vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/api-ref/iam_10_0011.html
Wei, Hongmin bdc1f338a2 IAM API 0816 Version 
Reviewed-by: Gladkov, Maksim <mgladkov@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com>
Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
2024-10-17 13:19:12 +00:00

440 lines
39 KiB
HTML
Raw Blame History

<a name="iam_10_0011"></a><a name="iam_10_0011"></a>
<h1 class="topictitle1">Querying All Permissions of a User Group</h1>
<div id="body8662426"><div class="section" id="iam_10_0011__en-us_topic_0289135272_section8222111312493"><h4 class="sectiontitle">Function</h4><p id="iam_10_0011__en-us_topic_0289135272_p114531116551">This API is provided for the administrator to query all permissions that have been assigned to a user group.</p>
</div>
<div class="section" id="iam_10_0011__en-us_topic_0289135272_section102251413164917"><h4 class="sectiontitle">URI</h4><p id="iam_10_0011__en-us_topic_0289135272_p4461181374918">GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table17226191317496" frame="border" border="1" rules="all"><caption><b>Table 1 </b>URI parameters</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row144612135493"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p6461181384911">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p17461121344919">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.2.3.2.5.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p9461113204913">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.2.3.2.5.1.4"><p id="iam_10_0011__en-us_topic_0289135272_p046117135492">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row34611113124917"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p204611013104919">domain_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p154611113114914">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p2461131314918">String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.3.2.5.1.4 "><p id="iam_10_0011__en-us_topic_0289135272_p64613139495">Domain ID. For details about how to obtain the ID, see <a href="en-us_topic_0057845624.html">Obtaining User, Account, User Group, Project, and Agency Information</a>.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row3461713124916"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p184612138499">group_id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p1946116136491">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.2.3.2.5.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p194612134494">String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.3.2.5.1.4 "><p id="iam_10_0011__en-us_topic_0289135272_p3461171313490">User group ID. For details about how to obtain a user group ID, see <a href="en-us_topic_0057845624.html">Obtaining User, Account, User Group, Project, and Agency Information</a>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="iam_10_0011__en-us_topic_0289135272_section22360138492"><h4 class="sectiontitle">Request Parameters</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table172371413144910" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters in the request header</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row19461161334918"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p104611813204913">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p5461101317496">Mandatory</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.5.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p8461181374914">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.3.2.2.5.1.4"><p id="iam_10_0011__en-us_topic_0289135272_p3461161318499">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row546119137493"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p16461913144919">X-Auth-Token</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p1846141310492">Yes</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.5.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p114626131493">String</p>
</td>
<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.3.2.2.5.1.4 "><p id="iam_10_0011__en-us_topic_0289135272_p1646215138496">Token with <strong id="iam_10_0011__en-us_topic_0289135272_b8273633175211">Security Administrator</strong> permissions.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="iam_10_0011__en-us_topic_0289135272_section32419134495"><h4 class="sectiontitle">Response Parameters</h4><p id="iam_10_0011__en-us_topic_0289135272_p16462191314919"><strong id="iam_10_0011__en-us_topic_0289135272_b13421029113919">Status code: 200</strong></p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table024231319491" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Parameters in the response body</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row15462013184917"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.3.2.4.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p5462181319499">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.3.2.4.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p16462913134915">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.3.2.4.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p11462161394911">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row114627137499"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.3.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p84621913194915"><a href="#iam_10_0011__en-us_topic_0289135272_table172743139494">links</a></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.3.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p646231318493">object</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.3.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p1046211374919">Resource link information.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row246271364918"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.3.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p646261317494"><a href="#iam_10_0011__en-us_topic_0289135272_table16249181318490">roles</a></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.3.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p164621613204912">Array of objects</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.3.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p13462121374913">Permission information.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="iam_10_0011__en-us_topic_0289135272_table16249181318490"></a><a name="en-us_topic_0289135272_table16249181318490"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table16249181318490" frame="border" border="1" rules="all"><caption><b>Table 4 </b>roles</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row1046217136498"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.4.2.4.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p18462181354916">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.4.2.4.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p1462713144912">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.4.2.4.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p346221334910">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row14462131334920"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p1946291312498">flag</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p346291364920">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p11462181316496">If this parameter is set to <strong id="iam_10_0011__en-us_topic_0289135272_b3375124813915">fine_grained</strong>, the permission is a system-defined policy.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row11462141314911"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p746221314913">description_cn</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p15462113104920">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p44621113144910">Description of the permission in Chinese. This parameter is returned in the response only when <strong id="iam_10_0011__en-us_topic_0289135272_b176791932193819">description_cn</strong> is specified during policy creation.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row114621513124917"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p6462313184910">catalog</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p7462181364912">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p1046217139492">Service catalog of the permission.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row146211134499"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p104621713164919">name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p046214139493">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p4462151314917">Permission name. This parameter is carried in the token of a user, allowing the system to determine whether the user has permissions to access a specific cloud service.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row15462713164913"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p1046281320499">description</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p946216133494">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p16462213154910">Description of the permission.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row84621113144911"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p84621413134919"><a href="#iam_10_0011__en-us_topic_0289135272_table172743139494">links</a></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p10462413104910">object</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p1646201344918">Permission resource link.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row046241311496"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p0462101334918">id</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p194621313104910">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p194629134491">Permission ID.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row1746261354912"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p194623131499">display_name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p154623131490">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p846281314920">Display name of the permission.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row94621213174915"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p1346217139497">type</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p1946218137495">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p446281314915">Display mode of the permission.</p>
<div class="note" id="iam_10_0011__en-us_topic_0289135272_note1225911320495"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="iam_10_0011__en-us_topic_0289135272_ul104621132493"><li id="iam_10_0011__en-us_topic_0289135272_li34620132492"><strong id="iam_10_0011__en-us_topic_0289135272_b09411223204017">AX</strong>: Account level.</li><li id="iam_10_0011__en-us_topic_0289135272_li1546261315495"><strong id="iam_10_0011__en-us_topic_0289135272_b477725104015">XA</strong>: Project level.</li><li id="iam_10_0011__en-us_topic_0289135272_li204622013124910"><strong id="iam_10_0011__en-us_topic_0289135272_b1276182674010">AA</strong>: Both the account level and project level.</li><li id="iam_10_0011__en-us_topic_0289135272_li24621139494"><strong id="iam_10_0011__en-us_topic_0289135272_b2063912274400">XX</strong>: Neither the account level nor project level.</li><li id="iam_10_0011__en-us_topic_0289135272_li54623136494">The display mode of a custom policy can only be <strong id="iam_10_0011__en-us_topic_0289135272_b1872122864011">AX</strong> or <strong id="iam_10_0011__en-us_topic_0289135272_b587212834014">XA</strong>. A custom policy must be displayed at either of the two levels.</li></ul>
</div></div>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row184625132491"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p74621613104914"><a href="#iam_10_0011__en-us_topic_0289135272_table19278113194913">policy</a></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p144627139498">object</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p8462131304916">Content of the permission.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row2462113114912"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p84621513184920">updated_time</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p1646311318496">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p9463111313496">Time when the permission was last updated.</p>
<div class="note" id="iam_10_0011__en-us_topic_0289135272_note143972023414"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="iam_10_0011__en-us_topic_0289135272_p73971420414">The value is a Unix timestamp in millisecond, for example, 1687913793000.</p>
</div></div>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row1546391312492"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p194631913124911">created_time</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.4.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p5463131313494">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.4.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p046351344918">Time when the permission was created.</p>
<div class="note" id="iam_10_0011__en-us_topic_0289135272_note112691979411"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="iam_10_0011__en-us_topic_0289135272_p826987144110">The value is a Unix timestamp in millisecond, for example, 1687913793000.</p>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="iam_10_0011__en-us_topic_0289135272_table172743139494"></a><a name="en-us_topic_0289135272_table172743139494"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table172743139494" frame="border" border="1" rules="all"><caption><b>Table 5 </b>links</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row18463313104911"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.5.2.4.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p746371344919">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.5.2.4.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p174631113134910">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.5.2.4.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p146318130496">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row94631613114911"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.5.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p14463111364910">self</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.5.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p2046301311498">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.5.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p3463913114914">Resource link.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row1346371312492"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.5.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p1546301312498">previous</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.5.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p13463513164917">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.5.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p4463213114920">Previous resource link. If the previous resource link is unavailable, this parameter is set to <strong id="iam_10_0011__en-us_topic_0289135272_b19965507563">null</strong>.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row9463141334915"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.5.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p746315137499">next</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.5.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p1946391317492">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.5.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p8463913104913">Next resource link. If the next resource link is unavailable, this parameter is set to <strong id="iam_10_0011__en-us_topic_0289135272_b187465255618">null</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="iam_10_0011__en-us_topic_0289135272_table19278113194913"></a><a name="en-us_topic_0289135272_table19278113194913"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table19278113194913" frame="border" border="1" rules="all"><caption><b>Table 6 </b>roles.policy</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row1446311311492"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.6.2.4.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p64631213174919">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.6.2.4.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p18463111316492">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.6.2.4.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p346311317492">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row13463181315491"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.6.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p5463161316494"><a href="#iam_10_0011__en-us_topic_0289135272_table182851413184913">Depends</a></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.6.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p74631913124916">Array of objects</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.6.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p18463201374920">Dependent permissions.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row346331313496"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.6.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p19463161354916"><a href="#iam_10_0011__en-us_topic_0289135272_table0288151316493">Statement</a></p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.6.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p1046391354911">Array of objects</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.6.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p164631513104916">Statement of the permission.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row16463111319499"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.6.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p1246391374911">Version</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.6.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p134631613134911">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.6.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p64631613184916">Policy version.</p>
<div class="note" id="iam_10_0011__en-us_topic_0289135272_note142826131498"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="iam_10_0011__en-us_topic_0289135272_ul046381312499"><li id="iam_10_0011__en-us_topic_0289135272_li14463813114913"><strong id="iam_10_0011__en-us_topic_0289135272_b1157164515407">1.0</strong>: System-defined role. Only a limited number of service-level roles are provided for authorization.</li><li id="iam_10_0011__en-us_topic_0289135272_li7463101315499"><strong id="iam_10_0011__en-us_topic_0289135272_b23051353144010">1.1</strong>: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.</li></ul>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="iam_10_0011__en-us_topic_0289135272_table182851413184913"></a><a name="en-us_topic_0289135272_table182851413184913"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table182851413184913" frame="border" border="1" rules="all"><caption><b>Table 7 </b>roles.policy.Depends</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row2046371314917"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.7.2.4.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p14463141313492">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.7.2.4.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p12463913124914">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.7.2.4.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p3463151310492">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row154633138493"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.7.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p4463413104918">catalog</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.7.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p346317137497">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.7.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p846321364913">Service catalog of the permission.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row746391354914"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.7.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p2463191313494">display_name</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.7.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p204631413194911">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.7.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p15463513124911">Display name of the permission.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="iam_10_0011__en-us_topic_0289135272_table0288151316493"></a><a name="en-us_topic_0289135272_table0288151316493"></a><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_table0288151316493" frame="border" border="1" rules="all"><caption><b>Table 8 </b>roles.policy.Statement</caption><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_row10463161324916"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.8.2.4.1.1"><p id="iam_10_0011__en-us_topic_0289135272_p4463013184910">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.4.8.2.4.1.2"><p id="iam_10_0011__en-us_topic_0289135272_p6463131310497">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.4.8.2.4.1.3"><p id="iam_10_0011__en-us_topic_0289135272_p846312136492">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_row5463121354919"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p1846381315499">Action</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p94631213104914">Array of strings</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.8.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p10463113154911">Specific operation permissions on a resource. A maximum of 100 actions are allowed. For details about supported actions, see "Permissions Policies and Supported Actions" in the API Reference of cloud services.</p>
<div class="note" id="iam_10_0011__en-us_topic_0289135272_note12909136494"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="iam_10_0011__en-us_topic_0289135272_ul18463413124913"><li id="iam_10_0011__en-us_topic_0289135272_li12463613124917">The value format is <em id="iam_10_0011__en-us_topic_0289135272_i7113667413">Service name</em>:<em id="iam_10_0011__en-us_topic_0289135272_i71141665413">Resource type</em>:<em id="iam_10_0011__en-us_topic_0289135272_i51144624113">Operation</em>, for example, <strong id="iam_10_0011__en-us_topic_0289135272_b411446114118">vpc:ports:create</strong>.</li><li id="iam_10_0011__en-us_topic_0289135272_li446361324920"><em id="iam_10_0011__en-us_topic_0289135272_i207037724114">Service name</em>: indicates the product name, such as <strong id="iam_10_0011__en-us_topic_0289135272_b3703117164116">ecs</strong>, <strong id="iam_10_0011__en-us_topic_0289135272_b107036774117">evs</strong>, or <strong id="iam_10_0011__en-us_topic_0289135272_b47037711417">vpc</strong>. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.</li><li id="iam_10_0011__en-us_topic_0289135272_li14463161374917">In the case of a custom policy for agencies, this parameter should be set to <em id="iam_10_0011__en-us_topic_0289135272_i19321314114112">"Action": ["iam:agencies:assume"]</em>.</li></ul>
</div></div>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row446341304911"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p18463141314919">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p0463121344911">String</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.8.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p1046341324917">Effect of the permission. The value can be <strong id="iam_10_0011__en-us_topic_0289135272_b1991491624110">Allow</strong> or <strong id="iam_10_0011__en-us_topic_0289135272_b15918161617419">Deny</strong>. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.</p>
<p id="iam_10_0011__en-us_topic_0289135272_p1463111316494">Enumerated values:</p>
<ul id="iam_10_0011__en-us_topic_0289135272_ul1746391310499"><li id="iam_10_0011__en-us_topic_0289135272_li746471324916">Allow</li><li id="iam_10_0011__en-us_topic_0289135272_li12464913104916">Deny</li></ul>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row5464151312499"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p144640136490">Condition</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p1464713174910">Object</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.8.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p62505226615">Conditions for the permission to take effect. The number of conditions cannot exceed 10. If this parameter is not specified during policy creation, it will not be returned in the response.</p>
<div class="note" id="iam_10_0011__en-us_topic_0289135272_note122334794612"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="iam_10_0011__en-us_topic_0289135272_p1276712344919">Take the condition in the sample request as an example, the values of the condition key (<strong id="iam_10_0011__en-us_topic_0289135272_b1880322519376">obs:prefix</strong>) and string (<strong id="iam_10_0011__en-us_topic_0289135272_b1780302516374">public</strong>) must be equal (<strong id="iam_10_0011__en-us_topic_0289135272_b148031425163718">StringEquals</strong>).</p>
<pre class="screen" id="iam_10_0011__en-us_topic_0289135272_screen18948143318464"> "Condition": {
"StringEquals": {
"obs:prefix": [
"public"
]
}
}</pre>
</div></div>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row1846461344917"><td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p446461364912">Resource</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.4.8.2.4.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p9464513184917">Object</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.4.8.2.4.1.3 "><p id="iam_10_0011__en-us_topic_0289135272_p0262533104013">Cloud resource. If this parameter is not specified during policy creation, it will not be returned in the response. The object can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.</p>
<div class="note" id="iam_10_0011__en-us_topic_0289135272_note13001713124918"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="iam_10_0011__en-us_topic_0289135272_ul746419130491"><li id="iam_10_0011__en-us_topic_0289135272_li44645139490">Format: <em id="iam_10_0011__en-us_topic_0289135272_i719713305413">::::</em>. For example, <strong id="iam_10_0011__en-us_topic_0289135272_b320119304410">obs:</strong><strong id="iam_10_0011__en-us_topic_0289135272_b122022030114112"><em id="iam_10_0011__en-us_topic_0289135272_i20202193014411">:</em></strong><strong id="iam_10_0011__en-us_topic_0289135272_b172022030184110">:bucket:*</strong>. Asterisks are allowed.</li><li id="iam_10_0011__en-us_topic_0289135272_li846491311499">The region segment can be <strong id="iam_10_0011__en-us_topic_0289135272_b1230913113419">*</strong> or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.</li><li id="iam_10_0011__en-us_topic_0289135272_li18464213194914">In the case of a custom policy for agencies, the type of this parameter is Object, and the value should be set to <em id="iam_10_0011__en-us_topic_0289135272_i477353319411">"Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}</em>.</li></ul>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="iam_10_0011__en-us_topic_0289135272_section8307613104915"><h4 class="sectiontitle">Example Request</h4><p id="iam_10_0011__en-us_topic_0289135272_p16366113613195">Request for querying all permissions of a user group</p>
<pre class="screen" id="iam_10_0011__en-us_topic_0289135272_screen18464131354914">GET https://<span id="iam_10_0011__en-us_topic_0289135272_text715321191316"></span>sample.domain.com/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects</pre>
</div>
<div class="section" id="iam_10_0011__en-us_topic_0289135272_section113089133491"><h4 class="sectiontitle">Example Response</h4><p id="iam_10_0011__en-us_topic_0289135272_p1464131364911"><strong id="iam_10_0011__en-us_topic_0289135272_b830318361416">Status code: 200</strong></p>
<p id="iam_10_0011__en-us_topic_0289135272_p15464181384913">The request is successful.</p>
<pre class="screen" id="iam_10_0011__en-us_topic_0289135272_screen646451334914">{
"roles" : [ {
"catalog" : "VulnScan",
"name" : "wscn_adm",
"description" : "Vulnerability Scan Service administrator of tasks and reports.",
"links" : {
"next" : null,
"previous" : null,
"self" : "https://<span id="iam_10_0011__en-us_topic_0289135272_text10879122918328"></span>sample.domain.com/v3/roles/0af84c1502f447fa9c2fa18083fbb..."
},
"id" : "0af84c1502f447fa9c2fa18083fbb...",
"display_name" : "VSS Administrator",
"type" : "XA",
"policy" : {
"Version" : "1.0",
"Statement" : [ {
"Action" : [ "WebScan:*:*" ],
"Effect" : "Allow"
} ],
"Depends" : [ {
"catalog" : "BASE",
"display_name" : "Server Administrator"
}, {
"catalog" : "BASE",
"display_name" : "Tenant Guest"
} ]
}
}, {
"flag" : "fine_grained",
"catalog" : "CSE",
"name" : "system_all_34",
"description" : "All permissions of CSE service.",
"links" : {
"next" : null,
"previous" : null,
"self" : "https://<span id="iam_10_0011__en-us_topic_0289135272_text18216436133217"></span>sample.domain.com/v3/roles/0b5ea44ebdc64a24a9c372b2317f7..."
},
"id" : "0b5ea44ebdc64a24a9c372b2317f7...",
"display_name" : "CSE Admin",
"type" : "XA",
"policy" : {
"Version" : "1.1",
"Statement" : [ {
"Action" : [ "cse:*:*", "ecs:*:*", "evs:*:*", "vpc:*:*" ],
"Effect" : "Allow"
} ]
}
} ],
"links" : {
"next" : null,
"previous" : null,
"self" : "https://<span id="iam_10_0011__en-us_topic_0289135272_text52834010326"></span>sample.domain.com/v3/roles"
}
}</pre>
</div>
<div class="section" id="iam_10_0011__en-us_topic_0289135272_section1432081384911"><h4 class="sectiontitle">Status Codes</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="iam_10_0011__en-us_topic_0289135272_en-us_topic_0222037485_table277" frame="border" border="1" rules="all"><thead align="left"><tr id="iam_10_0011__en-us_topic_0289135272_en-us_topic_0222037485_row1864192714336"><th align="left" class="cellrowborder" valign="top" width="20.91%" id="mcps1.3.7.2.1.3.1.1"><p id="iam_10_0011__en-us_topic_0289135272_en-us_topic_0222037485_p3834142716335">Status Code</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="79.09%" id="mcps1.3.7.2.1.3.1.2"><p id="iam_10_0011__en-us_topic_0289135272_en-us_topic_0222037485_p14834162717334">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="iam_10_0011__en-us_topic_0289135272_en-us_topic_0222037485_row156412270339"><td class="cellrowborder" valign="top" width="20.91%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_en-us_topic_0222037485_p583412273330">200</p>
</td>
<td class="cellrowborder" valign="top" width="79.09%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_en-us_topic_0222037485_p8834132733315">The request is successful.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row10148195612613"><td class="cellrowborder" valign="top" width="20.91%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p21481856122614">401</p>
</td>
<td class="cellrowborder" valign="top" width="79.09%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p414805617266">Authentication failed.</p>
</td>
</tr>
<tr id="iam_10_0011__en-us_topic_0289135272_row837665902617"><td class="cellrowborder" valign="top" width="20.91%" headers="mcps1.3.7.2.1.3.1.1 "><p id="iam_10_0011__en-us_topic_0289135272_p14376959172620">403</p>
</td>
<td class="cellrowborder" valign="top" width="79.09%" headers="mcps1.3.7.2.1.3.1.2 "><p id="iam_10_0011__en-us_topic_0289135272_p11376759122618">Access denied.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="iam_10_0011__en-us_topic_0289135272_section2322213144914"><h4 class="sectiontitle">Error Codes</h4><p id="iam_10_0011__en-us_topic_0289135272_p16464191315497">For details, see <a href="iam_02_0006.html#iam_02_0006">Error Codes</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0057845579.html">Permission Management</a></div>
</div>
</div>
View Git Blame Copy Permalink