Permission Policies and Supported Actions
This chapter describes fine-grained permissions management for your Message & SMS. If your account does not need individual IAM users, then you may skip over this chapter.
A policy is a set of permissions defined in JSON format. By default, new IAM users do not have any permissions assigned. To assign permissions to these new users, add them to one or more groups, and attach permissions policies to these groups.
You can grant users permissions by using roles and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.

Use policy-based authorization if you want to allow or deny the access to an API.
An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully.
Supported Actions
There are system-defined policies that can be directly used. You can also create custom policies and use them to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are basic concepts related to policies:
- Permissions: Allow or deny certain operations.
- APIs: APIs that can be called in a custom policy.
- Actions: Specific operations that are allowed or denied in a custom policy.
- Dependent actions: When assigning an action to users, you also need to assign dependent permissions for that action to take effect.
- IAM projects/Enterprise projects: Authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. For example, if you set the authorization scope of a custom policy to both IAM projects and enterprise projects, the policy takes effect for user groups in either IAM or enterprise projects. If an action supports only IAM projects, the custom policy that contains this action will take effect only for user groups in IAM. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. "√" indicates that the action supports the project and "×" indicates that the action does not support the project. For details about the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.
Table 1 describes the actions that can be defined in custom policies of Message & SMS.
Permission |
Action |
API |
Dependent Action |
IAM Project |
Enterprise Project |
---|---|---|---|---|---|
Delete an SMS template |
msgsms:templates:delete |
DELETE /v2/{project_id}/msgsms/templates/{id} |
|
√ |
× |
Delete a contact |
msgsms:contacts:delete |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Query the number of SMS applications |
msgsms:applications:getCount |
GET /v2/{project_id}/msgsms/apps-count |
msgsms:service:getServicestatus |
√ |
× |
Query an SMS application |
msgsms:applications:getApp |
|
msgsms:service:getServicestatus |
√ |
× |
Query permissions |
msgsms:applications:getAuthority |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query an SMS application secret |
msgsms:applications:getAppsecret |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query the reason for tenant restrictions |
msgsms:applications:getTenant |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query SMS types |
msgsms:signatures:getType |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query an SMS template |
msgsms:templates:getMsgtemplate |
|
msgsms:service:getServicestatus |
√ |
× |
Query and verify the tenant order status |
msgsms:service:getServicestatus |
This operation can be performed only on the console. The API is not supported. |
- |
√ |
× |
Query developer information |
msgsms:templates:getDeveloper |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query SMS template names |
msgsms:templates:getMsgtemplateName |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query SMS template variables |
msgsms:templates:getVarilable |
GET /v2/{project_id}/msgsms/templates/{id}/varilable |
msgsms:service:getServicestatus |
√ |
× |
Query the name of a Group SMS Assistant task |
msgsms:msgBatchTasks:getMsgbatchtaskName |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query Group SMS Assistant tasks |
msgsms:msgBatchTasks:getMsgbatchtask |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query details of a Group SMS Assistant task result |
msgsms:msgBatchTasks:getRecord |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Export recipient numbers of a Group SMS Assistant task |
msgsms:msgBatchTasks:download |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Query SMS threshold policies |
msgsms:limits:get |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query SMS statistics |
msgsms:statistics:getStatistics |
GET /v2/{project_id}/msgsms/metric/stat |
msgsms:service:getServicestatus |
√ |
× |
Export SMS statistics |
msgsms:statistics:exportStatistics |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Query a contact |
msgsms:contacts:get |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query historical request information |
msgsms:blacklists:getBlacklist |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query SMS overview statistics |
msgsms:statistics:getOverviewStatistics |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query message alert |
msgsms:notifications:get |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query the price of a single SMS |
msgsms:price:getUnitPrice |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query public settings |
msgsms:signatures:getConfig |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query the tenant enterprise name |
msgsms:signatures:getTenantEnterpriseName |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query SMS sending country |
msgsms:templates:getCountry |
GET /v2/{project_id}/msgsms/country |
msgsms:service:getServicestatus |
√ |
× |
Create an SMS application |
msgsms:applications:create |
POST /v2/{project_id}/msgsms/apps |
|
√ |
× |
Send a verification code |
msgsms:verifycodes:sendVerifycode |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Create an SMS template |
msgsms:templates:create |
POST /v2/{project_id}/msgsms/templates |
|
√ |
× |
Import a Group SMS Assistant task |
msgsms:msgBatchTasks:upload |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Create a Group SMS Assistant task |
msgsms:msgBatchTasks:create |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Query SMS details |
msgsms:details:get |
GET /v2/{project_id}/msgsms/detail |
msgsms:service:getServicestatus |
√ |
× |
Add a contact |
msgsms:contacts:create |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Update an SMS application secret |
msgsms:applications:updateAppsecret |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Modify an SMS application |
msgsms:applications:updateApp |
PUT /v2/{project_id}/msgsms/apps/{id} |
|
√ |
× |
Activate a signature |
msgsms:signatures:activate |
PUT /v2/{project_id}/msgsms/signatures/{id}/active |
|
√ |
× |
Modify an SMS template |
msgsms:templates:update |
PUT /v2/{project_id}/msgsms/templates/{id} |
|
√ |
× |
Update a scheduled Group SMS Assistant task |
msgsms:msgBatchTasks:update |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Set SMS threshold policies |
msgsms:limits:update |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Modify contact information |
msgsms:contacts:update |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Batch import SMS templates |
msgsms:templates:import |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Query the effectiveness of the country whitelist |
msgsms:countryWhitelist:getValidity |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Modify the effectiveness of the country whitelist |
msgsms:countryWhitelist:updateValidity |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Query the country whitelist |
msgsms:countryWhitelist:getWhitelist |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Add the country whitelist |
msgsms:countryWhitelist:addWhitelist |
This operation can be performed only on the console. The API is not supported. |
msgsms:service:getServicestatus |
√ |
× |
Delete the country whitelist |
msgsms:countryWhitelist:deleteWhitelist |
This operation can be performed only on the console. The API is not supported. |
|
√ |
× |
Query a business license file |
msgsms:businessLicense:get |
GET /v2/{project_id}/msgsms/upload-files |
msgsms:service:getServicestatus |
√ |
× |
Upload a business license file |
msgsms:businessLicense:import |
POST /v2/{project_id}/msgsms/upload-files |
msgsms:service:getServicestatus |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.