Querying Permissions of a User Group for a Global Service Project
Function
This API is provided for the administrator to query the permissions of a user group for a global service project.
The API can be called using both the global endpoint and region-specific endpoints.
URI
GET /v3/domains/{domain_id}/groups/{group_id}/roles
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
domain_id |
Yes |
String |
Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
group_id |
Yes |
String |
User group ID. For details about how to obtain a user group ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Response Parameters
Parameter |
Type |
Description |
---|---|---|
Object |
Resource link information. |
|
Array of objects |
Permission information. |
Parameter |
Type |
Description |
---|---|---|
self |
String |
Resource link. |
previous |
String |
Previous resource link. |
next |
String |
Next resource link. |
Parameter |
Type |
Description |
---|---|---|
domain_id |
String |
ID of the account to which the permission belongs. |
flag |
String |
If this parameter is set to fine_grained, the permission is a system-defined policy. |
description_cn |
String |
Description of the permission in Chinese. |
catalog |
String |
Service catalog of the permission. |
name |
String |
Permission name for internal use. For example, ccs_user is the internal name of the CCS User role for CCS. This parameter is carried in the token of a user, allowing the system to determine whether the user has permissions to access a specific cloud service. |
description |
String |
Description of the permission. |
Object |
Permission resource link. |
|
id |
String |
Permission ID. |
display_name |
String |
Permission name. |
type |
String |
Display mode of the permission.
NOTE:
|
Object |
Content of the permission. |
|
updated_time |
String |
Time when the permission was last updated.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
created_time |
String |
Time when the permission was created.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
Parameter |
Type |
Description |
---|---|---|
self |
String |
Resource link. |
previous |
String |
Previous resource link. |
next |
String |
Next resource link. |
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Dependent permissions. |
|
Array of objects |
Statement of the permission. |
|
Version |
String |
Policy version.
NOTE:
|
Parameter |
Type |
Description |
---|---|---|
catalog |
String |
Service catalog of the permission. |
display_name |
String |
Display name of the permission. |
Parameter |
Type |
Description |
---|---|---|
Action |
Array of strings |
Specific operation permissions on a resource. For details about supported actions, see "Permissions and Supported Actions" in the API Reference of cloud services.
NOTE:
|
Effect |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
Condition |
Object |
Conditions for the permission to take effect. For details, see Creating a Custom Policy.
NOTE:
Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals). "Condition": { "StringEquals": { "obs:prefix": [ "public" ] } } |
Resource |
Array of strings |
Cloud resource.
NOTE:
|
Example Request
Request for querying the permissions of a user group for a global service project
GET https://iam.myhuaweicloud.eu/v3/domains/{domain_id}/groups/{group_id}/roles
Example Response
Status code: 200
The request is successful.
{ "roles": [ { "domain_id": null, "flag": "fine_grained", "description_cn": "Description of the permission in Chinese", "catalog": "CDN", "name": "system_all_11", "description": "Allow Query Domains", "links": { "next": null, "previous": null, "self": "https://iam.myhuaweicloud.eu/v3/roles/db4259cce0ce47c9903dfdc195eb453b" }, "id": "db4259cce0ce47c9903dfdc195eb453b", "display_name": "CDN Domain Viewer", "type": "AX", "policy": { "Version": "1.1", "Statement": [ { "Action": [ "cdn:configuration:queryDomains", "cdn:configuration:queryOriginServerInfo", "cdn:configuration:queryOriginConfInfo", "cdn:configuration:queryHttpsConf", "cdn:configuration:queryCacheRule", "cdn:configuration:queryReferConf", "cdn:configuration:queryChargeMode", "cdn:configuration:queryCacheHistoryTask", "cdn:configuration:queryIpAcl", "cdn:configuration:queryResponseHeaderList" ], "Effect": "Allow" } ] } } ], "links": { "next": null, "previous": null, "self": "https://iam.myhuaweicloud.eu/v3/domains/d78cbac186b744899480f25bd022f468/groups/077d71374b8025173f61c003ea0a11ac/roles" } }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
400 |
Invalid parameters. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.