检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The organization administrator or delegated CTS administrator can apply the organization tracker to the entire organization for cloud audit, such as multi-account security audit.
Write instance * g:EnterpriseProjectId g:ResourceTag/<tag-key> swr:instance:getAuditLogs (Enterprise Edition) Grants permission to query audit logs of an instance.
Table 1 Actions supported by CTS Action Description Access Level Resource Type (*: required) Condition Key cts:trace:list Grants permission to query audit traces. list - - cts:tracker:create Grants permission to create a tracker. write - - cts:tracker:list Grants permission to query
permission_management instance g:EnterpriseProjectId g:ResourceTag/<tag-key> rds:binlog:setPolicy Grants permission to configure a binlog policy. permission_management instance g:EnterpriseProjectId g:ResourceTag/<tag-key> rds:auditlog:operate Grants permission to configure an audit
/audit/quota dbss::listCommonInfo - GET /v1/{project_id}/dbss/audit/specification dbss::listCommonInfo - GET /v2/{project_id}/dbss/audit/availability-zone dbss::listCommonInfo - POST /v1/{project_id}/{instance_id}/dbss/audit/operate-log dbss:auditInstance:listOperateLog - POST /v1
write cluster * g:ResourceTag/<tag-key> g:EnterpriseProjectId dws:cluster:resetPassword Grants the permission to reset the password of a GaussDB(DWS) cluster. write cluster * g:ResourceTag/<tag-key> g:EnterpriseProjectId dws:cluster:listAuditLog Grants the permission to view the audit
logs. permission_management instance - dds:instance:getAuditLogPolicy Grants permission to query the policy for audit logs. list instance - dds:instance:listAuditLog Grants permission to query audit logs. list instance - dds:instance:listSlowLog Grants permission to query slow query
playbook:listApproves Grants the permission to query the playbook review list. list playbook * - secmaster:playbook:listInstances Grants the permission to query the playbook instance list. list playbook * - secmaster:playbook:getInstanceAuditlog Grants the permission to query the audit
Native Anti-DDoS Advanced (CNAD) Packages Cloud Service Engine (CSE) Engine Cloud Secret Management Service (CSMS) Secret Cloud Search Service (CSS) Clusters Log stream Repository Cloud Trace Service (CTS) Trackers DataArts Studio Instances Workspace Database Security Service (DBSS) Audit
Permissions management instance * g:EnterpriseProjectId gaussdbformysql:auditlog:list Grants permission to query audit logs. List instance * g:EnterpriseProjectId gaussdbformysql:backup:create Grants permission to create a manual backup.
This section describes how to aggregate operation audit logs of multiple accounts in an organization into the log archive account using an Organizations' trusted service.