Updated on 2022-08-16 GMT+08:00

Action List

Token Management

Permission

API

Action

IAM Project

Enterprise Project

Obtaining an Agency Token

POST /v3/auth/tokens

iam:tokens:assume

-

-

Access Key Management

Permission

API

Action

IAM Project

Enterprise Project

Listing Permanent Access Keys

GET /v3.0/OS-CREDENTIAL/credentials

iam:credentials:listCredentials

-

-

Querying a Permanent Access Key

GET /v3.0/OS-CREDENTIAL/credentials/{access_key}

iam:credentials:getCredential

-

-

Creating a Permanent Access Key

POST /v3.0/OS-CREDENTIAL/credentials

iam:credentials:createCredential

-

-

Modifying a Permanent Access Key

PUT /v3.0/OS-CREDENTIAL/credentials/{access_key}

iam:credentials:updateCredential

-

-

Deleting a Permanent Access Key

DELETE /v3.0/OS-CREDENTIAL/credentials/{access_key}

iam:credentials:deleteCredential

-

-

Virtual MFA Device Management

Permission

API

Action

IAM Project

Enterprise Project

Unbinding a Virtual MFA Device

×

iam:mfa:unbindMFADevice

-

-

Binding a Virtual MFA Device

×

iam:mfa:bindMFADevice

-

-

Creating a Virtual MFA Device

×

iam:mfa:createVirtualMFADevice

-

-

Deleting a Virtual MFA Device

×

iam:mfa:deleteVirtualMFADevice

-

-

Project Management

Permission

API

Action

IAM Project

Enterprise Project

Creating a Project

POST /v3/projects

iam:projects:createProject

-

-

Modifying Project Data

PATCH /v3/projects/{project_id}

iam:projects:updateProject

-

-

Changing Project Status

PUT /v3-ext/projects/{project_id}

iam:projects:updateProject

-

-

Querying the List of Projects Accessible to Users

GET /v3/users/{user_id}/projects

iam:projects:listProjectsForUser

-

-

Deleting a Project

×

iam:projects:deleteProject

-

-

User Management

Permission

API

Action

IAM Project

Enterprise Project

Listing Users

GET /v3/users

iam:users:listUsers

-

-

Querying User Details

GET /v3/users/{user_id}

iam:users:getUser

-

-

Querying User Details (Recommended)

GET /v3.0/OS-USER/users/{user_id}

iam:users:getUser

-

-

Querying the User Group to Which a User Belongs

GET /v3/users/{user_id}/groups

iam:groups:listGroupsForUser

-

-

Querying Users in a User Group

GET /v3/groups/{group_id}/users

iam:users:listUsersForGroup

-

-

Creating a User

POST /v3/users

iam:users:createUser

-

-

Modifying User Information

PATCH /v3/users/{user_id}

iam:users:updateUser

-

-

Deleting a User

DELETE /v3/users/{user_id}

iam:users:deleteUser

-

-

Resetting a User's Password

×

iam:users:resetUserPassword

-

-

Configuring Login Protection

×

iam:users:setUserLoginProtect

-

-

Listing Users Who Have Access to a Specified Project

×

iam:users:listUsersForProject

-

-

Deleting a User from a User Group

DELETE /v3/groups/{group_id}/users/{user_id}

iam:permissions:removeUserFromGroup

-

-

User Group Management

Permission

API

Action

IAM Project

Enterprise Project

Querying Users in a User Group

GET /v3/groups/{group_id}/users

iam:users:listUsersForGroup

-

-

Listing User Groups

GET /v3/groups{?domain_id,name}

iam:groups:listGroups

-

-

Querying User Group Details

GET /v3/groups/{group_id}

iam:groups:getGroup

-

-

Creating a User Group

POST /v3/groups

iam:groups:createGroup

-

-

Adding a User to a User Group

PUT /v3/groups/{group_id}/users/{user_id}

iam:permissions:addUserToGroup

-

-

Updating User Group Information

PATCH /v3/groups/{group_id}

iam:groups:updateGroup

-

-

Deleting a User Group

DELETE /v3/groups/{group_id}

  • iam:groups:deleteGroup
  • iam:permissions:removeUserFromGroup
  • iam:permissions:revokeRoleFromGroup
  • iam:permissions:revokeRoleFromGroupOnProject
  • iam:permissions:revokeRoleFromGroupOnDomain

-

-

Checking Whether a User Belongs to a Specified User Group

HEAD /v3/groups/{group_id}/users/{user_id}

iam:permissions:checkUserInGroup

-

-

Permissions Management

Permission

API

Action

IAM Project

Enterprise Project

Querying a Role List

GET /v3/roles

iam:roles:listRoles

-

-

Querying Role Details

GET /v3/roles/{role_id}

iam:roles:getRole

-

-

Querying Permissions of a User Group Under a Domain

GET /v3/domains/{domain_id}/groups/{group_id}/roles

iam:permissions:listRolesForGroupOnDomain

-

-

Querying Permissions of a User Group Corresponding to a Project

GET /v3/projects/{project_id}/groups/{group_id}/roles

iam:permissions:listRolesForGroupOnProject

-

-

Granting Permissions to a User Group of a Domain

PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

iam:permissions:grantRoleToGroupOnDomain

-

-

Granting Permissions to a User Group Corresponding to a Project

PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

iam:permissions:grantRoleToGroupOnProject

-

-

Removing Permissions of a User Group Corresponding to a Project

DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

iam:permissions:revokeRoleFromGroupOnProject

-

-

Removing Permissions of a User Group of a Domain

DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

iam:permissions:revokeRoleFromGroupOnDomain

-

-

Querying Whether a User Group Under a Domain Has Specific Permissions

HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

iam:permissions:checkRoleForGroupOnDomain

-

-

Querying Whether a User Group Corresponding to a Project Has Specific Permissions

HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

iam:permissions:checkRoleForGroupOnProject

-

-

Granting Permissions to a User Group

PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

iam:permissions:grantRoleToGroup

-

-

Querying the Permissions Granted to a User for a Specified Project

×

iam:permissions:listRolesForUserOnProject

-

-

Querying All Permissions of a User Group

×

iam:permissions:listRolesForGroup

-

-

Checking Whether a User Group Has Specified Permissions

×

iam:permissions:checkRoleForGroup

-

-

Removing Permissions of a User Group

×

iam:permissions:revokeRoleFromGroup

-

-

Custom Policy Management

Permission

API

Action

IAM Project

Enterprise Project

Listing Custom Policies

GET /v3.0/OS-ROLE/roles

iam:roles:listRoles

-

-

Querying Custom Policy Details

GET /v3.0/OS-ROLE/roles/{role_id}

iam:roles:getRole

-

-

Creating a Custom Policy

POST /v3.0/OS-ROLE/roles

iam:roles:createRole

-

-

Modifying a Custom Policy

PATCH /v3.0/OS-ROLE/roles/{role_id}

iam:roles:updateRole

-

-

Deleting a Custom Policy

DELETE /v3.0/OS-ROLE/roles/{role_id}

iam:roles:deleteRole

-

-

Agency Management

Permission

API

Action

IAM Project

Enterprise Project

Creating an Agency

POST /v3.0/OS-AGENCY/agencies

iam:agencies:createAgency

-

-

Listing Agencies

GET /v3.0/OS-AGENCY/agencies

iam:agencies:listAgencies

-

-

Querying Agency Details

GET /v3.0/OS-AGENCY/agencies/{agency_id}

iam:agencies:getAgency

-

-

Modifying an Agency

PUT /v3.0/OS-AGENCY/agencies/{agency_id}

iam:agencies:updateAgency

-

-

Deleting an Agency

DELETE /v3.0/OS-AGENCY/agencies/{agency_id}

iam:agencies:deleteAgency

-

-

Granting Permissions to an Agency for a Project

PUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}

iam:permissions:grantRoleToAgencyOnProject

-

-

Checking Whether an Agency Has the Specified Permissions on a Project

HEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}

iam:permissions:checkRoleForAgencyOnProject

-

-

Querying Permissions of an Agency for a Project

GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles

iam:permissions:listRolesForAgencyOnProject

-

-

Removing Permissions of an Agency on a Project

DELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}

iam:permissions:revokeRoleFromAgencyOnProject

-

-

Granting Permissions to an Agency on a Domain

PUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}

iam:permissions:grantRoleToAgencyOnDomain

-

-

Checking Whether an Agency Has the Specified Permissions on a Domain

HEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}

iam:permissions:checkRoleForAgencyOnDomain

-

-

Querying the List of Permissions of an Agency on a Domain

GET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles

iam:permissions:listRolesForAgencyOnDomain

-

-

Removing Permissions of an Agency on a Domain

DELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}

iam:permissions:revokeRoleFromAgencyOnDomain

-

-

Federated Identity Authentication Management

Permission

API

Action

IAM Project

Enterprise Project

Querying the Identity Provider List

GET /v3/OS-FEDERATION/identity_providers

iam:identityProviders:listIdentityProviders

-

-

Querying an Identity Provider

GET /v3/OS-FEDERATION/identity_providers/{id}

iam:identityProviders:getIdentityProvider

-

-

Creating an Identity Provider

PUT /v3/OS-FEDERATION/identity_providers/{id}

iam:identityProviders:createIdentityProvider

-

-

Updating an Identity Provider

PATCH /v3/OS-FEDERATION/identity_providers/{id}

iam:identityProviders:updateIdentityProvider

-

-

Deleting an Identity Provider

DELETE /v3/OS-FEDERATION/identity_providers/{id}

iam:identityProviders:deleteIdentityProvider

-

-

Querying the Mapping List

GET /v3/OS-FEDERATION/mappings

iam:identityProviders:listMappings

-

-

Querying Mapping Details

GET /v3/OS-FEDERATION/mappings/{id}

iam:identityProviders:getMapping

-

-

Creating a Mapping

PUT /v3/OS-FEDERATION/mappings/{id}

iam:identityProviders:createMapping

-

-

Updating a Mapping

PATCH /v3/OS-FEDERATION/mappings/{id}

iam:identityProviders:updateMapping

-

-

Deleting a Mapping

DELETE /v3/OS-FEDERATION/mappings/{id}

iam:identityProviders:deleteMapping

-

-

Querying the Protocol List

GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols

iam:identityProviders:listProtocols

-

-

Querying a Protocol

GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

iam:identityProviders:getProtocol

-

-

Registering a Protocol

PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

iam:identityProviders:createProtocol

-

-

Updating a Protocol

PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

iam:identityProviders:updateProtocol

-

-

Deleting a Protocol

DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

iam:identityProviders:deleteProtocol

-

-

Querying a Metadata File

GET /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata

iam:identityProviders:getIDPMetadata

-

-

Importing a Metadata File

POST /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata

iam:identityProviders:createIDPMetadata

-

-