Versions Compared

Old Version 115

changes.mady.by.user Prachi Damle

Saved on

compared with

New Version 116

changes.mady.by.user Min Chen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Other than that, customer should be able to define customized policies by grant or deny permission to customize permissions for the group. So far, for cross-account permission grant, we are currently supporting the following 3 types of granting/denying:

  • Grant by Domain and Resource Entity Type: grant permissions to all resources of the given resource entity type under the given domain.
  • Grant by Account and Resource Entity Type: grant permissions to all resources of the given resource entity type under the given account.
  • Grant by individual resource: grant permission to an individual resource.

Entity Type

Here are list of entity types supported by IAM model:

  • VirtualMachine
  • Volume
  • ResourceTag
  • AffinityGroup
  • AutoScalePolicy
  • AutoScaleVmProfile
  • AutoScaleVmGroup
  • Condition
  • Vpc
  • VpcGateway
  • VMSnapshot
  • VirtualMachineTemplate
  • StaticRoute
  • Snapshot
  • Site2SiteVpnGateway
  • Site2SiteCustomerGateway
  • Site2SiteVpnConnection
  • SecurityGroup
  • RemoteAccessVpn
  • ProjectInvitation
  • Network
  • IPAddress
  • InstanceGroup
  • GlobalLoadBalancerRule
  • FirewallRule
  • PortForwardingRule
  • Event

Permission

A policy consists of set of Permissions. A Permission is a way of defining access control.
Using Permission, customer defines what actions are allowed or denied, on what resources, under which account or domain.

...