Help Center/ Identity and Access Management/ API Reference/ API/ Security Settings/ Modifying the ACL for Console Access

Updated on 2025-07-03 GMT+08:00

View PDF

Modifying the ACL for Console Access

Function

This API is used by the administrator to modify the ACL for console access. The change will be applied to all IAM users and federated users (SP initiated) of the account.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Debugging

You can debug this API in API Explorer.

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy

**Table 1** URI parameters
Parameter	Mandatory	Type	Description
domain_id	Yes	String	Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions.

**Table 3** Parameter in the request body
Parameter	Mandatory	Type	Description
console_acl_policy	Yes	object	ACL for console access.

**Table 4** console_acl_policy
Parameter	Mandatory	Type	Description
allow_address_netmasks	No	Array of objects	IPv4 address or CIDR block from which access is allowed. Specify either allow_address_netmasks or allow_ip_ranges.
allow_ip_ranges	No	Array of objects	IPv4 address range from which access is allowed. Specify either allow_address_netmasks or allow_ip_ranges.
allow_address_netmasks_ipv6	No	Array of objects	IPv6 address or CIDR block from which access is allowed. Specify either allow_address_netmasks_ipv6 and allow_ip_ranges_ipv6.
allow_ip_ranges_ipv6	No	Array of objects	IPv6 address range from which API access is allowed. Specify either allow_address_netmasks_ipv6 or allow_ip_ranges_ipv6.

**Table 5** allow_address_netmasks
Parameter	Mandatory	Type	Description
address_netmask	Yes	String	IPv4 address or CIDR block, for example, 192.168.0.1/24.
description	No	String	Description of an IP address or CIDR block.

**Table 6** allow_ip_ranges
Parameter	Mandatory	Type	Description
description	No	String	Description of an IP address range.
ip_range	Yes	String	IPv4 address range, for example, 0.0.0.0-255.255.255.255.

**Table 7** allow_address_netmasks_ipv6
Parameter	Mandatory	Type	Description
address_netmask	Yes	String	IPv6 address or CIDR block, for example, 0000:0000:0000:0000:0000:0000:0000:0000/100.
description	No	String	Description of an IP address or CIDR block.

**Table 8** allow_ip_ranges_ipv6
Parameter	Mandatory	Type	Description
description	No	String	Description
ip_range	Yes	String	IPv6 address range, for example, 0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.

Response Parameters

**Table 9** Parameters in the response body
Parameter	Type	Description
console_acl_policy	object	ACL for console access.

**Table 10** console_acl_policy
Parameter	Type	Description
allow_address_netmasks	Array of objects	IPv4 address or CIDR block from which access is allowed. This parameter is only returned when an IPv4 address range or CIDR block from which access is allowed is specified.
allow_ip_ranges	Array of objects	IPv4 address range from which access is allowed. This parameter is only returned when an IPv4 address range from which access is allowed is specified.
allow_address_netmasks_ipv6	Array of objects	IPv6 address or CIDR block from which access is allowed. This parameter is only returned when an IPv6 address range or CIDR block from which access is allowed is specified.
allow_ip_ranges_ipv6	Array of objects	IPv6 address range from which access is allowed. This parameter is only returned when an IPv6 address range from which access is allowed is specified.

**Table 11** allow_address_netmasks
Parameter	Type	Description
address_netmask	String	IPv4 address or CIDR block, for example, 192.168.0.1/24.
description	String	Description of an IPv4 address or CIDR block.

**Table 12** allow_ip_ranges
Parameter	Type	Description
description	String	Description of an IPv4 address range.
ip_range	String	IPv4 address range, for example, 0.0.0.0-255.255.255.255.

**Table 13** allow_address_netmasks_ipv6
Parameter	Type	Description
address_netmask	String	IPv6 address or CIDR block, for example, 0000:0000:0000:0000:0000:0000:0000:0000/100.
description	String	Description of an IP address or CIDR block.

**Table 14** allow_ip_ranges_ipv6
Parameter	Type	Description
description	String	Description
ip_range	String	IPv6 address range, for example, 0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.

Example Request

PUT https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy 
{
	"console_acl_policy": {
		"allow_ip_ranges": [{
			"ip_range": "0.0.0.0-255.255.255.255",
			"description": "IPv4 address range"
               }],
		"allow_ip_ranges_ipv6": [{
			"ip_range": "0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
"description": "IPv6 address range"
		}],
		"allow_address_netmasks": [{
			"address_netmask": "192.168.0.1/24",
"description": "IPv4 address or CIDR block"
		}],
		"allow_address_netmasks_ipv6": [{
			"address_netmask": "0000:0000:0000:0000:0000:0000:0000:0000/100",
"description": "IPv6 address or CIDR block"
		}]
	}
}

Example Response

Status code: 200

The request is successful.

	"console_acl_policy": {
		"allow_ip_ranges": [{
			"ip_range": "0.0.0.0-255.255.255.255",
"description": "IPv4 address range"
		}],
		"allow_ip_ranges_ipv6": [{
			"ip_range": "0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
"description": "IPv6 address range"
		}],
		"allow_address_netmasks": [{
			"address_netmask": "192.168.0.1/24",
"description": "IPv4 address or CIDR block"
		}],
		"allow_address_netmasks_ipv6": [{
			"address_netmask": "0000:0000:0000:0000:0000:0000:0000:0000/100",
"description": "IPv6 address or CIDR block"
		}]
	}

Status code: 400

The request body is abnormal.

Example 1

{ 
   "error_msg" : "'%(key)s' is a required property.", 
   "error_code" : "IAM.0072" 
 }

Example 2

{ 
   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
   "error_code" : "IAM.0073" 
 }

Status code: 500

The system is abnormal.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code	Description
200	The request is successful.
400	The request body is abnormal.
401	Authentication failed.
403	Access denied.
500	The system is abnormal.

Error Codes

For details, see Error Codes.

Parent topic: Security Settings

Previous topic: Querying the Login Authentication Policy

Next topic: Querying the ACL for Console Access

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot