更新时间:2025-08-01 GMT+08:00
分享

更新空间资源权限策略

功能介绍

更新空间资源权限策略

调用方法

请参见如何调用API

URI

PUT /v1/{project_id}/security/permission-resource/{policy_id}

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID,获取方法请参见项目ID和账号ID

policy_id

String

空间资源权限策略id。

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

workspace

String

工作空间ID,获取方法请参见实例ID和工作空间ID

X-Auth-Token

String

IAM Token,通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)使用Token认证时必选。

表3 请求Body参数

参数

是否必选

参数类型

描述

policy_name

String

策略名称:英文和汉字开头, 支持英文、汉字、数字、下划线, 2-64字符

resources

Array of ResourcePolicyItem objects

资源对象列表。资源对象包含 数据连接, 连接获取方法详见查询数据连接列表

members

Array of MemberPolicyItem objects

成员列表。 成员包含空间用户、空间用户组、空间用户角色。空间用户、用户组获取方法请参见获取工作空间用户信息,空间角色获取方法参见获取工作空间用户角色

表4 ResourcePolicyItem

参数

是否必选

参数类型

描述

resource_id

String

资源id

resource_name

String

资源名称

resource_type

String

资源类型:DATA_CONNECTION,AGENCY

表5 MemberPolicyItem

参数

是否必选

参数类型

描述

member_id

String

成员id

member_name

String

成员名称

member_type

String

成员类型:USER,USER_GROUP,WORKSPACE_ROLE,分别代表空间用户、空间用户组、空间角色

响应参数

状态码:200

表6 响应Body参数

参数

参数类型

描述

policy_id

String

策略id

policy_name

String

策略名称

resources

Array of ResourcePolicyItem objects

资源对象列表

members

Array of MemberPolicyItem objects

成员列表

create_time

Long

创建时间

create_user

String

创建用户

update_time

Long

修改时间

表7 ResourcePolicyItem

参数

参数类型

描述

resource_id

String

资源id

resource_name

String

资源名称

resource_type

String

资源类型:DATA_CONNECTION,AGENCY

表8 MemberPolicyItem

参数

参数类型

描述

member_id

String

成员id

member_name

String

成员名称

member_type

String

成员类型:USER,USER_GROUP,WORKSPACE_ROLE,分别代表空间用户、空间用户组、空间角色

状态码:400

表9 响应Body参数

参数

参数类型

描述

error_code

String

错误码。

error_msg

String

错误描述。

请求示例

/v1/0833a5737480d53b2f25c010dc1a7b88/security/permission-resource/578f83559cdb4cebb0ff4527b59a2fda

{
  "policy_name" : "test_resource_permission_policy",
  "members" : [ {
    "member_id" : "fea96c90024711b8bf8d6886407b814b",
    "member_name" : "common_user",
    "member_type" : "USER"
  }, {
    "member_id" : "0833a5736980d53b0f22c0102ffcbfc0",
    "member_name" : "ei_dayu_test_usergroup_01",
    "member_type" : "USER_GROUP"
  } ],
  "resources" : [ {
    "resource_id" : "7c8a2d85d917492bb3195377cd9c36be",
    "resource_name" : "hive",
    "resource_type" : "DATA_CONNECTION"
  } ]
}

响应示例

状态码:200

OK

{
  "policy_id" : "b43927a45a514e93ba70524b28923500",
  "policy_name" : "test_dataconnection_permission_policy",
  "create_time" : 1698202688247,
  "update_time" : 1698202688247,
  "create_user" : "ei_dayu_test_01",
  "members" : [ {
    "member_id" : "fea96c90024711b8bf8d6886407b814b",
    "member_name" : "common_user",
    "member_type" : "USER"
  }, {
    "member_id" : "0833a5736980d53b0f22c0102ffcbfc0",
    "member_name" : "ei_dayu_test_usergroup_01",
    "member_type" : "USER_GROUP"
  } ],
  "resources" : [ {
    "resource_id" : "7c8a2d85d917492bb3195377cd9c36be",
    "resource_name" : "hive",
    "resource_type" : "DATA_CONNECTION"
  } ]
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.dataartsstudio.v1.region.DataArtsStudioRegion;
import com.huaweicloud.sdk.dataartsstudio.v1.*;
import com.huaweicloud.sdk.dataartsstudio.v1.model.*;

import java.util.List;
import java.util.ArrayList;

public class UpdateSecurityResourcePermissionPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        DataArtsStudioClient client = DataArtsStudioClient.newBuilder()
                .withCredential(auth)
                .withRegion(DataArtsStudioRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateSecurityResourcePermissionPolicyRequest request = new UpdateSecurityResourcePermissionPolicyRequest();
        request.withPolicyId("{policy_id}");
        PermissionResourcePolicyCreateDTO body = new PermissionResourcePolicyCreateDTO();
        List<MemberPolicyItem> listbodyMembers = new ArrayList<>();
        listbodyMembers.add(
            new MemberPolicyItem()
                .withMemberId("fea96c90024711b8bf8d6886407b814b")
                .withMemberName("common_user")
                .withMemberType(MemberPolicyItem.MemberTypeEnum.fromValue("USER"))
        );
        listbodyMembers.add(
            new MemberPolicyItem()
                .withMemberId("0833a5736980d53b0f22c0102ffcbfc0")
                .withMemberName("ei_dayu_test_usergroup_01")
                .withMemberType(MemberPolicyItem.MemberTypeEnum.fromValue("USER_GROUP"))
        );
        List<ResourcePolicyItem> listbodyResources = new ArrayList<>();
        listbodyResources.add(
            new ResourcePolicyItem()
                .withResourceId("7c8a2d85d917492bb3195377cd9c36be")
                .withResourceName("hive")
                .withResourceType(ResourcePolicyItem.ResourceTypeEnum.fromValue("DATA_CONNECTION"))
        );
        body.withMembers(listbodyMembers);
        body.withResources(listbodyResources);
        body.withPolicyName("test_resource_permission_policy");
        request.withBody(body);
        try {
            UpdateSecurityResourcePermissionPolicyResponse response = client.updateSecurityResourcePermissionPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkdataartsstudio.v1.region.dataartsstudio_region import DataArtsStudioRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkdataartsstudio.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = DataArtsStudioClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(DataArtsStudioRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateSecurityResourcePermissionPolicyRequest()
        request.policy_id = "{policy_id}"
        listMembersbody = [
            MemberPolicyItem(
                member_id="fea96c90024711b8bf8d6886407b814b",
                member_name="common_user",
                member_type="USER"
            ),
            MemberPolicyItem(
                member_id="0833a5736980d53b0f22c0102ffcbfc0",
                member_name="ei_dayu_test_usergroup_01",
                member_type="USER_GROUP"
            )
        ]
        listResourcesbody = [
            ResourcePolicyItem(
                resource_id="7c8a2d85d917492bb3195377cd9c36be",
                resource_name="hive",
                resource_type="DATA_CONNECTION"
            )
        ]
        request.body = PermissionResourcePolicyCreateDTO(
            members=listMembersbody,
            resources=listResourcesbody,
            policy_name="test_resource_permission_policy"
        )
        response = client.update_security_resource_permission_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    dataartsstudio "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dataartsstudio/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dataartsstudio/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dataartsstudio/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := dataartsstudio.NewDataArtsStudioClient(
        dataartsstudio.DataArtsStudioClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateSecurityResourcePermissionPolicyRequest{}
	request.PolicyId = "{policy_id}"
	memberTypeMembers:= model.GetMemberPolicyItemMemberTypeEnum().USER
	memberTypeMembers1:= model.GetMemberPolicyItemMemberTypeEnum().USER_GROUP
	var listMembersbody = []model.MemberPolicyItem{
        {
            MemberId: "fea96c90024711b8bf8d6886407b814b",
            MemberName: "common_user",
            MemberType: &memberTypeMembers,
        },
        {
            MemberId: "0833a5736980d53b0f22c0102ffcbfc0",
            MemberName: "ei_dayu_test_usergroup_01",
            MemberType: &memberTypeMembers1,
        },
    }
	var listResourcesbody = []model.ResourcePolicyItem{
        {
            ResourceId: "7c8a2d85d917492bb3195377cd9c36be",
            ResourceName: "hive",
            ResourceType: model.GetResourcePolicyItemResourceTypeEnum().DATA_CONNECTION,
        },
    }
	request.Body = &model.PermissionResourcePolicyCreateDto{
		Members: listMembersbody,
		Resources: listResourcesbody,
		PolicyName: "test_resource_permission_policy",
	}
	response, err := client.UpdateSecurityResourcePermissionPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

OK

400

Bad Request

相关文档