Policy management API

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
All documents
menu
No results found, please re-enter

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
  • Document center
  • arrow
  • IAMIAM
  • arrow
  • API Reference_IAM
  • arrow
  • Policy management API
Table of contents on this page
  • Create Strategy
  • Update strategy
  • Query policies
  • Delete strategy
  • List policies
  • Associate user permissions
  • Revoke user permissions
  • List user permissions
  • Associate group permissions
  • Revoke group permissions
  • List group permissions
  • Associate role permissions
  • Revoke role permissions
  • List role permissions
  • List principals granted permissions
  • List all principals granted permissions

Policy management API

Updated at:2025-10-27

Note: Permission policies are categorized as custom policies and system policies. Custom policies refer to user-created and managed permission policies with the type of “custom”, while system policies are built-in policies uniformly managed by the cloud platform with the type of “system”. In the following APIs, if the policyType parameter is not specified, it defaults to the custom policy type.

Create Strategy

API description

Create permission policies.

Request structure

Plain Text 
1POST /v1/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
name String RequestBody Group name Yes
description String RequestBody Group description No
document String RequestBody Policy content, the string obtained after ACL format serialization Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[PolicyModel](IAM/API Reference_IAM/Data type.md#PolicyModel) object

Request example

Plain Text 
1POST /v1/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3content-type: application/json
4Content-Length: 20
5Authorization: AuthorizationString
6{"name":"test_policy", "document":"{\"accessControlList\": [{\"region\":\"bj\",\"service\":\"bcc\",\"resource\":[\"*\"],\"permission\":[\"*\"],\"effect\":\"Allow\"}]}"}

Response example

Plain Text 
1HTTP/1.1 201 Created     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS     
5{
6    "description": "",
7    "createTime": "2019-06-06T09:13:50Z",
8    "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
9    "type": "Custom",
10    "id": "d19f78b0595242b5a8c3419c09c81b40",
11    "name": "test_policy"
12}

Update strategy

API description

Only permission policies created through ACL Custom Creation are supported.

Request structure

Plain Text 
1POST /v1/policy/{policyName} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
policyName String URL parameters Original policy name Yes
name String RequestBody New policy name No
description String RequestBody Policy description No
document String RequestBody Policy content, the string obtained after ACL format serialization Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[PolicyModel](IAM/API Reference_IAM/Data type.md#PolicyModel) object

Request example

Plain Text 
1POST /v1/policy/test_policy HTTP/1.1
2Host: iam.bj.baidubce.com
3content-type: application/json
4Content-Length: 20
5Authorization: AuthorizationString
6{"name":"test_policy", "document":"{\"accessControlList\": [{\"region\":\"bj\",\"service\":\"bcc\",\"resource\":[\"*\"],\"permission\":[\"*\"],\"effect\":\"Allow\"}]}"}

Response example

Plain Text 
1HTTP/1.1 200     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS     
5{
6    "description": "",
7    "createTime": "2019-06-06T09:13:50Z",
8    "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
9    "type": "Custom",
10    "id": "d19f78b0595242b5a8c3419c09c81b40",
11    "name": "test_policy"
12}

Query policies

API description

Query existing permission policies.

Request structure

Plain Text 
1GET /v1/policy/{policyName}?policyType={policyType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
policyName String URL parameter Strategy name Yes
policyType String Query Policy type to be queried: System for system policies; Custom for custom policies No

Response headers

There are no special headers required beyond the common headers.

Response parameters

[PolicyModel](IAM/API Reference_IAM/Data type.md#PolicyModel) object

Request example

Plain Text 
1GET /v1/policy/test_policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS     
5{
6    "description": "",
7    "createTime": "2019-06-06T09:13:50Z",
8    "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
9    "type": "Custom",
10    "id": "d19f78b0595242b5a8c3419c09c81b40",
11    "name": "test_policy"
12}

Delete strategy

API description

Delete permission policies.

Note: Before deleting a group, all permission associations with the policy must be revoked first.

Request structure

Plain Text 
1DELETE /v1/policy/{policyName} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
policyName String URL parameter Group name Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1DELETE /v1/policy/test_policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 204 No Content
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS

List policies

API description

List all permission policies.

When the policyType is set to “system,” display the built-in system policies.

Request structure

Plain Text 
1GET /v1/policy?policyType={policyType}&nameFilter=${nameFilter} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
policyType String Query Policy type to be queried: System for system policies; Custom for custom policies No
nameFilter String Query Policy name filtering conditions; it returns only results containing this keyword when not empty No

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
policies List<[PolicyModel](IAM/API Reference_IAM/Data type.md#PolicyModel)> List of policy objects

Request example

Plain Text 
1GET /v1/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "policies": [
7        {
8            "description": "",
9            "createTime": "2019-06-06T09:13:50Z",
10            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
11            "type": "Custom",
12            "id": "d19f78b0595242b5a8c3419c09c81b40",
13            "name": "test_policy"
14        }
15    ]
16}

Associate user permissions

API description

Assign permission policies to a user.

Request structure

Plain Text 
1PUT /v1/user/{userName}/policy/{policyName}?policyType={policyType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
policyName String URL parameter Strategy name Yes
policyType String Query Policy type to be associated: “system” for system policies; “custom” for custom policies No

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1PUT /v1/user/test-user/policy/test_policy
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS

Revoke user permissions

API description

Remove permission policies assigned to an IAM user.

Request structure

Plain Text 
1DELETE /v1/user/{userName}/policy/{policyName}policyType={policyType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
policyName String URL parameter Strategy name Yes
policyType String Query Type of policy to be associated: “system” for system policies; “custom” for custom policies No

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1DELETE /v1/user/test-user/policy/test_policy
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 204 No Content
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS

List user permissions

API description

Display the permission policies linked to a user.

Request structure

Plain Text 
1GET /v1/user/{userName}/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
policies List<[PolicyModel](IAM/API Reference_IAM/Data type.md#PolicyModel)> List of policy objects

Request example

Plain Text 
1GET /v1/user/test-user/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "policies": [
7        {
8            "description": "",
9            "createTime": "2019-06-06T09:13:50Z",
10            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
11            "type": "Custom",
12            "id": "d19f78b0595242b5a8c3419c09c81b40",
13            "name": "test_policy"
14        }
15    ]
16}

Associate group permissions

API description

Assign permission policies to a user group.

Request structure

Plain Text 
1PUT /v1/group/{groupName}/policy/{policyName}?policyType={policyType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
groupName String URL parameter Group name Yes
policyName String URL parameter Strategy name Yes
policyType String Query Policy type to be associated: “system” for system policies; “custom” for custom policies No

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1PUT /v1/group/test_group/policy/test_policy
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS

Revoke group permissions

API description

Remove permission policies assigned to a user group.

Request structure

Plain Text 
1DELETE /v1/group/{groupName}/policy/{policyName}policyType={policyType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
groupName String URL parameter Group name Yes
policyName String URL parameter Strategy name Yes
policyType String Query Type of policy to be associated: “system” for system policies; “custom” for custom policies No

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1DELETE /v1/group/test_group/policy/test_policy
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 204 No Content
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS

List group permissions

API description

Display the permission policies linked to a group.

Request structure

Plain Text 
1GET /v1/group/{groupName}/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
groupName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
policies List<[PolicyModel](IAM/API Reference_IAM/Data type.md#PolicyModel)> List of policy objects

Request example

Plain Text 
1GET /v1/group/test_group/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "policies": [
7        {
8            "description": "",
9            "createTime": "2019-06-06T09:13:50Z",
10            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
11            "type": "Custom",
12            "id": "d19f78b0595242b5a8c3419c09c81b40",
13            "name": "test_policy"
14        }
15    ]
16}

Associate role permissions

API description

Assign permission policies to a role.

Request structure

Plain Text 
1PUT /v1/role/{roleName}/policy/{policyName}?policyType={policyType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
roleName String URL parameter Role name Yes
policyName String URL parameter Strategy name Yes
policyType String Query Policy type to be associated: “system” for system policies; “custom” for custom policies No

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1PUT /v1/role/test-role/policy/test_policy
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS

Revoke role permissions

API description

Remove permission policies from a role.

Request structure

Plain Text 
1DELETE /v1/role/{roleName}/policy/{policyName}?policyType={policyType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
roleName String URL parameter Role name Yes
policyName String URL parameter Strategy name Yes
policyType String Query Type of policy to be associated: “system” for system policies; “custom” for custom policies No

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1DELETE /v1/role/test-role/policy/test_policy
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 204 No Content
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS

List role permissions

API description

Display the permission policies linked to a role.

Request structure

Plain Text 
1GET /v1/role/{roleName}/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
roleName String URL parameter Role name Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
policies List<[PolicyModel](IAM/API Reference_IAM/Data type.md#PolicyModel)> List of policy objects

Request example

Plain Text 
1GET /v1/role/test-role/policy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "policies": [
7        {
8            "description": "",
9            "createTime": "2019-06-06T09:13:50Z",
10            "document": "{\"id\":\"policy_d19f78b0595242b5a8c3419c09c81b40\",\"accessControlList\":[{\"service\":\"bcc\",\"region\":\"bj\",\"resource\":[\"*\"],\"effect\":\"Allow\",\"permission\":[\"*\"]}]}",
11            "type": "Custom",
12            "id": "d19f78b0595242b5a8c3419c09c81b40",
13            "name": "test_policy"
14        }
15    ]
16}

List principals granted permissions

API description

Show the principals who have been granted permission policies.

Request structure

Plain Text 
1GET /v1/policy/{policyId}/grant/{grantType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
policyId String URL parameter Strategy ID Yes
grantType String URL parameter Grant type, either UserPolicy or GroupPolicy Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
entities List List of principals to whom policies have been granted
id String Principal ID
name String Principal name
type String Either UserPolicy or GroupPolicy
attach_time DateTime Policy grant time

Request example

Plain Text 
1GET /v1/policy/8e7cb46773944da8aa3b351e1dfe1c59/grant/UserPolicy HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "entities": [
7        {
8            "id": "4b284b9ea9724fd4af7c45986a447876",
9            "name": "test10",
10            "type": "UserPolicy",
11            "attach_time": "2023-10-11T10:05:14.000Z"
12        }
13    ]
14}

List all principals granted permissions

API description

List all principals granted with permission policies.

Request structure

Plain Text 
1GET /v1/policy/{policyId}/entity HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
policyId String URL parameter Strategy ID Yes

Response parameters

Name Types Description
entities List List of principals to whom policies have been granted
id String Principal ID
name String Principal name
type String UserPolicy、GroupPolicy、RolePolicy
attach_time DateTime Policy grant time

Request example

Plain Text 
1GET /v1/policy/8e7cb46773944da8aa3b351e1dfe1c59/entity HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "entities": [
7        {
8            "id": "36b6fb0121a84c65b437fe7df0341234",
9            "name": "testUser",
10            "type": "UserPolicy",
11            "attachTime": "2024-04-22T10:57:08.000Z"
12        },
13        {
14            "id": "fbe4f761c3f340c3a29022c62f042345",
15            "name": "testGroup",
16            "type": "GroupPolicy",
17            "attachTime": "2024-04-22T10:57:22.000Z"
18        },
19        {
20            "id": "91a247bb83ec44b0950ee452db9f4567",
21            "name": "testRole",
22            "type": "RolePolicy",
23            "attachTime": "2024-04-22T10:57:32.000Z"
24        }
25    ]
26}

Previous
Introduction
Next
Role Management Interfaces