Querying All Permissions of a User Group
Function
This API is provided for the administrator to query all permissions that have been assigned to a user group.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
Debugging
You can debug this API in API Explorer.
URI
GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
domain_id |
Yes |
String |
Account ID. For details about how to obtain the ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
|
group_id |
Yes |
String |
User group ID. For details about how to obtain a user group ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Token with Security Administrator permissions. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
object |
Resource link information. |
|
|
Array of objects |
Permission information. |
|
Parameter |
Type |
Description |
|---|---|---|
|
flag |
String |
If this parameter is set to fine_grained, the permission is a system-defined policy. |
|
description_cn |
String |
Description of the permission in Chinese. This parameter is returned in the response only when description_cn is specified during policy creation. |
|
catalog |
String |
Service catalog of the permission. |
|
name |
String |
Permission name. This parameter is carried in the token of a user, allowing the system to determine whether the user has permissions to access a specific cloud service. |
|
description |
String |
Description of the permission. |
|
object |
Permission resource link. |
|
|
id |
String |
Permission ID. |
|
display_name |
String |
Display name of the permission. |
|
type |
String |
Display mode of the permission.
NOTE:
|
|
object |
Content of the permission. |
|
|
updated_time |
String |
Time when the permission was last updated.
NOTE:
The value is a Unix timestamp in millisecond, for example, 1687913793000. |
|
created_time |
String |
Time when the permission was created.
NOTE:
The value is a Unix timestamp in millisecond, for example, 1687913793000. |
|
Parameter |
Type |
Description |
|---|---|---|
|
self |
String |
Resource link. |
|
previous |
String |
Previous resource link. If the previous resource link is unavailable, this parameter is set to null. |
|
next |
String |
Next resource link. If the next resource link is unavailable, this parameter is set to null. |
|
Parameter |
Type |
Description |
|---|---|---|
|
Array of objects |
Dependent permissions. |
|
|
Array of objects |
Statement of the permission. |
|
|
Version |
String |
Policy version.
NOTE:
|
|
Parameter |
Type |
Description |
|---|---|---|
|
catalog |
String |
Service catalog of the permission. |
|
display_name |
String |
Display name of the permission. |
|
Parameter |
Type |
Description |
|---|---|---|
|
Action |
Array of strings |
Specific operation permissions on a resource. For details about supported actions, see "Permissions and Supported Actions" in the API Reference of cloud services.
NOTE:
|
|
Effect |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Enumerated values:
|
|
Condition |
Object |
Conditions for the permission to take effect. If this parameter is not specified during policy creation, it will not be returned in the response.
NOTE:
Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals). "Condition": {
"StringEquals": {
"obs:prefix": [
"public"
]
}
}
|
|
Resource |
Object |
Cloud resource. If this parameter is not specified during policy creation, it will not be returned in the response.
NOTE:
|
Example Request
Request for querying all permissions of a user group
GET https://iam.myhuaweicloud.com/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects
Example Response
Status code: 200
The request is successful.
{
"roles" : [ {
"description_cn" : "Description of the permission in Chinese",
"catalog" : "VulnScan",
"name" : "wscn_adm",
"description" : "Vulnerability Scan Service administrator of tasks and reports.",
"links" : {
"next" : null,
"previous" : null,
"self" : "https://iam.myhuaweicloud.com/v3/roles/0af84c1502f447fa9c2fa18083fbb..."
},
"id" : "0af84c1502f447fa9c2fa18083fbb...",
"display_name" : "VSS Administrator",
"type" : "XA",
"policy" : {
"Version" : "1.0",
"Statement" : [ {
"Action" : [ "WebScan:*:*" ],
"Effect" : "Allow"
} ],
"Depends" : [ {
"catalog" : "BASE",
"display_name" : "Server Administrator"
}, {
"catalog" : "BASE",
"display_name" : "Tenant Guest"
} ]
}
}, {
"flag" : "fine_grained",
"description_cn" : "Description of the permission in Chinese",
"catalog" : "CSE",
"name" : "system_all_34",
"description" : "All permissions of CSE service.",
"links" : {
"next" : null,
"previous" : null,
"self" : "https://iam.myhuaweicloud.com/v3/roles/0b5ea44ebdc64a24a9c372b2317f7..."
},
"id" : "0b5ea44ebdc64a24a9c372b2317f7...",
"display_name" : "CSE Admin",
"type" : "XA",
"policy" : {
"Version" : "1.1",
"Statement" : [ {
"Action" : [ "cse:*:*", "ecs:*:*", "evs:*:*", "vpc:*:*" ],
"Effect" : "Allow"
} ]
}
} ],
"links" : {
"next" : null,
"previous" : null,
"self" : "https://iam.myhuaweicloud.com/v3/roles"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
The request is successful. |
|
401 |
Authentication failed. |
|
403 |
Access denied. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
