Help Center> Identity and Access Management> API Reference (Kuala Lumpur Region)> Permissions Policies and Supported Actions> Action List

Updated on 2022-08-16 GMT+08:00

View PDF

Action List

Token Management

Permission

API

Action

IAM Project

Enterprise Project

Obtaining an Agency Token

POST /v3/auth/tokens

iam:tokens:assume

-

-

Access Key Management

Permission	API	Action	IAM Project	Enterprise Project
Listing Permanent Access Keys	GET /v3.0/OS-CREDENTIAL/credentials	iam:credentials:listCredentials	-	-
Querying a Permanent Access Key	GET /v3.0/OS-CREDENTIAL/credentials/{access_key}	iam:credentials:getCredential	-	-
Creating a Permanent Access Key	POST /v3.0/OS-CREDENTIAL/credentials	iam:credentials:createCredential	-	-
Modifying a Permanent Access Key	PUT /v3.0/OS-CREDENTIAL/credentials/{access_key}	iam:credentials:updateCredential	-	-
Deleting a Permanent Access Key	DELETE /v3.0/OS-CREDENTIAL/credentials/{access_key}	iam:credentials:deleteCredential	-	-

Virtual MFA Device Management

Permission	API	Action	IAM Project	Enterprise Project
Unbinding a Virtual MFA Device	×	iam:mfa:unbindMFADevice	-	-
Binding a Virtual MFA Device	×	iam:mfa:bindMFADevice	-	-
Creating a Virtual MFA Device	×	iam:mfa:createVirtualMFADevice	-	-
Deleting a Virtual MFA Device	×	iam:mfa:deleteVirtualMFADevice	-	-

Project Management

Permission	API	Action	IAM Project	Enterprise Project
Creating a Project	POST /v3/projects	iam:projects:createProject	-	-
Modifying Project Data	PATCH /v3/projects/{project_id}	iam:projects:updateProject	-	-
Changing Project Status	PUT /v3-ext/projects/{project_id}	iam:projects:updateProject	-	-
Querying the List of Projects Accessible to Users	GET /v3/users/{user_id}/projects	iam:projects:listProjectsForUser	-	-
Deleting a Project	×	iam:projects:deleteProject	-	-

User Management

Permission	API	Action	IAM Project	Enterprise Project
Listing Users	GET /v3/users	iam:users:listUsers	-	-
Querying User Details	GET /v3/users/{user_id}	iam:users:getUser	-	-
Querying User Details (Recommended)	GET /v3.0/OS-USER/users/{user_id}	iam:users:getUser	-	-
Querying the User Group to Which a User Belongs	GET /v3/users/{user_id}/groups	iam:groups:listGroupsForUser	-	-
Querying Users in a User Group	GET /v3/groups/{group_id}/users	iam:users:listUsersForGroup	-	-
Creating a User	POST /v3/users	iam:users:createUser	-	-
Modifying User Information	PATCH /v3/users/{user_id}	iam:users:updateUser	-	-
Deleting a User	DELETE /v3/users/{user_id}	iam:users:deleteUser	-	-
Resetting a User's Password	×	iam:users:resetUserPassword	-	-
Configuring Login Protection	×	iam:users:setUserLoginProtect	-	-
Listing Users Who Have Access to a Specified Project	×	iam:users:listUsersForProject	-	-
Deleting a User from a User Group	DELETE /v3/groups/{group_id}/users/{user_id}	iam:permissions:removeUserFromGroup	-	-

User Group Management

Permission	API	Action	IAM Project	Enterprise Project
Querying Users in a User Group	GET /v3/groups/{group_id}/users	iam:users:listUsersForGroup	-	-
Listing User Groups	GET /v3/groups{?domain_id,name}	iam:groups:listGroups	-	-
Querying User Group Details	GET /v3/groups/{group_id}	iam:groups:getGroup	-	-
Creating a User Group	POST /v3/groups	iam:groups:createGroup	-	-
Adding a User to a User Group	PUT /v3/groups/{group_id}/users/{user_id}	iam:permissions:addUserToGroup	-	-
Updating User Group Information	PATCH /v3/groups/{group_id}	iam:groups:updateGroup	-	-
Deleting a User Group	DELETE /v3/groups/{group_id}	iam:groups:deleteGroup iam:permissions:removeUserFromGroup iam:permissions:revokeRoleFromGroup iam:permissions:revokeRoleFromGroupOnProject iam:permissions:revokeRoleFromGroupOnDomain	-	-
Checking Whether a User Belongs to a Specified User Group	HEAD /v3/groups/{group_id}/users/{user_id}	iam:permissions:checkUserInGroup	-	-

Permissions Management

Permission	API	Action	IAM Project	Enterprise Project
Querying a Role List	GET /v3/roles	iam:roles:listRoles	-	-
Querying Role Details	GET /v3/roles/{role_id}	iam:roles:getRole	-	-
Querying Permissions of a User Group Under a Domain	GET /v3/domains/{domain_id}/groups/{group_id}/roles	iam:permissions:listRolesForGroupOnDomain	-	-
Querying Permissions of a User Group Corresponding to a Project	GET /v3/projects/{project_id}/groups/{group_id}/roles	iam:permissions:listRolesForGroupOnProject	-	-
Granting Permissions to a User Group of a Domain	PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}	iam:permissions:grantRoleToGroupOnDomain	-	-
Granting Permissions to a User Group Corresponding to a Project	PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}	iam:permissions:grantRoleToGroupOnProject	-	-
Removing Permissions of a User Group Corresponding to a Project	DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}	iam:permissions:revokeRoleFromGroupOnProject	-	-
Removing Permissions of a User Group of a Domain	DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}	iam:permissions:revokeRoleFromGroupOnDomain	-	-
Querying Whether a User Group Under a Domain Has Specific Permissions	HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}	iam:permissions:checkRoleForGroupOnDomain	-	-
Querying Whether a User Group Corresponding to a Project Has Specific Permissions	HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}	iam:permissions:checkRoleForGroupOnProject	-	-
Granting Permissions to a User Group	PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}	iam:permissions:grantRoleToGroup	-	-
Querying the Permissions Granted to a User for a Specified Project	×	iam:permissions:listRolesForUserOnProject	-	-
Querying All Permissions of a User Group	×	iam:permissions:listRolesForGroup	-	-
Checking Whether a User Group Has Specified Permissions	×	iam:permissions:checkRoleForGroup	-	-
Removing Permissions of a User Group	×	iam:permissions:revokeRoleFromGroup	-	-

Custom Policy Management

Permission	API	Action	IAM Project	Enterprise Project
Listing Custom Policies	GET /v3.0/OS-ROLE/roles	iam:roles:listRoles	-	-
Querying Custom Policy Details	GET /v3.0/OS-ROLE/roles/{role_id}	iam:roles:getRole	-	-
Creating a Custom Policy	POST /v3.0/OS-ROLE/roles	iam:roles:createRole	-	-
Modifying a Custom Policy	PATCH /v3.0/OS-ROLE/roles/{role_id}	iam:roles:updateRole	-	-
Deleting a Custom Policy	DELETE /v3.0/OS-ROLE/roles/{role_id}	iam:roles:deleteRole	-	-

Agency Management

Permission	API	Action	IAM Project	Enterprise Project
Creating an Agency	POST /v3.0/OS-AGENCY/agencies	iam:agencies:createAgency	-	-
Listing Agencies	GET /v3.0/OS-AGENCY/agencies	iam:agencies:listAgencies	-	-
Querying Agency Details	GET /v3.0/OS-AGENCY/agencies/{agency_id}	iam:agencies:getAgency	-	-
Modifying an Agency	PUT /v3.0/OS-AGENCY/agencies/{agency_id}	iam:agencies:updateAgency	-	-
Deleting an Agency	DELETE /v3.0/OS-AGENCY/agencies/{agency_id}	iam:agencies:deleteAgency	-	-
Granting Permissions to an Agency for a Project	PUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}	iam:permissions:grantRoleToAgencyOnProject	-	-
Checking Whether an Agency Has the Specified Permissions on a Project	HEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}	iam:permissions:checkRoleForAgencyOnProject	-	-
Querying Permissions of an Agency for a Project	GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles	iam:permissions:listRolesForAgencyOnProject	-	-
Removing Permissions of an Agency on a Project	DELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}	iam:permissions:revokeRoleFromAgencyOnProject	-	-
Granting Permissions to an Agency on a Domain	PUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}	iam:permissions:grantRoleToAgencyOnDomain	-	-
Checking Whether an Agency Has the Specified Permissions on a Domain	HEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}	iam:permissions:checkRoleForAgencyOnDomain	-	-
Querying the List of Permissions of an Agency on a Domain	GET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles	iam:permissions:listRolesForAgencyOnDomain	-	-
Removing Permissions of an Agency on a Domain	DELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}	iam:permissions:revokeRoleFromAgencyOnDomain	-	-

Federated Identity Authentication Management

Permission	API	Action	IAM Project	Enterprise Project
Querying the Identity Provider List	GET /v3/OS-FEDERATION/identity_providers	iam:identityProviders:listIdentityProviders	-	-
Querying an Identity Provider	GET /v3/OS-FEDERATION/identity_providers/{id}	iam:identityProviders:getIdentityProvider	-	-
Creating an Identity Provider	PUT /v3/OS-FEDERATION/identity_providers/{id}	iam:identityProviders:createIdentityProvider	-	-
Updating an Identity Provider	PATCH /v3/OS-FEDERATION/identity_providers/{id}	iam:identityProviders:updateIdentityProvider	-	-
Deleting an Identity Provider	DELETE /v3/OS-FEDERATION/identity_providers/{id}	iam:identityProviders:deleteIdentityProvider	-	-
Querying the Mapping List	GET /v3/OS-FEDERATION/mappings	iam:identityProviders:listMappings	-	-
Querying Mapping Details	GET /v3/OS-FEDERATION/mappings/{id}	iam:identityProviders:getMapping	-	-
Creating a Mapping	PUT /v3/OS-FEDERATION/mappings/{id}	iam:identityProviders:createMapping	-	-
Updating a Mapping	PATCH /v3/OS-FEDERATION/mappings/{id}	iam:identityProviders:updateMapping	-	-
Deleting a Mapping	DELETE /v3/OS-FEDERATION/mappings/{id}	iam:identityProviders:deleteMapping	-	-
Querying the Protocol List	GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols	iam:identityProviders:listProtocols	-	-
Querying a Protocol	GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}	iam:identityProviders:getProtocol	-	-
Registering a Protocol	PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}	iam:identityProviders:createProtocol	-	-
Updating a Protocol	PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}	iam:identityProviders:updateProtocol	-	-
Deleting a Protocol	DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}	iam:identityProviders:deleteProtocol	-	-
Querying a Metadata File	GET /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata	iam:identityProviders:getIDPMetadata	-	-
Importing a Metadata File	POST /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata	iam:identityProviders:createIDPMetadata	-	-

Parent topic: Permissions Policies and Supported Actions

Previous topic: Introduction

Next topic: Appendix

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.