Policy management API

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
All documents
menu
No results found, please re-enter

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
  • Document center
  • arrow
  • IAMIAM
  • arrow
  • SDK
  • arrow
  • Go-SDK
  • arrow
  • Policy management API
Table of contents on this page
  • Create Strategy
  • Query policies
  • Delete strategy
  • List policies
  • Associate user permissions
  • Revoke user permissions
  • List user permissions
  • Associate group permissions
  • Revoke group permissions
  • List group permissions
  • Associate role permissions
  • Revoke role permissions
  • List role permissions
  • List entities bound to permissions

Policy management API

Updated at:2025-10-27

Create Strategy

Create a policy with the following code

Go 
1name := "test_sdk_go_policy"
2args := &api.CreatePolicyArgs{
3    Name:        name,
4    Description: "description",
5    Document:    "{\"accessControlList\": [{\"region\":\"bj\",\"service\":\"bcc\"," +
6"\"resource\":[\"*\"],\"permission\":[\"*\"],\"effect\":\"Allow\"}]}",
7}
8result, err := client.CreatePolicy(args)
9if err != nil {
10    fmt.Println("Update policy failed", err)
11} else {
12    fmt.Println("Update policy success", result)
13}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationCreate Policy

Query policies

Query a policy with the following code

Go 
1    name := "test_sdk_go_policy"
2	policyType := "Custom"
3	result, err := client.GetPolicy(name, policyType)
4	if err != nil {
5		fmt.Println("Update policy failed", err)
6	} else {
7		fmt.Println("Update policy success", result)
8	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationCreate Policy

Delete strategy

Delete a policy with the following code

Go 
1	name := "test_sdk_go_policy"
2	err = client.DeletePolicy(name)
3	if err != nil {
4		fmt.Println("List policy failed", err)
5	} else {
6		fmt.Println("List policy success", name)
7	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationDelete Policy

List policies

List policies with the following code

Go 
1	name := "test_sdk_go_policy"
2	policyType := "Custom"
3	result, err := client.ListPolicy(name, policyType)
4	if err != nil {
5		fmt.Println("List policy failed", err)
6	} else {
7		fmt.Println("List policy success", result)
8	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationList Policies

Associate user permissions

Associate user permissions with the following code

Go 
1	userName := "test_sdk_go_user"
2	policyName := "test_sdk_go_policy"
3	args := &api.AttachPolicyToUserArgs{
4		UserName:   userName,
5		PolicyName: policyName,
6	}
7	err = client.AttachPolicyToUser(args)
8	if err != nil {
9		fmt.Println("Attach policy to user failed", err)
10	} else {
11		fmt.Println("Attach policy to user success", args)
12	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationAssociate User Permissions

Revoke user permissions

Disassociate user permissions with the following code

Go 
1	userName := "test_sdk_go_user"
2	policyName := "test_sdk_go_policy"
3	args := &api.DetachPolicyFromUserArgs{
4		UserName:   userName,
5		PolicyName: policyName,
6	}
7	err = client.DetachPolicyFromUser(args)
8	if err != nil {
9		fmt.Println("Detach policy to user failed", err)
10	} else {
11		fmt.Println("Detach policy to user success", args)
12	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationDisassociate User Permissions

List user permissions

List user permissions with the following code

Go 
1	userName := "test_sdk_go_user"
2	result, err := client.ListUserAttachedPolicies(userName)
3	if err != nil {
4		fmt.Println("List user attached policy failed", err)
5	} else {
6		fmt.Println("List user attached policy success", result)
7	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationList User Permissions

Associate group permissions

Associate group permissions with the following code

Go 
1	groupName := "test_sdk_go_group"
2	policyName := "test_sdk_go_policy"
3	args := &api.AttachPolicyToGroupArgs{
4		GroupName:  groupName,
5		PolicyName: policyName,
6	}
7	err = client.AttachPolicyToGroup(args)
8	if err != nil {
9		fmt.Println("Attach policy to group failed", err)
10	} else {
11		fmt.Println("Attach policy to group success", args)
12	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationAssociate Group Permissions

Revoke group permissions

Disassociate group permissions with the following code

Go 
1	groupName := "test_sdk_go_group"
2	policyName := "test_sdk_go_policy"
3	args := &api.DetachPolicyFromGroupArgs{
4		GroupName:  groupName,
5		PolicyName: policyName,
6	}
7	err = client.DetachPolicyFromGroup(args)
8	if err != nil {
9		fmt.Println("Detach policy to group failed", err)
10	} else {
11		fmt.Println("Detach policy to group success", args)
12	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationDisassociate Group Permissions

List group permissions

List group permissions with the following code

Go 
1	groupName := "test_sdk_go_group"
2	result, err := client.ListGroupAttachedPolicies(groupName)
3	if err != nil {
4		fmt.Println("List group attached policy failed", err)
5	} else {
6		fmt.Println("List group attached policy success", result)
7	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationList Group Permissions

Associate role permissions

Associate role permissions with the following code

Go 
1	roleName := "test_sdk_go_group"
2	policyName := "test_sdk_go_policy"
3	args := &api.AttachPolicyToRoleArgs{
4		RoleName:   roleName,
5		PolicyName: policyName,
6	}
7	err = client.AttachPolicyToRole(args)
8	if err != nil {
9		fmt.Println("Attach policy to role failed", err)
10	} else {
11		fmt.Println("Attach policy to role success", args)
12	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationAssociate Role Permissions

Revoke role permissions

Associate role permissions with the following code

Go 
1	roleName := "test_sdk_go_group"
2	policyName := "test_sdk_go_policy"
3	args := &api.DetachPolicyToRoleArgs{
4		RoleName:   roleName,
5		PolicyName: policyName,
6	}
7	err = client.DetachPolicyFromRole(args)
8	if err != nil {
9		fmt.Println("Detach policy to role failed", err)
10	} else {
11		fmt.Println("Detach policy to role success", args)
12	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationDisassociate Role Permissions

List role permissions

List role permissions with the following code

Go 
1	roleName := "test_sdk_go_group"
2	result, err := client.ListRoleAttachedPolicies(roleName)
3	if err != nil {
4		fmt.Println("List role attached policy failed", err)
5	} else {
6		fmt.Println("List role attached policy success", result)
7	}

Prompt:

  • For detailed parameter configuration and constraints, refer to the IAM API documentationList Role Permissions

List entities bound to permissions

List entities bound to permissions with the following code

Go 
1	policyId := "test_policy_id"
2	entities, err := client.ListPolicyAttachedEntities(policyId)
3	if err != nil {
4		fmt.Println("List policy attached entities failed", err)
5	} else {
6		fmt.Println("List policy attached entities success", entities)
7	}

Prompt:

  • For detailed parameter configurations and constraints, refer to the IAM API documentation List All Permission-bound Entities

Previous
Overview
Next
Role Management Interfaces