百度智能云

All Product Document

          Identity and Access Management

          Policy Management Interface

          Note: The permission policy is divided into Custom Policy and system policy. The Custom Policy is a permission policy that is created and managed by the user himself, with the type of Custom; the system policy is a built-in policy managed uniformly by the cloud platform, with the type of System. In the API below, if the policyType parameter is not specified, the default is a Custom PolicyType.

          Create Policy

          Interface description

          Create a permission policy

          Request structure

          POST /v1/policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          name String RequestBody parameter Group name Yes
          description String RequestBody parameter Group description No
          document String RequestBody parameter Policy contents, which shall be the String that is serialized for ACL format Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          PolicyModel Object

          Request example

          POST /v1/policy HTTP/1.1
          Host: iam.bj.baidubce.com
          content-type: application/json
          Content-Length: 20
          Authorization: AuthorizationString
          
          {"name":"test_policy", "document":"{\"accessControlList\": [{\"region\":\"bj\",\"service\":\"bcc\",\"resource\":[\"*\"],\"permission\":[\"*\"],\"effect\":\"Allow\"}]}"}

          Response example

          HTTP/1.1 201 Created     
          Content-Type: application/json;charset=UTF-8     
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
          Server: BWS     
          
          {
              "description": "",
              "createTime": "2019-06-06T09:13:50Z",
              "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
              "type": "Custom",
              "id": "d19f78b0595242b5a8c3419c09c81b40",
              "name": "test_policy"
          }

          Query Policy

          Interface description

          Query the permission policy.

          Request structure

          GET /v1/policy/{policyName}?policyType={policyType} HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          PolicyModel Object.

          Request example

          GET /v1/policy/test_policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 200 OK     
          Content-Type: application/json;charset=UTF-8     
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
          Server: BWS     
          
          {
              "description": "",
              "createTime": "2019-06-06T09:13:50Z",
              "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
              "type": "Custom",
              "id": "d19f78b0595242b5a8c3419c09c81b40",
              "name": "test_policy"
          }

          Delete Policy

          Interface description

          Delete the permission policy.

          Note: All the permission association of the policy must be removed at first before the group is deleted.

          Request structure

          DELETE /v1/policy/{policyName} HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          policyName String URL parameter Group name Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example

          DELETE /v1/policy/test_policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 204 No Content
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS

          Enumerate Policy

          Interface description

          Enumerate the permission policy

          When the polityType is System, you can enumerate the built-in policy list of the system.

          Request structure

          GET /v1/policy?policyType={policyType}&nameFilter=${nameFilter} HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          policyType String Query parameter The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No
          nameFilter String Query parameter The filter condition of the policy name; only the results that the name contains this keyword is returned when it is not null No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Name Type Description
          policies List<PolicyModel> List of policy object

          Request example

          GET /v1/policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 200 OK
          Content-Type: application/json;charset=UTF-8
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS
          
          {
              "policies": [
                  {
                      "description": "",
                      "createTime": "2019-06-06T09:13:50Z",
                      "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
                      "type": "Custom",
                      "id": "d19f78b0595242b5a8c3419c09c81b40",
                      "name": "test_policy"
                  }
              ] 
          }

          Associate with the User Permission

          Interface description

          Associate with the permission policy for the user.

          Request structure

          PUT /v1/user/{userName}/policy/{policyName}?policyType={policyType} HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          userName String URL parameter User name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example

          PUT /v1/user/test-user/policy/test_policy
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 200 OK
          Content-Type: application/json;charset=UTF-8
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS

          Remove the User Permission

          Interface description

          Remove the permission policy associated with the user.

          Request structure

          DELETE /v1/user/{userName}/policy/{policyName}policyType={policyType} HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          userName String URL parameter User name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example

          DELETE /v1/user/test-user/policy/test_policy
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 204 No Content
          Content-Type: application/json;charset=UTF-8
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS

          Enumerate the User Permission

          Interface description

          Enumerate the permission policy associated with the user.

          Request structure

          GET /v1/user/{userName}/policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          userName String URL parameter User name Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Name Type Description
          policies List<PolicyModel> List of policy object

          Request example

          GET /v1/user/test-user/policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 200 OK
          Content-Type: application/json;charset=UTF-8
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS
          
          {
              "policies": [
                  {
                      "description": "",
                      "createTime": "2019-06-06T09:13:50Z",
                      "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
                      "type": "Custom",
                      "id": "d19f78b0595242b5a8c3419c09c81b40",
                      "name": "test_policy"
                  }
              ] 
          }

          Associate with the Group Permission

          Interface description

          Associate with the permission policy for the user group.

          Request structure

          PUT /v1/group/{groupName}/policy/{policyName}?policyType={policyType} HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          groupName String URL parameter Group name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example

          PUT /v1/group/test_group/policy/test_policy
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 200 OK
          Content-Type: application/json;charset=UTF-8
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS

          Remove the Group Permission

          Interface description

          Remove the permission policy associated with the user group.

          Request structure

          DELETE /v1/group/{groupName}/policy/{policyName}policyType={policyType} HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          groupName String URL parameter Group name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example

          DELETE /v1/group/test_group/policy/test_policy
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 204 No Content
          Content-Type: application/json;charset=UTF-8
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS

          Enumerate the Group Permission

          Interface description

          Enumerate the permission policy associated with the user groups.

          Request structure

          GET /v1/group/{groupName}/policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          groupName String URL parameter User name Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Name Type Description
          policies List<PolicyModel> List of policy object

          Request example

          GET /v1/group/test_group/policy HTTP/1.1
          Host: iam.bj.baidubce.com
          Authorization: AuthorizationString

          Response example

          HTTP/1.1 200 OK
          Content-Type: application/json;charset=UTF-8
          X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
          Server: BWS
          
          {
              "policies": [
                  {
                      "description": "",
                      "createTime": "2019-06-06T09:13:50Z",
                      "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
                      "type": "Custom",
                      "id": "d19f78b0595242b5a8c3419c09c81b40",
                      "name": "test_policy"
                  }
              ] 
          }
          Previous
          Group Management Interface
          Next
          Data Type