Querying the Permissions of a User Group Associated with an Enterprise Project
Function
This API is used to query the permissions of a user group directly associated with a specified enterprise project.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
Debugging
You can debug this API in API Explorer.
URI
GET /v3.0/OS-PERMISSION/enterprise-projects/{enterprise_project_id}/groups/{group_id}/roles
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enterprise_project_id |
Yes |
String |
ID of the enterprise project for querying the permissions of an associated user group. |
group_id |
Yes |
String |
User group ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
Authenticated token with iam:permissions:listRolesForGroupOnEnterpriseProject or Security Administrator permissions. The domain_id of the account which the group_id belongs to must be the same as the domain_id in the token. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Role list. |
Parameter |
Type |
Description |
---|---|---|
catalog |
String |
Service catalog of the permission. |
display_name |
String |
Display name of the permission. |
description |
String |
Description of the permission in English. |
description_cn |
String |
Description of the permission in Chinese. |
domain_id |
String |
ID of the account which the permission belongs to. |
flag |
String |
If this parameter is set to fine_grained, the permission is a system-defined policy. |
id |
String |
Permission ID. |
name |
String |
Permission name. |
object |
Content of the permission. |
|
type |
String |
Display mode of the permission.
NOTE:
|
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Dependent permissions. |
|
Array of objects |
Statement of the permission. |
|
Version |
String |
Policy version.
NOTE:
|
Parameter |
Type |
Description |
---|---|---|
catalog |
String |
Service catalog of the permission. |
display_name |
String |
Display name of the permission. |
Parameter |
Type |
Description |
---|---|---|
Action |
Array of strings |
Specific operation permissions on a resource. For details about supported actions, see "Permissions and Supported Actions" in the API Reference of cloud services.
NOTE:
|
Effect |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Enumerated values:
|
Condition |
Object |
Conditions for the permission to take effect. For details about the condition parameters, see Creating a Custom Policy.
NOTE:
Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals). "Condition": { "StringEquals": { "obs:prefix": [ "public" ] } } |
Resource |
Object |
Cloud resource.
NOTE:
|
Example Request
Request for querying the permissions of a user group associated with an enterprise project
GET https://iam.myhuaweicloud.com/v3.0/OS-PERMISSION/enterprise-projects/{enterprise_project_id}/groups/{group_id}/roles
Example Response
Status code: 200
The request is successful.
{ "roles" : [ { "catalog" : "CUSTOMED", "description" : "u81eau5b9au4e49u6743u9...", "description_cn" : null, "display_name" : "XpBdkPYCCx", "domain_id" : "0456fd5a278033120f37c006683ab...", "flag" : null, "id" : "5d1b6256331f4fb494534bf240698...", "name" : "custom_policy1", "policy" : { "Statement" : [ { "Action" : [ "aaa:a*b:baa*" ], "Condition" : null, "Effect" : "deny", "Resource" : null }, { "Action" : [ "aaa:a*b:bab*" ], "Condition" : null, "Effect" : "Allow", "Resource" : null } ], "Version" : "1.1" }, "type" : "XA" } ] }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
400 |
Parameter error. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
415 |
Incorrect Content-Type. |
500 |
A system error occurred. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot