Baidu AI Cloud
中国站

百度智能云
All Product Document

Identity and Access Management

  • Identity and Access Management
  • >
  • API Reference(IAM)
  • >
  • Policy Management Interface

Policy Management Interface

Last Updated2020-10-20

Note: The permission policy is divided into Custom Policy and system policy. The Custom Policy is a permission policy that is created and managed by the user himself, with the type of Custom; the system policy is a built-in policy managed uniformly by the cloud platform, with the type of System. In the API below, if the policyType parameter is not specified, the default is a Custom PolicyType.

Create Policy

Interface description

Create a permission policy

Request structure 

POST /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
name String RequestBody parameter Group name Yes
description String RequestBody parameter Group description No
document String RequestBody parameter Policy contents, which shall be the String that is serialized for ACL format Yes

Response header

There are no other special headers except the public headers.

Response parameter

PolicyModel Object

Request example 

POST /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
content-type: application/json
Content-Length: 20
Authorization: AuthorizationString

{"name":"test_policy", "document":"{\"accessControlList\": [{\"region\":\"bj\",\"service\":\"bcc\",\"resource\":[\"*\"],\"permission\":[\"*\"],\"effect\":\"Allow\"}]}"}

Response example 

HTTP/1.1 201 Created     
Content-Type: application/json;charset=UTF-8     
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
Server: BWS     

{
    "description": "",
    "createTime": "2019-06-06T09:13:50Z",
    "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
    "type": "Custom",
    "id": "d19f78b0595242b5a8c3419c09c81b40",
    "name": "test_policy"
}

Query Policy

Interface description

Query the permission policy.

Request structure 

GET /v1/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
policyName String URL parameter Policy Name Yes
policyType String Query parameter The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

Response header

There are no other special headers except the public headers.

Response parameter

PolicyModel Object.

Request example 

GET /v1/policy/test_policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 200 OK     
Content-Type: application/json;charset=UTF-8     
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
Server: BWS     

{
    "description": "",
    "createTime": "2019-06-06T09:13:50Z",
    "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
    "type": "Custom",
    "id": "d19f78b0595242b5a8c3419c09c81b40",
    "name": "test_policy"
}

Delete Policy

Interface description

Delete the permission policy.

Note: All the permission association of the policy must be removed at first before the group is deleted.

Request structure 

DELETE /v1/policy/{policyName} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
policyName String URL parameter Group name Yes

Response header

There are no other special headers except the public headers.

Response parameter

None

Request example 

DELETE /v1/policy/test_policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 204 No Content
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

Enumerate Policy

Interface description

Enumerate the permission policy

When the polityType is System, you can enumerate the built-in policy list of the system.

Request structure 

GET /v1/policy?policyType={policyType}&nameFilter=${nameFilter} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
policyType String Query parameter The policy type to be inquired is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No
nameFilter String Query parameter The filter condition of the policy name; only the results that the name contains this keyword is returned when it is not null No

Response header

There are no other special headers except the public headers.

Response parameter

Name Type Description
policies List<PolicyModel> List of policy object

Request example 

GET /v1/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{
    "policies": [
        {
            "description": "",
            "createTime": "2019-06-06T09:13:50Z",
            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
            "type": "Custom",
            "id": "d19f78b0595242b5a8c3419c09c81b40",
            "name": "test_policy"
        }
    ] 
}

Associate with the User Permission

Interface description

Associate with the permission policy for the user.

Request structure 

PUT /v1/user/{userName}/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
userName String URL parameter User name Yes
policyName String URL parameter Policy Name Yes
policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

Response header

There are no other special headers except the public headers.

Response parameter

None

Request example 

PUT /v1/user/test-user/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

Remove the User Permission

Interface description

Remove the permission policy associated with the user.

Request structure 

DELETE /v1/user/{userName}/policy/{policyName}policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
userName String URL parameter User name Yes
policyName String URL parameter Policy Name Yes
policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

Response header

There are no other special headers except the public headers.

Response parameter

None

Request example 

DELETE /v1/user/test-user/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

Enumerate the User Permission

Interface description

Enumerate the permission policy associated with the user.

Request structure 

GET /v1/user/{userName}/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
userName String URL parameter User name Yes

Response header

There are no other special headers except the public headers.

Response parameter

Name Type Description
policies List<PolicyModel> List of policy object

Request example 

GET /v1/user/test-user/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{
    "policies": [
        {
            "description": "",
            "createTime": "2019-06-06T09:13:50Z",
            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
            "type": "Custom",
            "id": "d19f78b0595242b5a8c3419c09c81b40",
            "name": "test_policy"
        }
    ] 
}

Associate with the Group Permission

Interface description

Associate with the permission policy for the user group.

Request structure 

PUT /v1/group/{groupName}/policy/{policyName}?policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
groupName String URL parameter Group name Yes
policyName String URL parameter Policy Name Yes
policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

Response header

There are no other special headers except the public headers.

Response parameter

None

Request example 

PUT /v1/group/test_group/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

Remove the Group Permission

Interface description

Remove the permission policy associated with the user group.

Request structure 

DELETE /v1/group/{groupName}/policy/{policyName}policyType={policyType} HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
groupName String URL parameter Group name Yes
policyName String URL parameter Policy Name Yes
policyType String Query parameter The policy type to be associated is to query the system policy if the policy type is System; it is to query the Custom Policy if the policy type is Custom No

Response header

There are no other special headers except the public headers.

Response parameter

None

Request example 

DELETE /v1/group/test_group/policy/test_policy
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 204 No Content
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

Enumerate the Group Permission

Interface description

Enumerate the permission policy associated with the user groups.

Request structure 

GET /v1/group/{groupName}/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: authorization string

Request header

There are no other special headers except the public headers.

Request parameter

Name Type Location Description Required or not
groupName String URL parameter User name Yes

Response header

There are no other special headers except the public headers.

Response parameter

Name Type Description
policies List<PolicyModel> List of policy object

Request example 

GET /v1/group/test_group/policy HTTP/1.1
Host: iam.bj.baidubce.com
Authorization: AuthorizationString

Response example 

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{
    "policies": [
        {
            "description": "",
            "createTime": "2019-06-06T09:13:50Z",
            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
            "type": "Custom",
            "id": "d19f78b0595242b5a8c3419c09c81b40",
            "name": "test_policy"
        }
    ] 
}
Previous
Group Management Interface
Next
Data Type