vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/api-ref/iam_02_0021.html
weihongmin1 ca9b774f3d IAM API 1108 Version 
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
2024-12-03 20:42:07 +00:00

28 KiB
Raw Blame History

Modifying the Operation Protection Policy

Function

This API is provided for the administrator to modify the operation protection policy.

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy

Table 1 URI parameters

Parameter

Mandatory

Type

Description

domain_id

Yes

String

Domain ID.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Token with Security Administrator permissions.
Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

protect_policy

Yes

object

Operation protection policy.
Table 4 protect_policy

Parameter

Mandatory

Type

Description

operation_protection

Yes

Boolean

Whether to enable operation protection. The value can be true (enable) or false (disable).

allow_user

No

AllowUserBody object

Attributes that IAM users can modify.

mobile

No

String

Mobile number specified for operation protection verification. This parameter is mandatory when admin_check is set to on and scene is set to mobile. Example: 0001-123456789

admin_check

No

String

Whether to designate a person for verification. If this parameter is set to on, you need to specify the scene parameter to designate a person for verification. If this parameter is set to off, the operator is responsible for verification.

email

No

String

Email address specified for operation protection verification. This parameter is mandatory when admin_check is set to on and scene is set to email. Example: example@email.com

scene

No

String

Verification method set for the specified person. This parameter is mandatory when admin_check is set to on. The value options are mobile and email.
Table 5 protect_policy.allow_user

Parameter

Mandatory

Type

Description

manage_accesskey

No

Boolean

Whether IAM users are allowed to manage AKs by themselves. The value can be true or false.

manage_email

No

Boolean

Whether IAM users are allowed to change their email addresses. The value can be true or false.

manage_mobile

No

Boolean

Whether IAM users are allowed to change their mobile numbers. The value can be true or false.

manage_password

No

Boolean

Whether IAM users are allowed to change their passwords. The value can be true or false.

Response Parameters

Table 6 Parameters in the response body

Parameter

Type

Description

protect_policy

object

Operation protection policy.
Table 7 protect_policy

Parameter

Type

Description

allow_user

AllowUserBody object

Attributes that IAM users can modify.

operation_protection

boolean

Whether to enable operation protection. The value can be true or false.

admin_check

String

Whether a person is designated for verification. The value on indicates that a specific person is designated for verification, and the value off indicates that the operator is designated for verification.

scene

String

Verification method set for the specified person.
Table 8 protect_policy.allow_user

Parameter

Type

Description

manage_accesskey

boolean

Whether IAM users are allowed to manage AKs by themselves. The value can be true or false.

manage_email

boolean

Whether IAM users are allowed to change their email addresses. The value can be true or false.

manage_mobile

boolean

Whether IAM users are allowed to change their mobile numbers. The value can be true or false.

manage_password

boolean

Whether IAM users are allowed to change their passwords. The value can be true or false.

Example Request

PUT https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy 
 
{ 
  "protect_policy" : { 
    "operation_protection" : true 
  } 
}

Example Response

Status code: 200

The request is successful.

{
 "protect_policy": {
  "allow_user": {
   "manage_mobile": true,
   "manage_accesskey": true,
   "manage_email": true,
   "manage_password": true
  },
  "operation_protection": true,
  "admin_check": "off",
  "scene": ""
 }
}

Status code: 400

The request body is abnormal.

  • Example 1
{ 
   "error_msg" : "'%(key)s' is a required property.", 
   "error_code" : "IAM.0072" 
 }
  • Example 2
{ 
   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
   "error_code" : "IAM.0073" 
 }

Status code: 403

Access denied.

  • Example 1
{ 
   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
   "error_code" : "IAM.0003" 
 }
  • Example 2
{ 
   "error_msg" : "You are not authorized to perform the requested action.", 
   "error_code" : "IAM.0002" 
 }

Status code: 500

The system is abnormal.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code

Description

200

The request is successful.

400

The request body is abnormal.

401

Authentication failed.

403

Access denied.

500

The system is abnormal.
Parent topic: Security Settings