百度智能云
All Product Document

          Identity and Access Management

          • Identity and Access Management
          • >
          • API Reference(IAM)
          • >
          • Policy Management Interface

          Policy Management Interface

          Last Updated2020-10-20

          Note: The permission policy is divided into Custom Policy and system policy. The Custom Policy is a permission policy that is created and managed by the user himself, with the type of Custom; the system policy is a built-in policy managed uniformly by the cloud platform, with the type of System. In the API below, if the policyType parameter is not specified, the default is a Custom PolicyType.

          Create Policy

          Interface description

          Create a permission policy

          Request structure 

          POST /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          name String RequestBody parameter Group name Yes
          description String RequestBody parameter Group description No
          document String RequestBody parameter Policy contents, which shall be the String that is serialized for ACL format Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          PolicyModel Object

          Request example 

          POST /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
content-type: application/json
Content-Length: 20
Authorization: AuthorizationString

{"name":"test_policy", "document":"{\"accessControlList\": [{\"region\":\"bj\",\"service\":\"bcc\",\"resource\":[\"*\"],\"permission\":[\"*\"],\"effect\":\"Allow\"}]}"}

          Response example 

          HTTP/1.1 201 Created     
Content-Type: application/json;charset=UTF-8     
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
Server: BWS     

{
    "description": "",
    "createTime": "2019-06-06T09:13:50Z",
    "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
    "type": "Custom",
    "id": "d19f78b0595242b5a8c3419c09c81b40",
    "name": "test_policy"
}

          Query Policy

          Interface description

          Query the permission policy.

          Request structure 

          GET /v1/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          PolicyModel Object.

          Request example 

          GET /v1/policy/test_policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 200 OK     
Content-Type: application/json;charset=UTF-8     
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
Server: BWS     

{
    "description": "",
    "createTime": "2019-06-06T09:13:50Z",
    "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
    "type": "Custom",
    "id": "d19f78b0595242b5a8c3419c09c81b40",
    "name": "test_policy"
}

          Delete Policy

          Interface description

          Delete the permission policy.

          Note: All the permission association of the policy must be removed at first before the group is deleted.

          Request structure 

          DELETE /v1/policy/{policyName} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          policyName String URL parameter Group name Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example 

          DELETE /v1/policy/test_policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 204 No Content
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

          Enumerate Policy

          Interface description

          Enumerate the permission policy

          When the polityType is System, you can enumerate the built-in policy list of the system.

          Request structure 

          GET /v1/policy?policyType={policyType}&nameFilter=${nameFilter} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          policyType String Query parameter The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No
          nameFilter String Query parameter The filter condition of the policy name; only the results that the name contains this keyword is returned when it is not null No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Name Type Description
          policies List<PolicyModel> List of policy object

          Request example 

          GET /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{
    "policies": [
        {
            "description": "",
            "createTime": "2019-06-06T09:13:50Z",
            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
            "type": "Custom",
            "id": "d19f78b0595242b5a8c3419c09c81b40",
            "name": "test_policy"
        }
    ] 
}

          Associate with the User Permission

          Interface description

          Associate with the permission policy for the user.

          Request structure 

          PUT /v1/user/{userName}/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          userName String URL parameter User name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example 

          PUT /v1/user/test-user/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

          Remove the User Permission

          Interface description

          Remove the permission policy associated with the user.

          Request structure 

          DELETE /v1/user/{userName}/policy/{policyName}policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          userName String URL parameter User name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example 

          DELETE /v1/user/test-user/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

          Enumerate the User Permission

          Interface description

          Enumerate the permission policy associated with the user.

          Request structure 

          GET /v1/user/{userName}/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          userName String URL parameter User name Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Name Type Description
          policies List<PolicyModel> List of policy object

          Request example 

          GET /v1/user/test-user/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{
    "policies": [
        {
            "description": "",
            "createTime": "2019-06-06T09:13:50Z",
            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
            "type": "Custom",
            "id": "d19f78b0595242b5a8c3419c09c81b40",
            "name": "test_policy"
        }
    ] 
}

          Associate with the Group Permission

          Interface description

          Associate with the permission policy for the user group.

          Request structure 

          PUT /v1/group/{groupName}/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          groupName String URL parameter Group name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example 

          PUT /v1/group/test_group/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

          Remove the Group Permission

          Interface description

          Remove the permission policy associated with the user group.

          Request structure 

          DELETE /v1/group/{groupName}/policy/{policyName}policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          groupName String URL parameter Group name Yes
          policyName String URL parameter Policy Name Yes
          policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          None

          Request example 

          DELETE /v1/group/test_group/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

          Enumerate the Group Permission

          Interface description

          Enumerate the permission policy associated with the user groups.

          Request structure 

          GET /v1/group/{groupName}/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Name Type Location Description Required or not
          groupName String URL parameter User name Yes

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Name Type Description
          policies List<PolicyModel> List of policy object

          Request example 

          GET /v1/group/test_group/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

          Response example 

          HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{
    "policies": [
        {
            "description": "",
            "createTime": "2019-06-06T09:13:50Z",
            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
            "type": "Custom",
            "id": "d19f78b0595242b5a8c3419c09c81b40",
            "name": "test_policy"
        }
    ] 
}
          Previous
          Group Management Interface
          Next
          Data Type