Help Center/ IAM Identity Center/ API Reference/ API/ Access Control Attribute Management/ Enabling Access Control Attributes for a Specified Instance
Updated on 2025-08-21 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Enabling Access Control Attributes for a Specified Instance

Function

This API is used to enable access control attributes for a specified instance. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

POST /v1/instances/{instance_id}/access-control-attribute-configuration

Table 1 Path parameters

Parameter

Mandatory

Type

Description

instance_id

Yes

String

Globally unique ID of an IAM Identity Center instance.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Security-Token

No

String

Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

Maximum length: 2048
Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

instance_access_control_attribute_configuration

Yes

Object

Identity source's attribute to be added to the ABAC configuration in IAM Identity Center.
Table 4 instance_access_control_attribute_configuration

Parameter

Mandatory

Type

Description

access_control_attributes

Yes

Array of objects

Attributes configured for ABAC in the IAM Identity Center instance.

Array length: 0 - 20
Table 5 access_control_attributes

Parameter

Mandatory

Type

Description

key

Yes

String

Name of the attribute associated with the identity in the identity source.

Minimum length: 1

Maximum length: 128

value

Yes

Object

Mapping the specified attribute to the identity source.
Table 6 value

Parameter

Mandatory

Type

Description

source

Yes

Array of strings

Mapping the specified attribute to the identity source.

Minimum length: 0

Maximum length: 255

Array length: 1-1

Response Parameters

Status code: 400

Table 7 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

encoded_authorization_message

String

Encrypted error message.

Status code: 403

Table 8 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

encoded_authorization_message

String

Encrypted error message.

Example Request

Enabling access control attributes for a specified instance

POST https://{hostname}/v1/instances/{instance_id}/access-control-attribute-configuration

{
  "instance_access_control_attribute_configuration" : {
    "access_control_attributes" : [ {
      "key" : "email",
      "value" : {
        "source" : [ "${path:emails[primary eq true].value}" ]
      }
    }, {
      "key" : "displayName",
      "value" : {
        "source" : [ "${path:displayName}" ]
      }
    } ]
  }
}

Example Response

None

Status Codes

For details, see Status Codes.

Error Codes

For details, see Error Codes.