Modifying the Operation Protection Policy
Function
This API is provided for the administrator to modify the operation protection policy.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
URI
PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
domain_id |
Yes |
String |
Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Yes |
ProtectPolicyOption object |
Specifies the operation protection policy. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
operation_protection |
Yes |
boolean |
Specifies whether to enable operation protection. The value can be true or false. |
No |
AllowUserBody object |
Specifies the attributes IAM users can modify. |
|
mobile |
No |
string |
Specifies the mobile number used for verification. Example: |
admin_check |
No |
string |
Specifies whether to designate a person for verification. If this parameter is set to on, you need to specify the scene parameter to designate a person for verification. If this parameter is set to off, the designated operator is responsible for verification. |
No |
string |
Specifies the email address used for verification. An example value is example@email.com. |
|
scene |
No |
string |
Specifies the verification method. This parameter is mandatory when admin_check is set to on. The value options are mobile and email. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
manage_accesskey |
No |
boolean |
Specifies whether to allow IAM users to manage access keys by themselves. The value can be true or false. |
manage_email |
No |
boolean |
Specifies whether to allow IAM users to change their email addresses. The value can be true or false. |
manage_mobile |
No |
boolean |
Specifies whether to allow IAM users to change their mobile numbers. The value can be true or false. |
manage_password |
No |
boolean |
Specifies whether to allow IAM users to change their passwords. The value can be true or false. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
protect_policy object |
Specifies the operation protection policy. |
Parameter |
Type |
Description |
|---|---|---|
AllowUserBody object |
Specifies the attributes IAM users can modify. |
|
operation_protection |
boolean |
Specifies whether operation protection is enabled. The value can be true or false. |
admin_check |
string |
Specifies whether a person is designated for verification. If this parameter is set to on, a designated person is responsible for verification, and the scene parameter is mandatory. If this parameter is set to off, the designated operator is responsible for verification. |
scene |
string |
Specifies the verification method. This parameter is mandatory when admin_check is set to on. The value options are mobile and email. |
Parameter |
Type |
Description |
|---|---|---|
manage_accesskey |
boolean |
Specifies whether IAM users are allowed to manage access keys by themselves. The value can be true or false. |
manage_email |
boolean |
Specifies whether IAM users are allowed to change their email addresses. The value can be true or false. |
manage_mobile |
boolean |
Specifies whether IAM users are allowed to change their mobile numbers. The value can be true or false. |
manage_password |
boolean |
Specifies whether IAM users are allowed to change their passwords. The value can be true or false. |
Example Request
Request to enable operation protection
PUT https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy
{
"protect_policy" : {
"operation_protection" : true
}
}
Example Response
Status code: 200
The request is successful.
{
"protect_policy" : {
"operation_protection" : false
}
}
Status code: 400
The request body is abnormal.
- Example 1
{
"error_msg" : "'%(key)s' is a required property.",
"error_code" : "IAM.0072"
}
- Example 2
{
"error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.",
"error_code" : "IAM.0073"
}
Status code: 403
Access denied.
- Example 1
{
"error_msg" : "Policy doesn't allow %(actions)s to be performed.",
"error_code" : "IAM.0003"
}
- Example 2
{
"error_msg" : "You are not authorized to perform the requested action.",
"error_code" : "IAM.0002"
}
Status code: 500
The system is abnormal.
{
"error_msg" : "An unexpected error prevented the server from fulfilling your request.",
"error_code" : "IAM.0006"
}
Status Codes
Status Code |
Description |
|---|---|
200 |
The request is successful. |
400 |
The request body is abnormal. |
401 |
Authentication failed. |
403 |
Access denied. |
500 |
The system is abnormal. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
