Help Center/ Workspace/ API Reference/ Workspace APIs/ Policy Group/ Querying Objects to Which a Policy Group Is Applied
Updated on 2026-02-10 GMT+08:00
View PDF
Share

Querying Objects to Which a Policy Group Is Applied

Function

Queries objects to which a policy group is applied.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

  • If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, the following identity policy-based permissions are required.

    Action

    Access Level

    Resource Type (*: required)

    Condition Key

    Alias

    Dependencies

    workspace:policyGroups:listTargets

    List

    policyGroup *

    -

    -

    -

URI

GET /v2/{project_id}/policy-groups/{policy_group_id}/targets

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

policy_group_id

Yes

String

Policy group ID.
Table 2 Query Parameters

Parameter

Mandatory

Type

Description

target_type

No

String

Object type. Options:

  • INSTANCE: desktops

  • USER: users

  • OU: organization units

  • CLIENTIP: terminal IP addresses

target_name

No

String

Object name. Fuzzy search is supported.

limit

No

Integer

Number of records on each page. The value ranges from 0 to 1000.

offset

No

String

Offset.

Request Parameters

None

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

targets

Array of Target objects

Objects to which a policy applies.

total_count

Integer

Number of users in the list.
Table 4 Target

Parameter

Type

Description

target_id

String

Object ID.

target_name

String

Object name. The value can contain a maximum of 55 characters.

target_type

String

Object type.

  • INSTANCE: desktops

  • target_id: desktop SIDs

  • target_name: desktop names

  • USER: users

  • target_id: user IDs

  • target_name: usernames

  • USERGROUP: user groups

  • target_id: user group IDs

  • target_name: user group names

  • CLIENTIP: terminal IP addresses

  • target_id: terminal IP addresses

  • target_name: terminal IP addresses

  • OU: organizational units

  • target_id: OU IDs

  • target_name: OU names

  • DESKTOPSPOOL: desktop pools

  • target_id: desktop pool IDs

  • target_name: desktop pool names

  • ALL: all desktops

  • target_id: default-apply-all-targets

  • target_name: All-Targets

  • DESKTOP_TAG: desktop tag

  • target_id: tag key|tag value

  • target_name: tag key|tag value

Status code: 400

Table 5 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 401

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 403

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 404

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 405

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 500

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 503

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Example Requests

GET /v2/29dfe82ada564ac2b927e1ff036d9a9b/policy-groups/401a23865cae63f3015cceb9affe0049/targets?target_type=INSTANCE&limit=1&offset=1

Example Responses

Status code: 200

Response to the request for querying objects to which a policy is applied.

{
  "targets" : [ {
    "target_id" : "S-1-5-21-1065092785-1316984780-3147557180-9999",
    "target_type" : "USER",
    "target_name" : "All-Targets-123"
  }, {
    "target_id" : "192.168.1.1",
    "target_type" : "CLIENTIP",
    "target_name" : "192.168.1.1"
  } ]
}

Status Codes

Status Code

Description

200

Response to the request for querying objects to which a policy is applied.

400

The request cannot be understood by the server due to malformed syntax.

401

Authentication failed.

403

No operation permissions.

404

No resources found.

405

The method specified in the request is not allowed.

500

An internal service error occurred. For details about the error code, see the error code description.

503

Service unavailable.

Error Codes

See Error Codes.

Parent topic: Policy Group