Wei, Hongmin
d48c6004e4
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com> Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
38 KiB
IAM Operations That Can Be Recorded by CTS
Table 1 lists Identity and Access Management (IAM) operations that can be recorded by Cloud Trace Service (CTS).
Operation |
Resource Type |
Trace Name |
|---|---|---|
Login |
user |
login |
Login failure |
user |
loginfailed |
Logout |
user |
logout |
Changing the password at first login (by an IAM user) |
user |
changePassword |
QR code login |
user |
scanQRCodeLogin |
QR code login failure |
user |
scanQRCodeLoginFailed |
OIDC login |
user |
oidcLoginSuccess |
OIDC login failure |
user |
oidcLoginFailed |
SSO login |
user |
iamUserSsoLoginSuccess |
SSO login failure |
user |
iamUserSsoLoginFailed |
Creating a user |
user |
createUser |
Modifying a user |
user |
updateUser |
Deleting a user |
user |
deleteUser |
Creating an access key (AK/SK) |
user |
createCredential |
Deleting an access key (AK/SK) |
user |
deleteCredential |
Changing the password |
user |
updateUserPwd |
Successful login using cached information as a federated user |
user |
federationLoginNoPwdSuccess |
Login failed using cached information as a federated user |
user |
federationLoginNoPwdFailed |
TSI login |
user |
tsiLogin |
Creating a user group |
userGroup |
createGroup |
Updating a user group |
userGroup |
updateGroup |
Deleting a user group |
userGroup |
deleteGroup |
Adding a user to a user group |
userGroup |
addUserToGroup |
Removing a user from a user group |
userGroup |
removeUserFromGroup |
Unbinding a virtual MFA device |
MFA |
UnBindMFA |
Binding a virtual MFA device |
MFA |
BindMFA |
Creating a project |
project |
createProject |
Deleting a project |
project |
deleteProject |
Modifying project information |
project |
updateProject |
Granting permissions to an agency based on project information |
roleAgencyProject |
assignRoleToAgencyOnProject |
Canceling permissions of an agency based on project information |
roleAgencyProject |
unassignRoleToAgencyOnProject |
Creating an agency |
agency |
createAgency |
Modifying an agency |
agency |
updateAgency |
Deleting an agency |
agency |
deleteAgency |
Switching an agency |
agency |
switchRole |
Registering an identity provider |
identityProvider |
createIdentityProvider |
Updating an identity provider |
identityProvider |
updateIdentityProvider |
Deleting an identity provider |
identityProvider |
deleteIdentityProvider |
Updating the login authentication policy |
SecurityPolicy |
modifySecurityPolicy |
Updating the password policy |
SecurityPolicy |
modifySecurityPolicy |
Updating the ACL |
SecurityPolicy |
modifySecurityPolicy |
Granting permissions to an agency for all projects |
agency |
updateAgencyInheritedGrants |
Removing permissions of an agency in all projects |
agency |
deleteAgencyInheritedGrants |
Granting permissions to an agency for global services |
agency |
updateAgencyGrants |
Removing permissions of an agency for global services |
agency |
deleteAgencyGrants |
Granting permissions to a user group |
assignment |
createAssignment |
Removing permissions from a user group |
assignment |
deleteAssignment |
Registering a protocol for federated login |
identityProvider |
createProtocol |
Updating a protocol for federated login |
identityProvider |
updateProtocol |
Deleting a protocol for federated login |
identityProvider |
deleteProtocol |
Modifying the login protection configuration of an IAM user |
user |
modifyLoginProtect |
Importing a metadata file |
identityProvider |
metadataConfiguration |
Creating a virtual MFA device |
MFA |
createMFA |
Deleting a virtual MFA device |
MFA |
deleteMFA |
Creating an OpenID Connect identity provider |
identityProvider |
createOIDCConfiguration |
Modifying an OpenID Connect identity provider |
identityProvider |
updateOIDCConfiguration |
Changing the email address or mobile number |
user |
updateMobileAndEmail |
Updating user group permissions |
group |
updateGroupAssignsByRole |
Updating agency permissions |
agency |
updateAgencyAssignsByRole |
Creating a custom policy |
Policy |
createRole |
Updating a custom policy |
Policy |
updateRole |
Deleting a custom policy |
Policy |
deleteRole |
Granting permissions to an agency based on domain information |
roleAgencyDomain |
assignRoleToAgencyOnDomain |
Canceling permissions of an agency based on domain information |
roleAgencyDomain |
unassignRoleToAgencyOnDomain |
Successful initial login as a federated user |
user |
tenantLoginBySamlSuccess |
Registering a mapping |
mapping |
createMapping |
Updating a mapping |
mapping |
updateMapping |
Deleting a mapping |
mapping |
deleteMapping |
Registering a protocol |
protocol |
createProtocol |
Updating a protocol |
protocol |
updateProtocol |
Changing the mobile number using an email |
user |
changeMobileByEmail |
Changing the password using an email |
user |
updateUserPwdByEmail |
Modifying agency permissions on the console |
agency |
updateagenciesRolesByConsole |