Querying Permissions of an Agency for a Region-specific Project
Function
This API is provided for the administrator to query the permissions of an agency for a region-specific project.
The API can be called using both the global endpoint and region-specific endpoints.
URI
GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
agency_id |
Yes |
String |
Agency ID. For details about how to obtain the agency ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
project_id |
Yes |
String |
Project ID of the delegating party. For details about how to obtain the project ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Response Parameters
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Permission information. |
Parameter |
Type |
Description |
---|---|---|
domain_id |
String |
ID of the account to which the permission belongs. |
flag |
String |
If this parameter is set to fine_grained, the permission is a system-defined policy. |
description_cn |
String |
Description of the permission in Chinese. |
catalog |
String |
Service catalog of the permission. |
name |
String |
Permission name. This parameter is carried in the token of a user, allowing the system to determine whether the user has permissions to access a specific cloud service. |
description |
String |
Description of the permission. |
Object |
Permission resource link. |
|
id |
String |
Permission ID. |
display_name |
String |
Display name of the permission. |
type |
String |
Display mode of the permission.
NOTE:
|
Object |
Content of the permission. |
|
updated_time |
String |
Time when the permission was last updated.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
created_time |
String |
Time when the permission was created.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
Parameter |
Type |
Description |
---|---|---|
self |
String |
Resource link. |
previous |
String |
Previous resource link. |
next |
String |
Next resource link. |
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Dependent permissions. |
|
Array of objects |
Statement of the permission. |
|
Version |
String |
Policy version.
NOTE:
|
Parameter |
Type |
Description |
---|---|---|
catalog |
String |
Service catalog of the permission. |
display_name |
String |
Display name of the permission. |
Parameter |
Type |
Description |
---|---|---|
Action |
Array of strings |
Specific operation permissions on a resource.
NOTE:
|
Effect |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
Condition |
Object |
Conditions for the permission to take effect. For details, see Creating a Custom Policy.
NOTE:
Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals). "Condition": { "StringEquals": { "obs:prefix": [ "public" ] } } |
Resource |
Array of strings |
Cloud resource.
NOTE:
|
Example Request
Request for querying permissions of an agency for a region-specific project
GET https://iam.myhuaweicloud.eu/v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles
Example Response
Status code: 200
The request is successful.
{ "roles": [ { "domain_id": null, "flag": "fine_grained", "description_cn": "Description of the permission in Chinese", "catalog": "AOM", "name": "system_all_30", "description": "AOM read only", "id": "75cfe22af2b3498d82b655fbb39de498", "display_name": "AOM Viewer", "type": "XA", "policy": { "Version": "1.1", "Statement": [ { "Action": [ "aom:*:list", "aom:*:get", "apm:*:list", "apm:*:get" ], "Effect": "Allow" } ] } } ] }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
500 |
Internal server error. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.