diff --git a/docs/iam/api-ref/ALL_META.TXT.json b/docs/iam/api-ref/ALL_META.TXT.json index 5dac3b94..e0f94847 100644 --- a/docs/iam/api-ref/ALL_META.TXT.json +++ b/docs/iam/api-ref/ALL_META.TXT.json @@ -153,7 +153,7 @@ "uri":"en-us_topic_0064274720.html", "product_code":"iam", "code":"16", - "des":"This API is used to obtain an agency token. For example, after a trust relationship is established between A (deleting party) and B (delegated party), the delegated party", + "des":"This API is used to obtain an agency token. For example, after a trust relationship is established between A (delegating party) and B (delegated party), the delegated par", "doc_type":"api", "kw":"Obtaining an Agency Token,Token Management,API Reference", "title":"Obtaining an Agency Token", @@ -705,8 +705,8 @@ "code":"71", "des":"This API is used to query the user groups to which a specified role has been assigned.URI formatGET /v3/role_assignments{?role.id,user.id,group.id,scope.project.id,scope.", "doc_type":"api", - "kw":"Querying Role Assignments,Permission Management,API Reference", - "title":"Querying Role Assignments", + "kw":"Querying Role Assignments (Discarded),Permission Management,API Reference", + "title":"Querying Role Assignments (Discarded)", "githuburl":"" }, { diff --git a/docs/iam/api-ref/CLASS.TXT.json b/docs/iam/api-ref/CLASS.TXT.json index 12bc70f7..5d4f8f83 100644 --- a/docs/iam/api-ref/CLASS.TXT.json +++ b/docs/iam/api-ref/CLASS.TXT.json @@ -135,7 +135,7 @@ "code":"15" }, { - "desc":"This API is used to obtain an agency token. For example, after a trust relationship is established between A (deleting party) and B (delegated party), the delegated party", + "desc":"This API is used to obtain an agency token. For example, after a trust relationship is established between A (delegating party) and B (delegated party), the delegated par", "product_code":"iam", "title":"Obtaining an Agency Token", "uri":"en-us_topic_0064274720.html", @@ -632,7 +632,7 @@ { "desc":"This API is used to query the user groups to which a specified role has been assigned.URI formatGET /v3/role_assignments{?role.id,user.id,group.id,scope.project.id,scope.", "product_code":"iam", - "title":"Querying Role Assignments", + "title":"Querying Role Assignments (Discarded)", "uri":"iam_11_0003.html", "doc_type":"api", "p_code":"68", diff --git a/docs/iam/api-ref/en-us_topic_0057845564.html b/docs/iam/api-ref/en-us_topic_0057845564.html index b9bd4dec..5f3918ae 100644 --- a/docs/iam/api-ref/en-us_topic_0057845564.html +++ b/docs/iam/api-ref/en-us_topic_0057845564.html @@ -8,7 +8,13 @@ -

2023-07-20

+

2023-09-14

+ +

This release incorporates the following change:

+

Modified examples in Obtaining a Temporary AK/SK.

+ + +

2023-07-20

This release incorporates the following changes:

@@ -77,7 +83,7 @@

2020-07-01

This release incorporates the following change:

-
Added the following sections: +
Added the following sections:
@@ -96,7 +102,7 @@

2019-01-09

This release incorporates the following changes:

- +

2018-10-08

diff --git a/docs/iam/api-ref/en-us_topic_0057845579.html b/docs/iam/api-ref/en-us_topic_0057845579.html index 1efcfc9c..1a260d4a 100644 --- a/docs/iam/api-ref/en-us_topic_0057845579.html +++ b/docs/iam/api-ref/en-us_topic_0057845579.html @@ -8,7 +8,7 @@
  • Querying Role Details
    • -
  • Querying Role Assignments
    +
  • Querying Role Assignments (Discarded)
  • Querying Permissions of a User Group Under a Domain
    • diff --git a/docs/iam/api-ref/en-us_topic_0057845583.html b/docs/iam/api-ref/en-us_topic_0057845583.html index f67a0260..c6487ffa 100644 --- a/docs/iam/api-ref/en-us_topic_0057845583.html +++ b/docs/iam/api-ref/en-us_topic_0057845583.html @@ -2,7 +2,7 @@

    Obtaining a User Token

    Function

    This API is used to obtain a token through username/password authentication. A token is a system object encapsulating the identity and permissions of a user. When calling the APIs of IAM or other cloud services, you can use this API to obtain a token for authentication.

    -
    The validity period of a token is 24 hours. Cache the token to prevent frequent API calling. Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures. Obtaining a new token does not affect the validity of the existing token. The following operations will invalidate the existing token. After these operations are performed, obtain a new token.
    • Changing the password or access key of your account or an IAM user: The token of your account or the user is invalidated.
    • Deleting or disabling an IAM user: The token of the user is invalidated.
    • Changing the permissions of an IAM user: The token of the user is invalidated. For example, when the user is added to or removed from a user group, or when permissions of the group to which the user belongs are modified.
    +
    Tokens are valid for 24 hours and you can cache them to reduce the number of API calls needed. Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures. Obtaining a new token does not affect the validity of the existing token. The following operations will invalidate the existing token. After these operations are performed, obtain a new token.
    • Changing the password or access key of your account or an IAM user: The token of your account or the user is invalidated.
    • Deleting or disabling an IAM user: The token of the user is invalidated.
    • Changing the permissions of an IAM user: The token of the user is invalidated. For example, when the user is added to or removed from a user group, or when permissions of the group to which the user belongs are modified.
    @@ -335,7 +335,7 @@
    -
  • Example response
    The following is a sample request for obtaining a token for user A. The login password of the user is ********** and the domain name is domain A. The scope of the token is domain.
    Token information stored in the response header:
+
  • Example response
    The following is a sample request for obtaining a token for user A. The login password of the user is ********** and the domain name is domain A. The scope of the token is domain.
    Token information stored in the response header:
 X-Subject-Token:MIIDkgYJKoZIhvcNAQcCoIIDgzCCA38CAQExDTALBglghkgBZQMEAgEwgXXXXX...
 
 Token information stored in the response body:
diff --git a/docs/iam/api-ref/en-us_topic_0064274720.html b/docs/iam/api-ref/en-us_topic_0064274720.html
index 508d5840..1b13fad1 100644
--- a/docs/iam/api-ref/en-us_topic_0064274720.html
+++ b/docs/iam/api-ref/en-us_topic_0064274720.html
@@ -1,7 +1,7 @@
 
 
 
    Obtaining an Agency Token
    
-
    Function
    This API is used to obtain an agency token. For example, after a trust relationship is established between A (deleting party) and B (delegated party), the delegated party B can use this API to obtain an agency token to manage A's resources that B is delegated to manage. However, B cannot use this agency token to manage its own resources. To do so, B needs to obtain a user token by referring to Obtaining a User Token.
    
+
    Function
    This API is used to obtain an agency token. For example, after a trust relationship is established between A (delegating party) and B (delegated party), the delegated party B can use this API to obtain an agency token to manage A's resources that B is delegated to manage. However, B cannot use this agency token to manage its own resources. To do so, B needs to obtain a user token by referring to Obtaining a User Token.
    
 
     
    The validity period of a token is 24 hours. Cache the token to prevent frequent API calling. Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures. Obtaining a new token does not affect the validity of the existing token. 
    
 
    
 
    
diff --git a/docs/iam/api-ref/en-us_topic_0066154565.html b/docs/iam/api-ref/en-us_topic_0066154565.html
index ca58b3b8..15a36168 100644
--- a/docs/iam/api-ref/en-us_topic_0066154565.html
+++ b/docs/iam/api-ref/en-us_topic_0066154565.html
@@ -90,7 +90,7 @@
    • -
    • Example request
      curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X POST –d '{"project":{"domain_id":"acf2ffabba974fae8f30378ffde2c...","name":"region_test1"}}' https://sample.domain.com/v3/projects
      +
      • Example request
        curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X POST -d '{"project":{"domain_id":"acf2ffabba974fae8f30378ffde2c...","name":"region_test1"}}' https://sample.domain.com/v3/projects

    Response Parameters

    Example response

    diff --git a/docs/iam/api-ref/en-us_topic_0097949518.html b/docs/iam/api-ref/en-us_topic_0097949518.html index 3278f10b..5f884164 100644 --- a/docs/iam/api-ref/en-us_topic_0097949518.html +++ b/docs/iam/api-ref/en-us_topic_0097949518.html @@ -193,7 +193,7 @@ "assume_role": { "domain_id": "411edb4b634144f587ffc88f9bbdxxx", "xrole_name": "testagency", - "duration_seconds": "3600" + "duration_seconds": 3600 } } } @@ -207,7 +207,7 @@ ], "token": { "id": "MIIDkgYJKoZIhvcNAQcCoIIDgzCCA38CAQExDTALBglghkgBZQMEAgEwgXXXXX...", - "duration_seconds": "900" + "duration_seconds": 900 } } } diff --git a/docs/iam/api-ref/iam_01_0008.html b/docs/iam/api-ref/iam_01_0008.html index 6c164a09..e292a8c4 100644 --- a/docs/iam/api-ref/iam_01_0008.html +++ b/docs/iam/api-ref/iam_01_0008.html @@ -325,7 +325,7 @@

    Provided for the administrator to query permission information.

    -

    Querying Role Assignments

    +

    Querying Role Assignments (Discarded)

    Query the user groups to which a specified role has been assigned.

    diff --git a/docs/iam/api-ref/iam_02_0006.html b/docs/iam/api-ref/iam_02_0006.html index 43710f1a..65dbbc5c 100644 --- a/docs/iam/api-ref/iam_02_0006.html +++ b/docs/iam/api-ref/iam_02_0006.html @@ -746,7 +746,7 @@

    The length [input uri length] of a resource URI exceeds 1,500 characters.

    -

    A resource URI contains more than 1500 characters.

    +

    A resource URI contains more than 1,500 characters.

    Check the length of each resource URI.

    diff --git a/docs/iam/api-ref/iam_10_0011.html b/docs/iam/api-ref/iam_10_0011.html index 5125be6b..e6f8169f 100644 --- a/docs/iam/api-ref/iam_10_0011.html +++ b/docs/iam/api-ref/iam_10_0011.html @@ -311,7 +311,7 @@

    Array of strings

    -

    Specific operation permissions on a resource. For details about supported actions, see "Permissions and Supported Actions" in the API Reference of cloud services.

    +

    Specific operation permissions on a resource. A maximum of 100 actions are allowed. For details about supported actions, see "Permissions Policies and Supported Actions" in the API Reference of cloud services.

    NOTE:
    • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
    • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
    • In the case of a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].
    @@ -329,7 +329,7 @@

    Object

    -

    Conditions for the permission to take effect. For details, see .

    +

    Conditions for the permission to take effect. A maximum of 10 conditions are allowed. For details, see "Creating a Custom Policy" in the Identity and Access Management User Guide.

    NOTE:

    Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals).

     "Condition": {
               "StringEquals": {
@@ -345,7 +345,7 @@
 
 
    Array of strings
    
 
-
    Cloud resource. 
    
+
    Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.
    
 
     NOTE: 
    • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
    • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
    • In the case of a custom policy for agencies, the type of this parameter is Object, and the value should be set to "Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}.
    
 
    
 
diff --git a/docs/iam/api-ref/iam_11_0003.html b/docs/iam/api-ref/iam_11_0003.html
index b981dead..a4df3460 100644
--- a/docs/iam/api-ref/iam_11_0003.html
+++ b/docs/iam/api-ref/iam_11_0003.html
@@ -1,6 +1,6 @@
 
 
-
    Querying Role Assignments
    
+
    Querying Role Assignments (Discarded)
    
 
    Function
    This API is used to query the user groups to which a specified role has been assigned.
    
 
    
 
    URI
    • URI format
      GET /v3/role_assignments{?role.id,user.id,group.id,scope.project.id,scope.domain.id, scope.OS-INHERIT:inherited_to,include_subtree}