Adding or Updating a Custom Policy for Storage Directory Access Permissions

Function

Adds or updates a custom policy for storage directory access permissions (if a custom policy exists, the existing policy will be updated).

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

workspace:storagePolicy:create

Write

storage *

-

-

-

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
workspace:storagePolicy:create	Write	storage *	-	-	-

URI

PUT /v1/{project_id}/storages-policy/actions/create-statements

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	No	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
actions	No	Array of strings	All operation permissions on the client storage. This field can be left empty. If this field is left empty, users configured with this policy can only view the file list but cannot upload or download files after accessing the Workspace client. PutObject: upload, modify, rename, and move DeleteObject: delete GetObject: download Note: PutObject and DeleteObject must be set at the same time.
roam_actions	Yes	Array of strings	All operation permissions on the cloud storage. This field cannot be empty. PutObject: upload, modify, rename, and move DeleteObject: delete GetObject: download Note: PutObject and DeleteObject must be set at the same time.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
policy_statement_id	String	The following access policies are supported: DEFAULT_1: client access storage (upload and download); cloud access storage (read and write) action: PutObject, DeleteObject, and GetObject roam_action: PutObject, DeleteObject, and GetObject action: GetObject roam_action: PutObject, DeleteObject, and GetObject action: PutObject and DeleteObject roam_action: PutObject, DeleteObject, and GetObject action: roam_action: GetObject DEFAULT_2: client access storage (download); cloud access storage (read and write) DEFAULT_3: client access storage (upload); cloud access storage (read and write) DEFAULT_4: client access storage (only the list can be viewed, and upload and download are not allowed); cloud access storage (read only)
actions	Array of strings	All operation permissions on the client storage. PutObject: upload, modify, rename, and move GetObject: download DeleteObject: delete
roam_actions	Array of strings	All operation permissions on the cloud storage PutObject: upload, modify, rename, and move GetObject: download DeleteObject: delete

Status code: 400

**Table 5** Response body parameters
Parameter	Type	Description
error_code	String	Error code, which is returned upon failure.
error_msg	String	Error message.

Status code: 401

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code, which is returned upon failure.
error_msg	String	Error message.

Status code: 403

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code, which is returned upon failure.
error_msg	String	Error message.

Status code: 404

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code, which is returned upon failure.
error_msg	String	Error message.

Status code: 405

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code, which is returned upon failure.
error_msg	String	Error message.

Status code: 500

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code, which is returned upon failure.
error_msg	String	Error message.

Status code: 503

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code, which is returned upon failure.
error_msg	String	Error message.

Example Requests

POST /v1/a4da8115c9d8464ead3a38309130523f/storages-policy/actions/create-statements

Example Responses

Status code: 200

Response to a successful request.

{
  "policy_statement_id" : "DEFAULT_1",
  "actions" : [ "PutObject", "DeleteObject", "GetObject" ],
  "roam_actions" : [ "PutObject", "DeleteObject", "GetObject" ]
}

Status Codes

Status Code	Description
200	Response to a successful request.
400	The request cannot be understood by the server due to malformed syntax.
401	Authentication failed.
403	Permissions required.
404	No resources found.
405	The request method is not allowed.
500	An internal service error occurred. For details, see the error code description.
503	Service unavailable.

Error Codes

See Error Codes.

Parent topic: Storage management

Previous topic: Querying Access Permission Policies of a Storage Directory

Next topic: Querying SFS 3.0 Storage

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot