Querying the Authorization Summary of a Specified Service
Function
This API is used to query the authorization summary of a specified cloud service.
Authorization Information
No identity policy-based permission required for calling this API.
URI
GET /v5/authorization-schemas/services/{service_code}
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
service_code |
Yes |
String |
Abbreviation of a service name. The value contains 1 to 56 characters, including only letters, digits, and hyphens (-). |
Request Parameters
None
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
version |
String |
Version number of a service authorization summary. |
|
actions |
Array of Action objects |
Action list supported by a cloud service. |
|
resources |
Array of Resource objects |
Resource list supported by a cloud service. |
|
conditions |
Array of Condition objects |
Condition key list supported by a cloud service. |
|
operations |
Array of Operation objects |
Operation list supported by a cloud service. |
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
Three-segment action name, for example, iam:policies:createV5". |
|
access_level |
String |
Access level granted when this action is used in a policy. |
|
permission_only |
Boolean |
Indicates whether this action is used only as a permission and does not correspond to any operation. |
|
description |
Description object |
Description. |
|
aliases |
Array of strings |
List of action alias, which is used in scenarios where actions are renamed or new actions are split. |
|
resources |
Array of ActionAssociatedResource objects |
Resource list associated with this action, which is used to define resource-level permissions of this action. |
|
condition_keys |
Array of strings |
Service-defined condition attributes and some global attributes that are supported by this action and are irrelevant to resources. |
|
Parameter |
Type |
Description |
|---|---|---|
|
urn_template |
String |
Uniform resource name template, which indicates that the uniform resource name of this resource can be used to grant permissions to an action. |
|
required |
Boolean |
Indicates whether a resource type is mandatory for this action. That is, the action must involve operations on this resource type. For example, subnet is a mandatory resource type of vpc:subnets:get, and ou is an optional resource type of organizations::tagResource, because the resource operated by organizations::tagResource may also be an account or policy. |
|
condition_keys |
Array of strings |
Service-defined condition attributes and some global attributes of this action and resource take effect only when this action and resource are matched. |
|
Parameter |
Type |
Description |
|---|---|---|
|
type_name |
String |
Resource type name of a cloud service. |
|
urn_template |
String |
Uniform resource name template, which indicates that the uniform resource name of this resource can be used to grant permissions to an action. |
|
Parameter |
Type |
Description |
|---|---|---|
|
key |
String |
Name of a condition key. |
|
value_type |
String |
Data type of a condition value. |
|
multi_valued |
Boolean |
Indicates whether a condition value has multiple values. |
|
description |
Description object |
Description. |
|
Parameter |
Type |
Description |
|---|---|---|
|
en_US |
String |
Description in English. Minimum: 1 Maximum: 1500 |
|
zh_CN |
String |
Description in Chinese. Minimum: 1 Maximum: 1500 |
|
Parameter |
Type |
Description |
|---|---|---|
|
operation_id |
String |
Operation identifier of the OpenAPI. Minimum: 1 Maximum: 64 |
|
operation_action |
String |
Three-segment action name, for example, iam:policies:createV5". |
|
dependent_actions |
Array of strings |
Permissions for other actions that may be required for this operation. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
request_id |
String |
Request ID. |
Example Requests
Querying the authorization summary of a specified cloud service
GET https://{endpoint}/v5/authorization-schemas/services/{service_code}
Example Responses
Status code: 200
Successful
{
"version" : "v1",
"actions" : [ {
"name" : "sts:agencies:assume",
"access_level" : "write",
"permission_only" : false,
"description" : {
"en_US" : "Grants permission to obtain a set of temporary credentials that you can use to access resources that you might not normally have access to.",
"zh_CN" : "..."
},
"resources" : [ {
"urn_template" : "iam::<account-id>:agency:<agency-name-with-path>",
"required" : true
} ],
"condition_keys" : [ "sts:ExternalId", "sts:SourceIdentity", "sts:TransitiveTagKeys", "sts:AgencySessionName" ]
}, {
"name" : "sts::getCallerIdentity",
"access_level" : "read",
"permission_only" : false,
"description" : {
"en_US" : "Grants permission to obtain details about the IAM identity whose credentials are used to call the API.",
"zh_CN" : "..."
}
}, {
"name" : "sts::decodeAuthorizationMessage",
"access_level" : "write",
"permission_only" : false,
"description" : {
"en_US" : "Grants permission to decode additional information about the authorization status of a request from an encoded message returned in response to a request.",
"zh_CN" : "..."
}
}, {
"name" : "sts::setSourceIdentity",
"access_level" : "write",
"permission_only" : true,
"description" : {
"en_US" : "Grants permission to set a source identity on a STS session.",
"zh_CN" : "..."
},
"resources" : [ {
"urn_template" : "iam::<account-id>:agency:<agency-name-with-path>",
"required" : true
} ],
"condition_keys" : [ "sts:SourceIdentity" ]
}, {
"name" : "sts::tagSession",
"access_level" : "tagging",
"permission_only" : true,
"description" : {
"en_US" : "Grants permission to add tags to a STS session.",
"zh_CN" : "..."
},
"resources" : [ {
"urn_template" : "iam::<account-id>:agency:<agency-name-with-path>",
"required" : true
} ],
"condition_keys" : [ "sts:TransitiveTagKeys" ]
} ],
"resources" : [ {
"type_name" : "assumed-agency",
"urn_template" : "sts::<account-id>:assumed-agency:<agency-name>/<session-name>"
} ],
"conditions" : [ {
"key" : "sts:ExternalId",
"value_type" : "string",
"multi_valued" : false,
"description" : {
"en_US" : "Filters access by the external ID that is passed in the request.",
"zh_CN" : "..."
}
}, {
"key" : "sts:SourceIdentity",
"value_type" : "string",
"multi_valued" : false,
"description" : {
"en_US" : "Filters access by the source identity that is passed in the request.",
"zh_CN" : "..."
}
}, {
"key" : "sts:TransitiveTagKeys",
"value_type" : "string",
"multi_valued" : true,
"description" : {
"en_US" : "Filters access by the transitive tag keys that are passed in the request.",
"zh_CN" : "..."
}
}, {
"key" : "sts:AgencySessionName",
"value_type" : "string",
"multi_valued" : false,
"description" : {
"en_US" : "Filters access by the agency session name required when you assume an agency.",
"zh_CN" : "..."
}
} ],
"operations" : [ {
"operation_id" : "AssumeAgency",
"operation_action" : "sts:agencies:assume",
"dependent_actions" : [ "sts::tagSession", "sts::setSourceIdentity" ]
}, {
"operation_id" : "GetCallerIdentity",
"operation_action" : "sts::getCallerIdentity"
}, {
"operation_id" : "DecodeAuthorizationMessage",
"operation_action" : "sts::decodeAuthorizationMessage"
} ]
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Successful |
|
404 |
Not found |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
