Role Management Interfaces

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
All documents
menu
No results found, please re-enter

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
  • Document center
  • arrow
  • IAMIAM
  • arrow
  • API Reference_IAM
  • arrow
  • Role Management Interfaces
Table of contents on this page
  • Create role
  • Query role
  • Update role
  • Delete role
  • List roles
  • Request example
  • Response example

Role Management Interfaces

Updated at:2025-10-27

Create role

API description

Create a role.

Request structure

Plain Text 
1POST /v1/role HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
name String RequestBody Role name Yes
description String RequestBody Role description No
assumeRolePolicyDocument String RequestBody Specify the carriers allowed to assume this role Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[RoleModel](IAM/API Reference_IAM/Data type.md#RoleModel) object

Request example

Plain Text 
1POST /v1/user HTTP/1.1h
2Host: iam.bj.baidubce.com
3content-type: application/json
4Content-Length: 20
5Authorization: Authorization String
6  
7{
8	"name":"test-role",
9	"description":"test role create",
10	"assumeRolePolicyDocument": "{\"version\":\"v1\",\"accessControlList\":[{\"service\":\"bce:iam\",\"permission\":[\"AssumeRole\"],\"region\":\"*\",\"grantee\":[{\"id\":\"grantee-id\"}],\"effect\":\"Allow\"}]}"
11}

Response example

Plain Text 
1HTTP/1.1 201 Created     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS           
5{
6    "id": "9c039e6385854e07a5a31e254eab21ea",
7    "createTime": "2019-06-06T03:42:13Z",
8    "name": "test-role",
9    "assumeRolePolicyDocument": "{\"id\":\"sts role acl\",\"version\":\"v1\",\"accessControlList\":[{\"service\":\"bce:iam\",\"region\":\"*\",\"resource\":[\"role/9c039e6385854e07a5a31e254eab21ea\"],\"grantee\":[{\"id\":\"grantee-id\"}],\"effect\":\"Allow\",\"permission\":[\"AssumeRole\"],\"eid\":\"role acl entry\"}]}"
10}

Query role

API description

Query a role.

Request structure

Plain Text 
1GET /v1/role/{roleName} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
roleName String URL parameter Role name Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[RoleModel](IAM/API Reference_IAM/Data type.md#RoleModel) object

Request example

Plain Text 
1GET /v1/role/test-role HTTP/1.1
2Host: iam.bj.baidubce.com
3content-type: application/json
4Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS     
5      
6{
7    "id": "9c039e6385854e07a5a31e254eab21ea",
8    "createTime": "2019-06-06T03:42:13Z",
9    "name": "test-role",
10    "assumeRolePolicyDocument": "{\"id\":\"sts role acl\",\"version\":\"v1\",\"accessControlList\":[{\"service\":\"bce:iam\",\"region\":\"*\",\"resource\":[\"role/9c039e6385854e07a5a31e254eab21ea\"],\"grantee\":[{\"id\":\"grantee-id\"}],\"effect\":\"Allow\",\"permission\":[\"AssumeRole\"],\"eid\":\"role acl entry\"}]}"
11}

Update role

API description

Update a role.

Request structure

Plain Text 
1PUT /v1/role/{roleName} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
roleName String URL parameter Role name Yes
name String RequestBody Updated role name No
description String RequestBody Role description No
assumeRolePolicyDocument String RequestBody Specify identities eligible to assume this role No

Response headers

There are no special headers required beyond the common headers.

Response parameters

[RoleModel](IAM/API Reference_IAM/Data type.md#RoleModel) object

Request example

Plain Text 
1 PUT /v1/role/test-role HTTP/1.1
2 Host: iam.bj.baidubce.com
3 content-type: application/json
4 Content-Length: 34
5 Authorization: AuthorizationString
6
7 {
8 	"description":"update role demo",
9	"assumeRolePolicyDocument": "{\"version\":\"v1\",\"accessControlList\":[{\"service\":\"bce:iam\",\"permission\":[\"AssumeRole\"],\"region\":\"*\",\"grantee\":[{\"id\":\"new-grantee-id\"}],\"effect\":\"Allow\"}]}"
10 	}

Response example

Plain Text 
1 HTTP/1.1 200 OK     
2 Content-Type: application/json;charset=UTF-8     
3 X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4 Server: BWS     
5      
6 {
7     "id": "9c039e6385854e07a5a31e254eab21ea",
8     "createTime": "2019-06-06T03:42:13Z",
9     "name": "test-role",
10     "description": "update role demo",
11     "assumeRolePolicyDocument": "{\"id\":\"sts role acl\",\"version\":\"v1\",\"accessControlList\":[{\"service\":\"bce:iam\",\"region\":\"*\",\"resource\":[\"role/9c039e6385854e07a5a31e254eab21ea\"],\"grantee\":[{\"id\":\"new-grantee-id\"}],\"effect\":\"Allow\",\"permission\":[\"AssumeRole\"],\"eid\":\"role acl entry\"}]}"
12 }

Delete role

API description

Delete a role.

Request structure

Plain Text 
1DELETE /v1/role/{roleName} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
roleName String URL parameter Role name Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1DELETE /v1/role/test-role HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: Authorization String

Response example

Plain Text 
1HTTP/1.1 204 No Content
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS

List roles

API description

List all roles.

Request structure

Plain Text 
1GET /v1/role HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

None

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
roles List<[RoleModel](IAM/API Reference_IAM/Data type.md#RoleModel)> List of role objects

Request example

Plain Text 
1GET /v1/role HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: Authorization String

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "roles": [
7        {
8            "id": "9c039e6385854e07a5a31e254eab21ea",
9            "createTime": "2019-06-06T03:42:13Z",
10            "name": "test-role",
11            “description": "update role demo",
12     		"assumeRolePolicyDocument": "{\"id\":\"sts role acl\",\"version\":\"v1\",\"accessControlList\":[{\"service\":\"bce:iam\",\"region\":\"*\",\"resource\":[\"role/9c039e6385854e07a5a31e254eab21ea\"],\"grantee\":[{\"id\":\"grantee-id\"}],\"effect\":\"Allow\",\"permission\":[\"AssumeRole\"],\"eid\":\"role acl entry\"}]}"
13        }
14    ]
15}

Previous
Policy management API
Next
Service domain