授权项变更公告
公告说明
自2025年11月15日起,当用户使用以下API的自定义策略授权时,用户需创建或更新自定义策略才可访问。
| 权限描述 | 对应的API | 新增授权项 | 依赖授权项 | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|---|
| 批量删除流控策略 | POST /v2/{project_id}/apigw/instances/{instance_id}/throttles/batch-delete | apig:throttles:delete | - | √ | √ |
自2024年9月起,当用户使用以下API的自定义策略授权时,用户需创建或更新自定义策略才可访问。
| 权限描述 | 对应的API | 新增授权项 | 依赖授权项 | IAM项目(Project) | 企业项目(Enterprise Project) |
|---|---|---|---|---|---|
| 获取SSL证书列表 | GET /v2/{project_id}/apigw/certificates | apig:certificate:list | - | √ | √ |
| 创建SSL证书 | POST /v2/{project_id}/apigw/certificates | apig:certificate:create | apig:instances:get | √ | 请求参数中携带instance_id时支持,否则不支持 |
| 删除SSL证书 | DELETE /v2/{project_id}/apigw/certificates/{certificate_id} | apig:certificate:delete | - | √ | × |
| 查看证书详情 | GET /v2/{project_id}/apigw/certificates/{certificate_id} | apig:certificate:get | - | √ | × |
| 修改SSL证书 | PUT /v2/{project_id}/apigw/certificates/{certificate_id} | apig:certificate:update | apig:instances:get | √ | 请求参数中携带instance_id时支持,否则不支持 |
| 获取SSL证书已绑定域名列表 | GET /v2/{project_id}/apigw/certificates/{certificate_id}/attached-domains | apig:certificate:listBoundDomain | - | √ | × |
| SSL证书绑定域名 | POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/attach | apig:certificate:batchBindDomain | apig:certificate:get apig:groups:get | √ | × |
| SSL证书解绑域名 | POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/detach | apig:certificate:batchUnbindDomain | apig:certificate:get apig:groups:get | √ | × |
| 查询实例终端节点连接列表 | GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections | apig:instance:listVpcEndpoint | apig:instances:get | √ | √ |
| 接受或拒绝终端节点连接 | POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections/action | apig:instance:acceptOrRejectVpcEndpointConnection | apig:instances:get | √ | √ |
| 查询实例的终端节点服务的白名单列表 | GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions | apig:instance:listVpcEndpointPermission | apig:instances:get | √ | √ |
| 批量添加实例终端节点连接白名单 | POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-add | apig:instance:batchAddVpcEndpointPermission | apig:instances:get | √ | √ |
| 批量删除实例终端节点连接白名单 | POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-delete | apig:instance:batchDeleteVpcEndpointPermission | apig:instances:get | √ | √ |
| 创建参数编排规则 | POST /v2/{project_id}/apigw/instances/{instance_id}/orchestration | apig:orchestration:create | apig:instances:get | √ | √ |
| 查看编排规则列表 | GET /v2/{project_id}/apigw/instances/{instance_id}/orchestration | apig:orchestration:list | apig:instances:get | √ | √ |
| 查询编排规则详情 | GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id} | apig:orchestration:get | apig:instances:get | √ | √ |
| 更新编排规则 | PUT /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id} | apig:orchestration:update | apig:instances:get | √ | √ |
| 删除编排规则 | DELETE /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id} | apig:orchestration:delete | apig:instances:get | √ | √ |
| 查询编排规则绑定的API | GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}/attached-apis | apig:orchestration:listBoundApis | apig:instances:get | √ | √ |
范围
全部Region。
影响
自定义策略中未包含以上新增的授权项时,用户无权访问以上API。
适配方案
创建或更新自定义策略,添加以上新增的授权项以及依赖授权项,并通过给用户组授予自定义策略来进行精细的访问控制。自定义策略请参考API网关自定义策略样例。
