnlyAccess {"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:Describe*","eip:Describe*","kec:DescribeInstances","epc:ListEpcs","slb:DescribeLoadBalancers"],"Resource":"*"}]} Describes the permissions to query BWS data in the console, for example, to query BWS instances, EIPs, SLB instances, and KEC instances.
On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback