Help Center> Identity and Access Management> API Reference> API> Security Settings> Querying the Operation Protection Policy
Updated on 2023-07-18 GMT+08:00

Querying the Operation Protection Policy

Function

This API is used to query the operation protection policy.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

URI

GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy

Table 1 URI parameters

Parameter

Mandatory

Type

Description

domain_id

Yes

String

Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.

Response Parameters

Status code: 200

Table 3 Parameters in the response body

Parameter

Type

Description

protect_policy

protect_policy object

Specifies the operation protection policy.

Table 4 protect_policy

Parameter

Type

Description

allow_user

AllowUserBody object

Specifies the attributes IAM users can modify.

operation_protection

boolean

Specifies whether to enable operation protection. The value can be true or false.

mobile

string

Specifies the mobile number used for verification. Example: 0852-123456789

admin_check

string

Specifies whether a person is designated for verification. If this parameter is set to on, you need to specify the scene parameter to designate a person for verification. If this parameter is set to off, the designated operator is responsible for verification.

email

string

Specifies the email address used for verification. An example value is example@email.com.

scene

string

Specifies the verification method. This parameter is mandatory when admin_check is set to on. The value options are mobile and email.

Table 5 protect_policy.allow_user

Parameter

Type

Description

manage_accesskey

boolean

Specifies whether IAM users are allowed to manage access keys by themselves. The value can be true or false.

manage_email

boolean

Specifies whether IAM users are allowed to change their email addresses. The value can be true or false.

manage_mobile

boolean

Specifies whether IAM users are allowed to change their mobile numbers. The value can be true or false.

manage_password

boolean

Specifies whether IAM users are allowed to change their passwords. The value can be true or false.

Example Request

Request for querying the operation protection policy

GET https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy

Example Response

Status code: 200

The request is successful.

{ 
  "protect_policy" : { 
    "operation_protection" : false 
  } 
}

Status code: 403

Access denied.

  • Example 1
{ 
   "error_msg" : "You are not authorized to perform the requested action.", 
   "error_code" : "IAM.0002" 
 }
  • Example 2
{ 
   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
   "error_code" : "IAM.0003" 
 }

Status code: 404

The requested resource cannot be found.

{ 
  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
  "error_code" : "IAM.0004" 
}

Status code: 500

Internal server error.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code

Description

200

The request is successful.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

500

Internal server error.

Error Codes

For details, see Error Codes.