Actions
Token Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Obtaining an Agency Token |
iam:tokens:assume |
- |
- |
Access Key Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Listing Permanent Access Keys |
iam:credentials:listCredentials |
- |
- |
|
Querying a Permanent Access Key |
iam:credentials:getCredential |
- |
- |
|
Creating a Permanent Access Key |
iam:credentials:createCredential |
- |
- |
|
Modifying a Permanent Access Key |
iam:credentials:updateCredential |
- |
- |
|
Deleting a Permanent Access Key |
iam:credentials:deleteCredential |
- |
- |
Virtual MFA Device Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Binding a Virtual MFA Device |
iam:mfa:bindMFADevice |
- |
- |
|
Unbinding a Virtual MFA Device |
iam:mfa:unbindMFADevice |
- |
- |
|
Generating a Secret Key for Binding a Virtual MFA Device |
iam:mfa:createVirtualMFADevice |
- |
- |
|
Deleting a Virtual MFA Device |
iam:mfa:deleteVirtualMFADevice |
- |
- |
Project Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Listing Projects |
iam:projects:listProjects |
- |
- |
|
Creating a Project |
iam:projects:createProject |
- |
- |
|
Modifying Project Information |
iam:projects:updateProject |
- |
- |
|
Changing Project Status |
iam:projects:updateProject |
- |
- |
|
Listing the Projects Accessible to a User |
iam:projects:listProjectsForUser |
- |
- |
|
Deleting a Project |
× |
iam:projects:deleteProject |
- |
- |
Querying the Quotas of a Project |
iam:quotas:listQuotasForProject |
- |
- |
Account Management
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
---|---|---|---|---|
Querying the Quotas of an Account |
iam:quotas:listQuotas |
- |
- |
IAM User Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Listing IAM Users |
iam:users:listUsers |
- |
- |
|
Creating an IAM User |
iam:users:createUser |
- |
- |
|
Modifying User Information |
iam:users:updateUser |
- |
- |
|
Deleting an IAM User |
iam:users:deleteUser |
- |
- |
|
Creating an IAM User (Recommended) |
iam:users:createUser |
- |
- |
|
Querying IAM User Details (Including Email Address and Mobile Number) |
iam:users:getUser |
- |
- |
|
Querying IAM User Details |
iam:users:getUser |
- |
- |
|
Resetting an IAM User's Password |
× |
iam:users:resetUserPassword |
- |
- |
Configuring Login Protection |
× |
iam:users:setUserLoginProtect |
- |
- |
Listing Users Who Have Access to a Specified Project |
× |
iam:users:listUsersForProject |
- |
- |
Querying MFA Device Information of IAM Users |
iam:mfa:listVirtualMFADevices |
- |
- |
|
Querying the MFA Device Information of an IAM User |
iam:mfa:getVirtualMFADevice |
- |
- |
|
Querying Login Protection Configurations of IAM Users |
iam:users:listUserLoginProtects |
- |
- |
|
Querying the Login Protection Configuration of an IAM User |
iam:users:getUserLoginProtect |
- |
- |
User Group Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Querying the User Groups to Which an IAM User Belongs |
iam:groups:listGroupsForUser |
- |
- |
|
Querying the IAM Users in a Group |
iam:users:listUsersForGroup |
- |
- |
|
Listing User Groups |
iam:groups:listGroups |
- |
- |
|
Querying User Group Details |
iam:groups:getGroup |
- |
- |
|
Creating a User Group |
iam:groups:createGroup |
- |
- |
|
Updating User Group Information |
iam:groups:updateGroup |
- |
- |
|
Deleting a User Group |
iam:groups:deleteGroup iam:permissions:removeUserFromGroup iam:permissions:revokeRoleFromGroup iam:permissions:revokeRoleFromGroupOnProject iam:permissions:revokeRoleFromGroupOnDomain |
- |
- |
|
Checking Whether an IAM User Belongs to a User Group |
iam:permissions:checkUserInGroup |
- |
- |
|
Adding an IAM User to a User Group |
iam:permissions:addUserToGroup |
- |
- |
|
Removing an IAM User from a User Group |
iam:permissions:removeUserFromGroup |
- |
- |
Permissions Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Listing Permissions |
iam:roles:listRoles |
- |
- |
|
Querying Permission Details |
iam:roles:getRole |
- |
- |
|
Querying Permissions Assignment Records |
iam:permissions:listRoleAssignments |
√ |
√ |
|
Querying Permissions of a User Group for the Global Service Project |
iam:permissions:listRolesForGroupOnDomain |
- |
- |
|
Querying Permissions of a User Group for a Region-specific Project |
iam:permissions:listRolesForGroupOnProject |
- |
- |
|
Granting Permissions to a User Group for the Global Service Project |
PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroupOnDomain |
- |
- |
Granting Permissions to a User Group for a Region-specific Project |
PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroupOnProject |
- |
- |
Removing Permissions of a User Group for a Region-specific Project |
DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:revokeRoleFromGroupOnProject |
- |
- |
Removing Permissions of a User Group for the Global Service Project |
DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:revokeRoleFromGroupOnDomain |
- |
- |
Checking Whether a User Group Has Specified Permissions for the Global Service Project |
HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:checkRoleForGroupOnDomain |
- |
- |
Checking Whether a User Group Has Specified Permissions for a Region-specific Project |
HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:checkRoleForGroupOnProject |
- |
- |
Granting Specified Permissions to a User Group for All Projects |
PUT /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects |
iam:permissions:grantRoleToGroup |
- |
- |
Querying the Permissions Granted to a User for a Specified Project |
× |
iam:permissions:listRolesForUserOnProject |
- |
- |
Querying All Permissions of a User Group |
× |
iam:permissions:listRolesForGroup |
- |
- |
Checking Whether a User Group Has Specified Permissions |
× |
iam:permissions:checkRoleForGroup |
- |
- |
Removing Permissions of a User Group |
× |
iam:permissions:revokeRoleFromGroup |
- |
- |
Query Permission Assignment Records |
× |
iam:permissions:listRoleAssignments |
- |
- |
Custom Policy Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Listing Custom Policies |
iam:roles:listRoles |
- |
- |
|
Querying Custom Policy Details |
iam:roles:getRole |
- |
- |
|
Creating a Custom Policy for Cloud Services |
iam:roles:createRole |
- |
- |
|
Modifying a Custom Policy for Cloud Services |
iam:roles:updateRole |
- |
- |
|
Deleting a Custom Policy |
iam:roles:deleteRole |
- |
- |
Agency Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Creating an Agency |
iam:agencies:createAgency |
- |
- |
|
Listing Agencies |
iam:agencies:listAgencies |
- |
- |
|
Querying Agency Details |
iam:agencies:getAgency |
- |
- |
|
Modifying an Agency |
iam:agencies:updateAgency |
- |
- |
|
Deleting an Agency |
iam:agencies:deleteAgency |
- |
- |
|
Granting Permissions to an Agency for a Region-specific Project |
PUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:grantRoleToAgencyOnProject |
- |
- |
Checking Whether an Agency Has Specified Permissions for a Region-specific Project |
HEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:checkRoleForAgencyOnProject |
- |
- |
Querying Permissions of an Agency for a Region-specific Project |
GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles |
iam:permissions:listRolesForAgencyOnProject |
- |
- |
Removing Permissions of an Agency for a Region-specific Project |
DELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:revokeRoleFromAgencyOnProject |
- |
- |
Granting Permissions to an Agency for the Global Service Project |
PUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:grantRoleToAgencyOnDomain |
- |
- |
Checking Whether an Agency Has Specified Permissions for the Global Service Project |
HEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:checkRoleForAgencyOnDomain |
- |
- |
Querying Permissions of an Agency for the Global Service Project |
GET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles |
iam:permissions:listRolesForAgencyOnDomain |
- |
- |
Removing Permissions of an Agency for the Global Service Project |
DELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:revokeRoleFromAgencyOnDomain |
- |
- |
Querying All Permissions of an Agency |
GET /v3.0/OS-INHERIT/domains/{domain_id}/agencies/{agency_id}/roles/inherited_to_projects |
iam:permissions:listRolesForAgency |
- |
- |
Checking Whether an Agency Has Specified Permissions |
HEAD /v3.0/OS-INHERIT/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}/inherited_to_projects |
iam:permissions:checkRoleForAgency |
- |
- |
Granting Specified Permissions to an Agency |
PUT /v3.0/OS-INHERIT/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}/inherited_to_projects |
iam:permissions:grantRoleToAgency |
- |
- |
Removing Permissions of an Agency |
iam:permissions:revokeRoleFromAgency |
- |
- |
Enterprise Project Management
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
---|---|---|---|---|
Querying User Groups Associated with an Enterprise Project |
GET /v3.0/OS-PERMISSION/enterprise-projects/{enterprise_project_id}/groups |
iam:permissions:listGroupsOnEnterpriseProject |
- |
√ |
Querying the Permissions of a User Group Associated with an Enterprise Project |
GET /v3.0/OS-PERMISSION/enterprise-projects/{enterprise_project_id}/groups/{group_id}/roles |
iam:permissions:listRolesForGroupOnEnterpriseProject |
- |
√ |
Granting Permissions to a User Group Associated with an Enterprise Project |
iam:permissions:grantRoleToGroupOnEnterpriseProject |
- |
√ |
|
Deleting the Permissions of a User Group Associated with an Enterprise Project |
iam:permissions:revokeRoleFromGroupOnEnterpriseProject |
- |
√ |
|
Querying Enterprise Projects Associated with a User Group |
GET /v3.0/OS-PERMISSION/groups/{group_id}/enterprise-projects |
iam:permissions:listEnterpriseProjectsForGroup |
- |
√ |
Querying Enterprise Projects Directly Associated with a User |
iam:permissions:listEnterpriseProjectsForUser |
- |
√ |
|
Listing Users Associated with an Enterprise Project |
GET /v3.0/OS-PERMISSION/enterprise-projects/{enterprise_project_id}/users |
iam:permissions:listUsersForEnterpriseProject |
- |
√ |
Listing Roles of a User Associated with an Enterprise Project |
GET /v3.0/OS-PERMISSION/enterprise-projects/{enterprise_project_id}/users/{user_id}/roles |
iam:permissions:listRolesForUserOnEnterpriseProject |
- |
√ |
Granting Permissions to a User Associated with an Enterprise Project |
PUT /v3.0/OS-PERMISSION/enterprise-projects/{enterprise_project_id}/users/{user_id}/roles/{role_id} |
iam:permissions:grantRoleToUserOnEnterpriseProject |
- |
√ |
Deleting Roles of a User Associated with an Enterprise Project |
iam:permissions:revokeRoleFromUserOnEnterpriseProject |
- |
√ |
Security Settings
Permission |
API |
Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
---|---|---|---|---|
Modifying the Operation Protection Policy |
PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy |
iam:securitypolicies:updateProtectPolicy |
- |
- |
Querying the Operation Protection Policy |
GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy |
iam:securitypolicies:getProtectPolicy |
- |
- |
Modifying the Password Policy |
PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy |
iam:securitypolicies:updatePasswordPolicy |
- |
- |
Querying the Password Policy |
GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy |
iam:securitypolicies:getPasswordPolicy |
- |
- |
Modifying the Login Authentication Policy |
PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy |
iam:securitypolicies:updateLoginPolicy |
- |
- |
Querying the Login Authentication Policy |
GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy |
iam:securitypolicies:getLoginPolicy |
- |
- |
Modifying the ACL for Console Access |
PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy |
iam:securitypolicies:updateConsoleAclPolicy |
- |
- |
Querying the ACL for Console Access |
GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy |
iam:securitypolicies:getConsoleAclPolicy |
- |
- |
Modifying the ACL for API Access |
PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/api-acl-policy |
iam:securitypolicies:updateApiAclPolicy |
- |
- |
Querying the ACL for API Access |
GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/api-acl-policy |
iam:securitypolicies:getApiAclPolicy |
- |
- |
Federated Identity Authentication Management
Permission |
API |
Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|
Listing Identity Providers |
iam:identityProviders:listIdentityProviders |
- |
- |
|
Querying Identity Provider Details |
iam:identityProviders:getIdentityProvider |
- |
- |
|
Creating a SAML Identity Provider |
iam:identityProviders:createIdentityProvider |
- |
- |
|
Modifying a SAML Identity Provider |
iam:identityProviders:updateIdentityProvider |
- |
- |
|
Deleting a SAML Identity Provider |
iam:identityProviders:deleteIdentityProvider |
- |
- |
|
Creating an OpenID Connect Identity Provider |
POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:createOpenIDConnectConfig |
- |
- |
Modifying an OpenID Connect Identity Provider |
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:updateOpenIDConnectConfig |
- |
- |
Querying Details About an OpenID Connect Identity Provider |
GET /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:getOpenIDConnectConfig |
- |
- |
Listing Mappings |
iam:identityProviders:listMappings |
- |
- |
|
Querying Mapping Details |
iam:identityProviders:getMapping |
- |
- |
|
Registering a Mapping |
iam:identityProviders:createMapping |
- |
- |
|
Updating a Mapping |
iam:identityProviders:updateMapping |
- |
- |
|
Deleting a Mapping |
iam:identityProviders:deleteMapping |
- |
- |
|
Listing Protocols |
iam:identityProviders:listProtocols |
- |
- |
|
Querying Protocol Details |
GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:getProtocol |
- |
- |
Registering a Protocol |
PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:createProtocol |
- |
- |
Updating a Protocol |
PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:updateProtocol |
- |
- |
Deleting a Protocol |
DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:deleteProtocol |
- |
- |
Querying a Metadata File |
GET /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata |
iam:identityProviders:getIDPMetadata |
- |
- |
Importing a Metadata File |
POST /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata |
iam:identityProviders:createIDPMetadata |
- |
- |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.