Querying the Permissions of a User Group Associated with an Enterprise Project
Function
This API is used to query the permissions of a user group associated with the enterprise project of a specified ID.
This API can be invoked using the global domain name iam.myhuaweicloud.eu.
This API will be deprecated soon. Please use the API described in Querying the Permissions of a User Group Associated with an Enterprise Project instead.
URI
- URI format
GET /v3.0/OS-PAP/enterprise-projects/{enterprise_project_id}/groups/{group_id}/roles
- URI parameter description
Parameter
Mandatory
Type
Description
enterprise_project_id
Yes
String
ID of the enterprise project for querying the permissions of an associated user group.
group_id
Yes
String
ID of a user group associated with the enterprise project.
Request
- Request header parameter description
Parameter
Mandatory
Type
Description
X-Auth-Token
Yes
String
Authenticated token with Security Administrator permissions.
Content-Type
Yes
String
Fill application/json;charset=utf8 in this field.
- Sample request
curl -i -k -H "X-Auth-Token:$token" -H 'Content-Type:application/json;charset=utf8' -X GET https://iam.myhuaweicloud.eu/v3.0/OS-PAP/enterprise-projects/535fb147-6148-4c71-a679-b79a2cb0e.../groups/10d8104f395d43468094753f28692.../roles
Response
- Response body parameter description
Parameter
Mandatory
Type
Description
roles
Yes
JSONArray
Permission information.
- Description for the role format
Parameter
Mandatory
Type
Description
display_name
Yes
String
Name of a permission displayed on the console.
description
Yes
String
Description of the permission.
description_cn
Yes
String
Description of the permission.
domain_id
Yes
String
- If a custom policy has been bound to the user group, the value of this parameter is the account ID of the user that creates the custom policy.
- If a default policy has been bound to the user group, the value of this parameter is null.
flag
No
String
A tag for indicating an internal fine-grained role.
catalog
Yes
String
Directory to which the permission belongs.
- If a custom policy has been bound to the user group, the value of this parameter is CUSTOMED.
- If a default policy has been bound to the user group, the value of this parameter is the corresponding service name, for example, ECS.
policy
Yes
Dict
Details about the permission. For more information, see Description for the policy format.
id
Yes
String
Permission ID.
type
Yes
String
Display position of the permission.
- AX: Displayed in the Global project.
- XA: Displayed in projects other than the Global project.
NOTE:
The value of this parameter can only be AX or XA, and cannot be AA or XX.
name
Yes
String
Name of the permission used in the system.
- Description for the policy format
Parameter
Mandatory
Type
Description
Version
Yes
String
Policy version.
Statement
Yes
JSONArray
Statement for using the policy to grant permissions. A policy consists of a maximum of eight statements. A Statement field contains the Effect and Action elements.
- Description for the statement format
Parameter
Mandatory
Type
Description
Effect
Yes
String
The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.
Action
Yes
StringArray
Permission set, which specifies the operation permissions on resources. The number of permission sets cannot exceed 100.
Format:
The value format is Service name:Resource type:Action, for example, vpc:ports:create.
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed.
Resource type and Action: The values are case-insensitive, and the wildcard (*) is allowed. A wildcard (*) can represent all or part of the information about resource types and actions for the specific service.
- Example successful response
{ "roles": [ { "display_name": "Customed ECS Viewer", "description": "The read-only permissions to all ECS resources, which can be used for statistics and survey.", "domain_id": "9698542758bc422088c0c3eabf...", "catalog": "CUSTOMED", "policy": { "Version": "1.1", "Statement": [ { "Action": [ "ecs:*:get*", "ecs:*:list*", "ecs:blockDevice:use", "ecs:serverGroups:manage", "ecs:serverVolumes:use", "evs:*:get*", "evs:*:list*", "vpc:*:get*", "vpc:*:list*", "ims:*:get*", "ims:*:list*" ], "Effect": "Allow" } ] }, "id": "24e7a89bffe443979760c4e9715c1...", "type": "XA", "name": "custom_9698542758bc422088c0c3eabfc30d1..." } ] }
- Error response body parameter description
Parameter
Mandatory
Type
Description
error
Yes
Dict
Response error
message
Yes
String
Error details
code
Yes
Int
Status code
title
Yes
String
Error type
- Example failed response
{ "error": { "message": "Authentication failed", "code": 401, "title": "Unauthorized" } }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
400 |
The server failed to process the request. |
401 |
You must enter a username and password to access the requested page. |
403 |
Access denied. |
500 |
Failed to complete the request because of an internal service error. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.