安全云脑 SECMASTER-SecMaster权限管理:SecMaster FullAccess策略内容

时间:2024-11-21 15:42:06

SecMaster FullAccess策略内容

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "secmaster:*:*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:vpcs:list",
                "vpc:subnets:get",
                "vpcep:endpoints:*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "obs:bucket:ListBucketVersions"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:permissions:checkRoleForAgencyOnDomain",
                "iam:permissions:checkRoleForAgencyOnProject",
                "iam:permissions:checkRoleForAgency",
                "iam:permissions:grantRoleToAgency",
                "iam:permissions:grantRoleToAgencyOnDomain",
                "iam:permissions:grantRoleToAgencyOnProject",
                "iam:policies:*",
                "iam:agencies:*",
                "iam:roles:*",
                "iam:users:listUsers",
                "iam:tokens:assume"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "organizations:organizations:get",
                "organizations:delegatedAdministrators:list",
                "organizations:roots:list",
                "organizations:ous:list",
                "organizations:accounts:list"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "ecs:cloudServers:list"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "sts:agencies:assume"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "lts:log*:list*"
            ],
            "Effect": "Allow"
        }
    ]
}
support.huaweicloud.com/productdesc-secmaster/secmaster_01_0005.html