Creating a Custom Identity Policy
Function
This API is used to create a custom identity policy whose default version is v1.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
|
Action |
Access Level |
Resource Type (*: required) |
Condition Key |
Alias |
Dependencies |
|---|---|---|---|---|---|
|
iam:policies:createV5 |
Permission_management |
policy * |
- |
- |
- |
URI
POST /v5/policies
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
policy_name |
Yes |
String |
Identity policy name. The value contains 1 to 128 characters, including only letters, digits, and the following special characters: _+=.@- |
|
path |
No |
String |
Resource path, which is an empty string by default. It consists of multiple character strings. Each character string must end with a slash (/) and can only contain letters, digits, and the following special characters: .,+@=_-, for example, foo/bar/. |
|
policy_document |
Yes |
String |
JSON format of the policy document of a custom or a preset identity policy. Characters =, <, >, (, ), and | are special characters in the grammar and are not included in policies. The question mark (?) following an element indicates that the element is optional, for example, sid_block?. The vertical bar (|) separates options, and the parentheses enclose the options, for example, ("Allow" | "Deny"). When an element allows more than one value, use commas (,), and ellipsis (...), for example, [ <policy_statement>, <policy_statement>, ... ]. The following listing describes the policy language grammar: policy = {
<version_block>,
<statement_block>
}
<version_block> = "Version" : ("5.0")
<statement_block> = "Statement" : [ <policy_statement>, <policy_statement>, ... ]
<policy_statement> = {
<sid_block?>,
<effect_block>,
<action_block>,
<resource_block?>,
<condition_block?>
}
<sid_block> = "Sid" : <sid_string>
<effect_block> = "Effect" : ("Allow" | "Deny")
<action_block> = ("Action" | "NotAction") : [ <action_string>, <action_string>, ... ]
<resource_block> = ("Resource" | "NotResource") : [ <resource_string>, <resource_string>, ... ]
<condition_block> = "Condition" : { <condition_map> }
<condition_map> = {
<condition_type_string> : { <condition_key_string> : <condition_value_list> },
<condition_type_string> : { <condition_key_string> : <condition_value_list> },
...
}
<condition_value_list> = ( <condition_value> | [ <condition_value>, <condition_value>, ... ] )
<condition_value> = "string" |
|
description |
No |
String |
Identity policy description. |
Response Parameters
Status code: 201
|
Parameter |
Type |
Description |
|---|---|---|
|
policy |
Policy object |
Identity policy. |
|
Parameter |
Type |
Description |
|---|---|---|
|
policy_type |
String |
Identity policy type. The value can be custom or system-defined. |
|
policy_name |
String |
Identity policy name. The value contains 1 to 128 characters, including only letters, digits, and the following special characters: _+=.@- |
|
policy_id |
String |
Identity policy ID. The value contains 1 to 64 characters, including only letters, digits, and hyphens (-). |
|
urn |
String |
Uniform resource name. |
|
path |
String |
Resource path, which is an empty string by default. It consists of multiple character strings. Each character string must end with a slash (/) and can only contain letters, digits, and the following special characters: .,+@=_-, for example, foo/bar/. |
|
default_version_id |
String |
Default version number. |
|
attachment_count |
Integer |
Number of entities to which an identity policy is attached. |
|
description |
String |
Identity policy description. |
|
created_at |
String |
Time when an identity policy was created. |
|
updated_at |
String |
Time when the default version of an identity policy was last updated. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
request_id |
String |
Request ID. |
|
encoded_authorization_message |
String |
Encrypted authentication failure information, which can be decrypted using the STS5 decryption API. |
Status code: 409
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
request_id |
String |
Request ID. |
Example Requests
Creating a custom identity policy name
POST https://{endpoint}/v5/policies
{
"policy_name" : "name",
"path" : "",
"policy_document" : "{\"Version\":\"5.0\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"*\"]}]}",
"description" : "description"
}
Example Responses
Status code: 201
Successful
{
"policy" : {
"policy_type" : "custom",
"policy_name" : "name",
"policy_id" : "string",
"urn" : "iam::accountid:policy:name",
"path" : "",
"default_version_id" : "v1",
"attachment_count" : 0,
"description" : "description",
"created_at" : "2023-09-25T07:49:11.582Z",
"updated_at" : "2023-09-25T07:49:11.582Z"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
201 |
Successful |
|
400 |
Bad request |
|
403 |
Forbidden |
|
409 |
Conflict |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
