Querying the Operation Protection Policy
Function
This API is used to query the operation protection policy.
The API can be called using both the global endpoint and region-specific endpoints.
URI
GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
domain_id |
Yes |
String |
Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
protect_policy object |
Specifies the operation protection policy. |
|
Parameter |
Type |
Description |
|---|---|---|
|
AllowUserBody object |
Specifies the attributes IAM users can modify. |
|
|
operation_protection |
boolean |
Specifies whether to enable operation protection. The value can be true or false. |
|
mobile |
string |
Specifies the mobile number used for verification. Example: |
|
admin_check |
string |
Specifies whether a person is designated for verification. If this parameter is set to on, you need to specify the scene parameter to designate a person for verification. If this parameter is set to off, the designated operator is responsible for verification. |
|
|
string |
Specifies the email address used for verification. An example value is example@email.com. |
|
scene |
string |
Specifies the verification method. This parameter is mandatory when admin_check is set to on. The value options are mobile and email. |
|
Parameter |
Type |
Description |
|---|---|---|
|
manage_accesskey |
boolean |
Specifies whether IAM users are allowed to manage access keys by themselves. The value can be true or false. |
|
manage_email |
boolean |
Specifies whether IAM users are allowed to change their email addresses. The value can be true or false. |
|
manage_mobile |
boolean |
Specifies whether IAM users are allowed to change their mobile numbers. The value can be true or false. |
|
manage_password |
boolean |
Specifies whether IAM users are allowed to change their passwords. The value can be true or false. |
Example Request
Request for querying the operation protection policy
GET https://iam.myhuaweicloud.eu/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy
Example Response
Status code: 200
The request is successful.
{
"protect_policy" : {
"operation_protection" : false
}
}
Status code: 403
Access denied.
- Example 1
{
"error_msg" : "You are not authorized to perform the requested action.",
"error_code" : "IAM.0002"
}
- Example 2
{
"error_msg" : "Policy doesn't allow %(actions)s to be performed.",
"error_code" : "IAM.0003"
}
Status code: 404
The requested resource cannot be found.
{
"error_msg" : "Could not find %(target)s: %(target_id)s.",
"error_code" : "IAM.0004"
}
Status code: 500
Internal server error.
{
"error_msg" : "An unexpected error prevented the server from fulfilling your request.",
"error_code" : "IAM.0006"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
The request is successful. |
|
401 |
Authentication failed. |
|
403 |
Access denied. |
|
404 |
The requested resource cannot be found. |
|
500 |
Internal server error. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
