All Documents

Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Content is empty

If you don't find the content you expect, please try another search term

Identity and Access Management

View more results

Document title with current keyword not found

Directory

Expand AllFold All Up

Networking
Security

Storage&CDN
Database
Legal
- Legal
ActionTrail
- ActionTrail
- Kingsoft Cloud International Business

Video Services
Data Analysis
- MapReduce (KMR)
- Kingsoft Cloud Log Service
Account Management
- Identity and Access Management
- Account Management

No products found with this keyword

Documentation

Identity and Access Management

Permission Policy Management

Global system policies

Global system policies

Last updated：2021-10-29 17:57:34

The following tables describe the built-in global system policies of Kingsoft Cloud.

Policies irrelevant to services

Overview

Policy	Policy KRN	Description	Version	Default or not
AdministratorAccess	krn:ksc:iam::ksc:policy/AdministratorAccess	Describes management permissions of a system administrator, which are maximum permissions.	v1	Yes

Details

Policy	Policy document	Permission
AdministratorAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "", "Resource": ""}]}`	Describes the permissions to manage all services of Kingsoft Cloud, such as KEC, Elastic IP (EIP), Virtual Private Cloud (VPC), Server Load Balancing (SLB), Content Delivery Network (CDN), Kingsoft Cloud MapReduce (KMR), IAM, and Kingsoft Cloud Relational Database Service (KRDS).

Policies related to CDN

Overview

Policy	Policy KRN	Description	Version	Default or not
CDNFullAccess	krn:ksc:iam::ksc:policy/CDNFullAccess	Describes the permissions to manage CDN.	v1	Yes
CDNReadOnlyAccess	krn:ksc:iam::ksc:policy/CDNReadOnlyAccess	Describes the permissions to query CDN data.	v1	Yes

Details

Policy	Policy document	Permission
CDNFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "cdn:", "Resource": ""}]}`	Describes the permissions to manage CDN, for example, to manage refreshing, preloading, traffic and bandwidth, real-time hit rate and status code, and user quota.
CDNReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":[ "cdn:Get", "cdn:List"], "Resource": "*"}]}`	Describes the permissions to query CDN data, for example, to query the refreshed CND nodes and their details, preloaded CND nodes and their details, traffic and bandwidth, real-time hit rate and status code, user quota, and quota usage.

Policies related to KEC

Overview

Policy	Policy KRN	Description	Version	Default or not
KECAdminFullAccess	krn:ksc:iam::ksc:policy/KECAdminFullAccess	Describes the permissions to manage KEC.	v1	Yes
KECFullAccess	krn:ksc:iam::ksc:policy/KECFullAccess	Describes the permissions to manage KEC through the API.	v1	Yes
KECReadOnlyAccess	krn:ksc:iam::ksc:policy/KECReadOnlyAccess	Describes the permissions to query KEC data through the API.	v1	Yes

Details

Policy	Policy document	Permission
KECAdminFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kec:", "Resource": ""},{"Effect": "Allow", "Action": "vpc:", "Resource": ""},{"Effect": "Allow", "Action": "slb:", "Resource": ""},{"Effect": "Allow", "Action": "eip:", "Resource": ""} ]}`	Describes the permissions to manage KEC, for example, to manage KEC instances, VPCs, SLB instances, and EIPs.
KECFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kec:", "Resource": ""}]}`	Describes the permissions to manage KEC through the API, for example, to manage instances and images, and modify network interface attributes.
KECReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"kec:Describe", "Resource": ""}]}`	Describes the permissions to query KEC data through the API, for example, to query the instance and image information.

Policies related to VPC

Overview

Policy	Policy KRN	Description	Version	Default or not
VPCFullAccess	krn:ksc:iam::ksc:policy/VPCFullAccess	Describes the permissions to manage VPC through the API.	v1	Yes
VPCReadOnlyAccess	krn:ksc:iam::ksc:policy/VPCReadOnlyAccess	Describes the permissions to query VPC data through the API.	v1	Yes
VPCConsoleFullAccess	krn:ksc:iam::ksc:policy/VPCConsoleFullAccess	Describes the permissions to manage VPC and EIP in the console.	v1	Yes
VPCConsoleReadOnlyAccess	krn:ksc:iam::ksc:policy/VPCConsoleReadOnlyAccess	Describes the permissions to query VPC data in the console.	v1	Yes

Details

Policy	Policy document	Permission
VPCFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "vpc:", "Resource": ""}]}`	Describes the permissions to manage VPC through the API, for example, to manage VPCs, subnets, routes, network access control lists (ACLs), Network Address Translation (NAT) settings, tunnels, and peer connections.
VPCReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"vpc:Describe", "Resource": ""}]}`	Describes the permissions to query VPC data through the API, for example, to query VPCs, subnets, routes, network ACLs, and NAT settings.
VPCConsoleFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:","eip:","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]}`	Describes the permissions to manage VPC in the console, for example, to manage VPCs, subnets, routes, network ACLs, NAT settings, tunnels, peer connections, EIPs, and port mapping.
VPCConsoleReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:Describe","eip:Describe","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]}`	Describes the permissions to query VPC data in the console, for example, to query VPCs, subnets, routes, network ACLs, NAT settings, EIPs, and port mapping.

Policies related to EIP

Overview

Policy	Policy KRN	Description	Version	Default or not
EIPFullAccess	krn:ksc:iam::ksc:policy/EIPFullAccess	Describes the permissions to manage EIP through the API.	v1	Yes
EIPReadOnlyAccess	krn:ksc:iam::ksc:policy/EIPReadOnlyAccess	Describes the permissions to query EIP data through the API.	v1	Yes
EIPConsoleFullAccess	krn:ksc:iam::ksc:policy/EIPConsoleFullAccess	Describes the permissions to manage EIP in the console.	v1	Yes
EIPConsoleReadOnlyAccess	krn:ksc:iam::ksc:policy/EIPConsoleReadOnlyAccess	Describes the permissions to query EIP data in the console.	v1	Yes

Details

Policy	Policy document	Permission
EIPFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "eip:", "Resource": ""}]}`	Describes the permissions to manage EIP through the API, for example, to manage EIPs and port mapping.
EIPReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["eip:Describe", "eip:GetLines"], "Resource": ""}]}`	Describes the permissions to query EIP data through the API, for example, to query links, EIPs, and port mapping.
EIPConsoleFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["eip:","vpc:DescribeNetworkInterfaces","kec:DescribeInstances","epc:ListEpcs"],"Resource":""}]}`	Describes the permissions to manage EIP in the console, for example, to manage EIPs and port mapping.
EIPConsoleReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["eip:Describe","vpc:DescribeNetworkInterfaces","kec:DescribeInstances","epc:ListEpcs"],"Resource":""}]}`	Describes the permissions to query EIP data in the console, for example, to query EIPs and port mapping.

Policies related to SLB

Overview

Policy	Policy KRN	Description	Version	Default or not
SLBFullAccess	krn:ksc:iam::ksc:policy/SLBFullAccess	Describes the permissions to manage SLB through the API.	v1	Yes
SLBReadOnlyAccess	krn:ksc:iam::ksc:policy/SLBReadOnlyAccess	Describes the permissions to query SLB data through the API.	v1	Yes
SLBConsoleFullAccess	krn:ksc:iam::ksc:policy/SLBConsoleFullAccess	Describes the permissions to manage SLB and EIP in the console.	v1	Yes
SLBConsoleReadOnlyAccess	krn:ksc:iam::ksc:policy/SLBConsoleReadOnlyAccess	Describes the permissions to query SLB data in the console.	v1	Yes

Details

Policy	Policy document	Permission
SLBFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "slb:", "Resource": ""}]}`	Describes the permissions to manage SLB through the API, for example, to manage SLB instances, listeners, health checks, and backend servers.
SLBReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"slb:Describe", "Resource": ""}]}`	Describes the permissions to query SLB data through the API, for example, to query SLB instances, listeners, health checks, and backend servers.
SLBConsoleFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["slb:","eip:","vpc:DescribeNetworkInterfaces","vpc:DescribeVpcs","vpc:DescribeSubnets","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]}`	Describes the permissions to manage SLB in the console, for example, to manage SLB instances, listeners, health checks, backend servers, EIPs, and port mapping.
SLBConsoleReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["slb:Describe","eip:Describe","vpc:DescribeNetworkInterfaces","vpc:DescribeVpcs","vpc:DescribeSubnets","kec:DescribeInstances","epc:ListEpcs"],"Resource":"*"}]}`	Describes the permissions to query SLB data in the console, for example, to query SLB instances, listeners, health checks, backend servers, EIPs, and port mapping.

Policies related to IAM

Overview

Policy	Policy KRN	Description	Version	Default or not
IAMFullAccess	krn:ksc:iam::ksc:policy/IAMFullAccess	Describes the permissions to manage IAM in the console and through the API.	v1	Yes
IAMReadOnlyAccess	krn:ksc:iam::ksc:policy/IAMReadOnlyAccess	Describes the permissions to query IAM data in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
IAMFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "iam:", "Resource": ""}]}`	Describes the permissions to manage IAM in the console and through the API, for example, to manage IAM users, AccessKeys, and policies.
IAMReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["iam:Get", "iam:List"], "Resource": "*"}]}`	Describes the permissions to query IAM data in the console and through the API, for example, to query IAM users, AccessKeys, and policies.

Policies related to Elastic Physical Compute (EPC)

Overview

Policy	Policy KRN	Description	Version	Default or not
EPCFullAccess	krn:ksc:iam::ksc:policy/EPCFullAccess	Describes the permissions to manage EPC in the console and through the API.	v1	Yes
EPCReadOnlyAccess	krn:ksc:iam::ksc:policy/EPCReadOnlyAccess	Describes the permissions to query EPC data in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
EPCFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "epc:", "Resource": ""}]}`	Describes the permissions to manage EPC in the console and through the API, for example, to manage the EPC lifecycle, subnets, and images.
EPCReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":["epc:Get", "epc:List"], "Resource": "*"}]}`	Describes the permissions to query EPC data in the console and through the API, for example, to query EPC instances and images.

Policies related to KMR

Overview

Policy	Policy KRN	Description	Version	Default or not
KMRFullAccess	krn:ksc:iam::ksc:policy/KMRFullAccess	Describes the permissions to manage KMR in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
KMRFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kmr:", "Resource": ""}]}`	Describes the permissions to manage KMR in the console and through the API, for example, to manage clusters, SSH keys, jobs, and EIPs.

Policies related to DNS

Overview

Policy	Policy KRN	Description	Version	Default or not
DNSFullAccess	krn:ksc:iam::ksc:policy/DNSFullAccess	Describes the permissions to manage DNS in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
DNSFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "dns:", "Resource": ""}]}`	Describes the permissions to manage DNS in the console and through the API, for example, to manage domain names and DNS records.

Policies related to Web Application Firewall (WAF)

Overview

Policy	Policy KRN	Description	Version	Default or not
WAFFullAccess	krn:ksc:iam::ksc:policy/WAFFullAccess	Describes the permissions to manage WAF in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
WAFFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "waf:", "Resource": ""}]}`	Describes the permissions to manage WAF in the console and through the API.

Policies related to Kingsoft Cloud Advance Security (KAS)

Overview

Policy	Policy KRN	Description	Version	Default or not
KASFullAccess	krn:ksc:iam::ksc:policy/KASFullAccess	Describes the permissions to manage KAS in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
KASFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kas:", "Resource": ""}]}`	Describes the permissions to manage KAS in the console and through the API.

Policies related to Kingsoft Cloud Advanced Defense (KAD)

Overview

Policy	Policy KRN	Description	Version	Default or not
KADFullAccess	krn:ksc:iam::ksc:policy/KADFullAccess	Describes the permissions to manage KAD in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
KADFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kad:", "Resource": ""}]}`	Describes the permissions to manage KAD in the console and through the API.

Policies related to KRDS

Overview

Policy	Policy KRN	Description	Version	Default or not
KRDSFullAccess	krn:ksc:iam::ksc:policy/KRDSFullAccess	Describes the permissions to manage KRDS in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
KRDSFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "krds:", "Resource": ""}]}`	Describes the permissions to manage KRDS in the console and through the API.

Policies related to Kingsoft Cloud Integrated Service (KIS)

Overview

Policy	Policy KRN	Description	Version	Default or not
KISFullAccess	krn:ksc:iam::ksc:policy/KISFullAccess	Describes the permissions to manage KIS in the console and through the API.	v1	Yes

Details

Policy	Policy document	Permission
KISFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "kis:", "Resource": ""}]}`	Describes the permissions to manage KIS in the console and through the API.

Policies related to Bandwidth Share (BWS)

Overview

Policy	Policy KRN	Description	Version	Default or not
BWSFullAccess	krn:ksc:iam::ksc:policy/BWSFullAccess	Describes the permissions to manage BWS through the API.	v1	Yes
BWSReadOnlyAccess	krn:ksc:iam::ksc:policy/BWSReadOnlyAccess	Describes the permissions to query BWS data through the API.	v1	Yes
BWSConsoleFullAccess	krn:ksc:iam::ksc:policy/BWSConsoleFullAccess	Describes the permissions to manage BWS in the console.	v1	Yes
BWSConsoleReadOnlyAccess	krn:ksc:iam::ksc:policy/BWSConsoleReadOnlyAccess	Describes the permissions to query BWS data in the console.	v1	Yes

Details

Policy	Policy document	Permission
BWSFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action": "bws:", "Resource": ""}]}`	Describes the permissions to manage BWS through the API, for example, to create or delete BWS instances and add or remove EIPs.
BWSReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect": "Allow", "Action":"bws:Describe", "Resource": ""}]}`	Describes the permissions to query BWS data through the API.
BWSConsoleFullAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["bws:","eip:","vpc:DescribeInternetGateways","slb:DescribeLoadBalancers","epc:ListEpcs","kec:DescribeInstances"],"Resource":"*"}]}`	Describes the permissions to manage BWS in the console, for example, to manage BWS instances and EIPs.
BWSConsoleReadOnlyAccess	`{"Version":"2015-11-01","Statement":[{"Effect":"Allow","Action":["vpc:Describe","eip:Describe","kec:DescribeInstances","epc:ListEpcs","slb:DescribeLoadBalancers"],"Resource":"*"}]}`	Describes the permissions to query BWS data in the console, for example, to query BWS instances, EIPs, SLB instances, and KEC instances.

On this page

Previous:Permission evaluation logic

Next:Create a custom policy

Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen

Feedback