Note
A scope defines a set of actions that a client or user is authorized to perform.
1. Scopes
(1) Drive-related scopes
| Scope | Description |
|---|---|
| DRIVE.ALL | Perform all drive-related operations, such as creating, modifying, deleting, and querying drives. |
| DRIVE.CREATE | Create drives. |
| DRIVE.UPDATE | Modify drive information. |
| DRIVE.DELETE | Delete drives. |
| DRIVE.GET | Query drive information. |
| DRIVE.LIST | List drives. |
(2) Shared directory-related scopes
| Scope | Description |
|---|---|
| SHARE.ALL | Perform all shared folder-related operations, such as querying shared folder information, modifying shared folder information, and deleting shared folders. |
| SHARE.CREATE | Create shared folders. |
| SHARE.UPDATE | Modify shared folder information. |
| SHARE.DELETE | Delete shared folders. |
| SHARE.GET | Query shared folder information. |
| SHARE.LIST | List shared folders. |
(3) File-related scopes
| Scope | Description |
|---|---|
| FILE.ALL | Perform all file-related operations, such as creating, modifying, and deleting files. |
| FILE.MOVE | Move files. |
| FILE.COPY | Copy files. |
| FILE.DELETE | Delete files, permanently delete files from the recycle bin, and clear the recycle bin. |
| FILE.CREATE | Create files, obtain upload URLs, and complete upload. |
| FILE.UPDATE | Modify file information. |
| FILE.GET | Query file information and obtain download URLs. |
| FILE.LIST | List files in a drive and list files in the recycle bin. |
| FILE.RESTORE | Restore files in the recycle bin. |
(4) User-related scopes
| Scope | Description |
|---|---|
| USER.ALL | Perform all user-related operations, such as querying user information, modifying user attributes, and deleting users. |
| USER.UPDATE | Modify user attributes, including the status, description, nickname, and profile picture. |
| USER.UPDATE_ROLE | Change the role of a user. |
| USER.UPDATE_INFO | Change the nickname and profile picture of a user. |
| USER.GET | Query user information. |
| USER.LIST | List users. |
(5) OSS bucket-related scopes
| Scope | Description |
|---|---|
| STORAGE.ALL | Perform all Object Storage Service (OSS) bucket-related operations. Only the List operation is supported. |
| STORAGE.LIST | List OSS buckets. |
(6) Scopes related to files stored in OSS buckets
| Scope | Description |
|---|---|
| STORAGEFILE.ALL | Perform all operations on the files stored in an OSS bucket. Only the List operation is supported. |
| STORAGEFILE.LIST | List files in an OSS bucket. |
(7) Account-related scope
| Scope | Description |
|---|---|
| ACCOUNT.ALL | Perform all account-related operations, such as registering mobile numbers, changing passwords, and binding accounts to users. |
(8) OAuth-related scope
| Scope | Description |
|---|---|
| OAUTH.ALL | Access PDS by using third-party authentication based on OAuth. |
2. Preset roles
Note
PDS provides the following preset roles:
(1) superadmin
{
"actions": [
"DRIVE.ALL",
"SHARE.ALL",
"FILE.ALL",
"USER.ALL",
"STORAGE.ALL",
"STORAGEFILE.ALL",
"ACCOUNT.ALL",
"OAUTH.ALL"
],
"resources": ["*"]
}(2) admin
{
"actions": [
"DRIVE.ALL",
"SHARE.ALL",
"FILE.ALL",
"STORAGE.ALL",
"STORAGEFILE.ALL",
"USER.UPDATE_STATUS",
"USER.UPDATE_INFO"
"USER.GET",
"USER.LIST",
"ACCOUNT.ALL",
"OAUTH.ALL"
],
"resources": ["*"]
}(3) user
{
"actions": [
"DRIVE.GET",
"DRIVE.LIST",
"SHARE.ALL",
"FILE.ALL",
"USER.UPDATE_INFO",
"USER.GET",
"ACCOUNT.ALL",
"OAUTH.ALL"
],
"resources": ["/users/{user_id}/*"]
}