Wei, Hongmin
c7cf8ac24f
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com> Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com> Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
72 KiB
Action List
Token Management
Permission |
API |
Action |
|---|---|---|
Obtaining an Agency Token |
iam:tokens:assume |
Access Key Management
Permission |
API |
Action |
|---|---|---|
Listing Permanent Access Keys |
iam:credentials:listCredentials |
|
Querying a Permanent Access Key |
iam:credentials:getCredential |
|
Creating a Permanent Access Key |
iam:credentials:createCredential |
|
Modifying a Permanent Access Key |
iam:credentials:updateCredential |
|
Deleting a Permanent Access Key |
iam:credentials:deleteCredential |
Virtual MFA Device Management
Permission |
API |
Action |
|---|---|---|
Unbinding a Virtual MFA Device |
iam:mfa:unbindMFADevice |
|
Binding a Virtual MFA Device |
iam:mfa:bindMFADevice |
|
Creating a Virtual MFA Device |
iam:mfa:createVirtualMFADevice |
|
Deleting a Virtual MFA Device |
iam:mfa:deleteVirtualMFADevice |
Project Management
Permission |
API |
Action |
|---|---|---|
Creating a Project |
iam:projects:createProject |
|
Modifying Project Data |
iam:projects:updateProject |
|
Changing Project Status |
iam:projects:updateProject |
|
Querying the List of Projects Accessible to Users |
iam:projects:listProjectsForUser |
|
Deleting a Project |
iam:projects:deleteProject |
|
Querying the Quotas of a Project |
iam:quotas:listQuotasForProject |
Tenant Management
Permission |
API |
Action |
|---|---|---|
Querying Tenant Quotas |
iam:quotas:listQuotas |
User Management
Permission |
API |
Action |
|---|---|---|
Listing Users |
iam:users:listUsers |
|
Querying User Details |
iam:users:getUser |
|
Querying User Details (Recommended) |
iam:users:getUser |
|
Querying the User Group Which a User Belongs to |
iam:groups:listGroupsForUser |
|
Querying Users in a User Group |
iam:users:listUsersForGroup |
|
Creating a User |
iam:users:createUser |
|
Changing the Password of a User |
iam:users:updateUserPassword |
|
Modifying User Information |
iam:users:updateUser |
|
Deleting a User |
iam:users:deleteUser |
|
Creating a User (Recommended) |
iam:users:createUser |
|
Resetting a User's Password |
× |
iam:users:resetUserPassword |
Configuring Login Protection |
× |
iam:users:setUserLoginProtect |
Listing Users Who Have Access to a Specified Project |
× |
iam:users:listUsersForProject |
Deleting a User from a User Group |
iam:permissions:removeUserFromGroup |
|
Querying MFA Device Information of Users |
iam:mfa:listVirtualMFADevices |
|
Querying the MFA Device Information of a User |
iam:mfa:getVirtualMFADevice |
|
Querying Login Protection Configurations of Users |
iam:users:listUserLoginProtects |
|
Querying the Login Protection Configuration of a User |
iam:users:getUserLoginProtect |
User Group Management
Permission |
API |
Action |
|---|---|---|
Querying Users in a User Group |
iam:users:listUsersForGroup |
|
Listing User Groups |
iam:groups:listGroups |
|
Querying User Group Details |
iam:groups:getGroup |
|
Creating a User Group |
iam:groups:createGroup |
|
Adding a User to a User Group |
iam:permissions:addUserToGroup |
|
Updating User Group Information |
iam:groups:updateGroup |
|
Deleting a User Group |
|
|
Checking Whether a User Belongs to a Specified User Group |
iam:permissions:checkUserInGroup |
Permissions Management
Permission |
API |
Action |
|---|---|---|
Querying a Role List |
iam:roles:listRoles |
|
Querying Role Details |
iam:roles:getRole |
|
Querying Permissions of a User Group Under a Domain |
iam:permissions:listRolesForGroupOnDomain |
|
Querying Permissions of a User Group Corresponding to a Project |
iam:permissions:listRolesForGroupOnProject |
|
Granting Permissions to a User Group of a Domain |
PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroupOnDomain |
Granting Permissions to a User Group Corresponding to a Project |
PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroupOnProject |
Removing Permissions of a User Group Corresponding to a Project |
DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:revokeRoleFromGroupOnProject |
Removing Permissions of a User Group of a Domain |
DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:revokeRoleFromGroupOnDomain |
Querying Whether a User Group Under a Domain Has Specific Permissions |
HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:checkRoleForGroupOnDomain |
Querying Whether a User Group Corresponding to a Project Has Specific Permissions |
HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:checkRoleForGroupOnProject |
Granting Permissions to a User Group |
PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroup |
Querying the Permissions Granted to a User for a Specified Project |
× |
iam:permissions:listRolesForUserOnProject |
Querying All Permissions of a User Group |
× |
iam:permissions:listRolesForGroup |
Checking Whether a User Group Has Specified Permissions |
iam:permissions:checkRoleForGroup |
|
Removing Permissions of a User Group |
iam:permissions:revokeRoleFromGroup |
|
Querying a Resource Quota |
GET /v3.0/OS-QUOTA/domains/{domain_id}?type={user, group, idp, agency, policy} |
iam:quotas:listQuotas |
Custom Policy Management
Permission |
API |
Action |
|---|---|---|
Listing Custom Policies |
iam:roles:listRoles |
|
Querying Custom Policy Details |
iam:roles:getRole |
|
Creating a Custom Policy |
iam:roles:createRole |
|
Modifying a Custom Policy |
iam:roles:updateRole |
|
Deleting a Custom Policy |
iam:roles:deleteRole |
Agency Management
Permission |
API |
Action |
|---|---|---|
Creating an Agency |
iam:agencies:createAgency |
|
Listing Agencies |
iam:agencies:listAgencies |
|
Querying Agency Details |
iam:agencies:getAgency |
|
Modifying an Agency |
iam:agencies:updateAgency |
|
Deleting an Agency |
iam:agencies:deleteAgency |
|
Granting Permissions to an Agency for a Project |
PUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:grantRoleToAgencyOnProject |
Checking Whether an Agency Has the Specified Permissions on a Project |
HEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:checkRoleForAgencyOnProject |
Querying Permissions of an Agency for a Project |
GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles |
iam:permissions:listRolesForAgencyOnProject |
Removing Permissions of an Agency on a Project |
DELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:revokeRoleFromAgencyOnProject |
Granting Permissions to an Agency on a Domain |
PUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:grantRoleToAgencyOnDomain |
Checking Whether an Agency Has the Specified Permissions on a Domain |
HEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:checkRoleForAgencyOnDomain |
Querying the List of Permissions of an Agency on a Domain |
GET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles |
iam:permissions:listRolesForAgencyOnDomain |
Removing Permissions of an Agency on a Domain |
DELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:revokeRoleFromAgencyOnDomain |
Security Settings
Permission |
API |
Action |
|---|---|---|
Querying the Operation Protection Policy |
GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy |
iam:securitypolicies:getProtectPolicy |
Querying the Password Policy |
GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy |
iam:securitypolicies:getPasswordPolicy |
Querying the Login Authentication Policy |
iam:securitypolicies:getLoginPolicy |
Federated Identity Authentication Management
Permission |
API |
Action |
|---|---|---|
Querying the Identity Provider List |
iam:identityProviders:listIdentityProviders |
|
Querying an Identity Provider |
iam:identityProviders:getIdentityProvider |
|
Creating an Identity Provider |
iam:identityProviders:createIdentityProvider |
|
Updating an Identity Provider |
iam:identityProviders:updateIdentityProvider |
|
Deleting an Identity Provider |
iam:identityProviders:deleteIdentityProvider |
|
Creating an OpenID Connect Identity Provider |
POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:createOpenIDConnectConfig |
Modifying an OpenID Connect Identity Provider |
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:updateOpenIDConnectConfig |
Querying an OpenID Connect Identity Provider |
GET /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:getOpenIDConnectConfig |
Querying the Mapping List |
iam:identityProviders:listMappings |
|
Querying Mapping Details |
iam:identityProviders:getMapping |
|
Creating a Mapping |
iam:identityProviders:createMapping |
|
Updating a Mapping |
iam:identityProviders:updateMapping |
|
Deleting a Mapping |
iam:identityProviders:deleteMapping |
|
Querying the Protocol List |
iam:identityProviders:listProtocols |
|
Querying a Protocol |
GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:getProtocol |
Registering a Protocol |
PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:createProtocol |
Updating a Protocol |
PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:updateProtocol |
Deleting a Protocol |
DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:deleteProtocol |
Querying a Metadata File |
GET /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata |
iam:identityProviders:getIDPMetadata |
Importing a Metadata File |
POST /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata |
iam:identityProviders:createIDPMetadata |