Policy Management Interface
Note: The permission policy is divided into Custom Policy and system policy. The Custom Policy is a permission policy that is created and managed by the user himself, with the type of Custom; the system policy is a built-in policy managed uniformly by the cloud platform, with the type of System. In the API below, if the policyType parameter is not specified, the default is a Custom PolicyType.
Create Policy
Interface description
Create a permission policy
Request structure
POST /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
name | String | RequestBody parameter | Group name | Yes |
description | String | RequestBody parameter | Group description | No |
document | String | RequestBody parameter | Policy contents, which shall be the String that is serialized for ACL format | Yes |
Response header
There are no other special headers except the public headers.
Response parameter
PolicyModel Object
Request example
POST /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
content-type: application/json
Content-Length: 20
Authorization: AuthorizationString
{"name":"test_policy", "document":"{\"accessControlList\": [{\"region\":\"bj\",\"service\":\"bcc\",\"resource\":[\"*\"],\"permission\":[\"*\"],\"effect\":\"Allow\"}]}"}
Response example
HTTP/1.1 201 Created
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
{
"description": "",
"createTime": "2019-06-06T09:13:50Z",
"document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
"type": "Custom",
"id": "d19f78b0595242b5a8c3419c09c81b40",
"name": "test_policy"
}
Query Policy
Interface description
Query the permission policy.
Request structure
GET /v1/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
policyName | String | URL parameter | Policy Name | Yes |
policyType | String | Query parameter | The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom | No |
Response header
There are no other special headers except the public headers.
Response parameter
PolicyModel Object.
Request example
GET /v1/policy/test_policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
{
"description": "",
"createTime": "2019-06-06T09:13:50Z",
"document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
"type": "Custom",
"id": "d19f78b0595242b5a8c3419c09c81b40",
"name": "test_policy"
}
Delete Policy
Interface description
Delete the permission policy.
Note: All the permission association of the policy must be removed at first before the group is deleted.
Request structure
DELETE /v1/policy/{policyName} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
policyName | String | URL parameter | Group name | Yes |
Response header
There are no other special headers except the public headers.
Response parameter
None
Request example
DELETE /v1/policy/test_policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 204 No Content
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
Enumerate Policy
Interface description
Enumerate the permission policy
When the polityType is System, you can enumerate the built-in policy list of the system.
Request structure
GET /v1/policy?policyType={policyType}&nameFilter=${nameFilter} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
policyType | String | Query parameter | The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom | No |
nameFilter | String | Query parameter | The filter condition of the policy name; only the results that the name contains this keyword is returned when it is not null | No |
Response header
There are no other special headers except the public headers.
Response parameter
Name | Type | Description |
---|---|---|
policies | List<PolicyModel> | List of policy object |
Request example
GET /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
{
"policies": [
{
"description": "",
"createTime": "2019-06-06T09:13:50Z",
"document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
"type": "Custom",
"id": "d19f78b0595242b5a8c3419c09c81b40",
"name": "test_policy"
}
]
}
Associate with the User Permission
Interface description
Associate with the permission policy for the user.
Request structure
PUT /v1/user/{userName}/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
userName | String | URL parameter | User name | Yes |
policyName | String | URL parameter | Policy Name | Yes |
policyType | String | Query parameter | The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom | No |
Response header
There are no other special headers except the public headers.
Response parameter
None
Request example
PUT /v1/user/test-user/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
Remove the User Permission
Interface description
Remove the permission policy associated with the user.
Request structure
DELETE /v1/user/{userName}/policy/{policyName}policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
userName | String | URL parameter | User name | Yes |
policyName | String | URL parameter | Policy Name | Yes |
policyType | String | Query parameter | The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom | No |
Response header
There are no other special headers except the public headers.
Response parameter
None
Request example
DELETE /v1/user/test-user/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
Enumerate the User Permission
Interface description
Enumerate the permission policy associated with the user.
Request structure
GET /v1/user/{userName}/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
userName | String | URL parameter | User name | Yes |
Response header
There are no other special headers except the public headers.
Response parameter
Name | Type | Description |
---|---|---|
policies | List<PolicyModel> | List of policy object |
Request example
GET /v1/user/test-user/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
{
"policies": [
{
"description": "",
"createTime": "2019-06-06T09:13:50Z",
"document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
"type": "Custom",
"id": "d19f78b0595242b5a8c3419c09c81b40",
"name": "test_policy"
}
]
}
Associate with the Group Permission
Interface description
Associate with the permission policy for the user group.
Request structure
PUT /v1/group/{groupName}/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
groupName | String | URL parameter | Group name | Yes |
policyName | String | URL parameter | Policy Name | Yes |
policyType | String | Query parameter | The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom | No |
Response header
There are no other special headers except the public headers.
Response parameter
None
Request example
PUT /v1/group/test_group/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
Remove the Group Permission
Interface description
Remove the permission policy associated with the user group.
Request structure
DELETE /v1/group/{groupName}/policy/{policyName}policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
groupName | String | URL parameter | Group name | Yes |
policyName | String | URL parameter | Policy Name | Yes |
policyType | String | Query parameter | The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom | No |
Response header
There are no other special headers except the public headers.
Response parameter
None
Request example
DELETE /v1/group/test_group/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
Enumerate the Group Permission
Interface description
Enumerate the permission policy associated with the user groups.
Request structure
GET /v1/group/{groupName}/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string
Request header
There are no other special headers except the public headers.
Request parameter
Name | Type | Location | Description | Required or not |
---|---|---|---|---|
groupName | String | URL parameter | User name | Yes |
Response header
There are no other special headers except the public headers.
Response parameter
Name | Type | Description |
---|---|---|
policies | List<PolicyModel> | List of policy object |
Request example
GET /v1/group/test_group/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString
Response example
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS
{
"policies": [
{
"description": "",
"createTime": "2019-06-06T09:13:50Z",
"document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
"type": "Custom",
"id": "d19f78b0595242b5a8c3419c09c81b40",
"name": "test_policy"
}
]
}