Creating a Custom Policy for Agencies
Function
This API is provided for the administrator to create a custom policy for agencies.
The API can be called using both the global endpoint and region-specific endpoints.
URI
POST /v3.0/OS-ROLE/roles
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Token with Security Administrator permissions. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Yes |
Object |
Custom policy information. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
display_name |
Yes |
String |
Display name of the custom policy. |
type |
Yes |
String |
Display mode.
NOTE:
|
description |
Yes |
String |
Description of the custom policy. |
description_cn |
No |
String |
Description of the custom policy. |
Yes |
Object |
Content of custom policy. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Version |
Yes |
String |
Policy version. When creating a custom policy, set this parameter to 1.1.
NOTE:
|
Yes |
Array of objects |
Statement of the policy. A policy can contain a maximum of eight statements. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Action |
Yes |
Array of strings |
An action item is a specific operation permission on a resource.
NOTE:
Options:
|
Effect |
Yes |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
No |
Object |
Resources to be managed. After an account establishes multiple trust relationships between itself and your account, you can authorize IAM users in different user groups to manage resources of the delegating party. Each IAM user can only switch to the delegated agencies. For example: "Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]} |
Response Parameters
Parameter |
Type |
Description |
---|---|---|
Object |
Custom policy information. |
Parameter |
Type |
Description |
---|---|---|
catalog |
String |
Service catalog. |
display_name |
String |
Display name of the custom policy. |
description |
String |
Description of the custom policy. |
Object |
Resource link of the custom policy. |
|
Object |
Content of custom policy. |
|
description_cn |
String |
Description of the custom policy. |
domain_id |
String |
Domain ID. |
type |
String |
Display mode.
NOTE:
|
id |
String |
Policy ID. |
name |
String |
Name of the custom policy. |
updated_time |
String |
Time when the custom policy was last updated. |
created_time |
String |
Time when the custom policy was created. |
references |
String |
Number of references. |
Parameter |
Type |
Description |
---|---|---|
Version |
String |
Policy version.
NOTE:
|
Array of objects |
Statement of the policy. A policy can contain a maximum of eight statements. |
Parameter |
Type |
Description |
---|---|---|
Action |
Array of strings |
An action item is a specific operation permission on a resource.
NOTE:
|
Effect |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
Object |
Resources to be managed. After an account establishes multiple trust relationships between itself and your account, you can authorize IAM users in different user groups to manage resources of the delegating party. Each IAM user can only switch to the delegated agencies. For example: "Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]} |
Example Request
POST https://sample.domain.com/v3.0/OS-ROLE/roles
{ "role": { "display_name": "IAMAgencyPolicy", "type": "AX", "description": "IAMDescription", "description_cn": "Policy description", "policy": { "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "iam:agencies:assume" ], "Resource": { "uri": [ "/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c" ] } } ] } } }
Example Response
Status code: 201
The request is successful.
{ "role": { "catalog": "CUSTOMED", "display_name": "IAMAgencyPolicy", "description": "IAMDescription", "links": { "self": "https://sample.domain.com/v3/roles/f67224e84dc849ab954ce29fb4f47f8e" }, "policy": { "Version": "1.1", "Statement": [ { "Action": [ "iam:agencies:assume" ], "Resource": { "uri": [ "/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c" ] }, "Effect": "Allow" } ] }, "description_cn": "Policy description", "domain_id": "d78cbac186b744899480f25bd02...", "type": "AX", "id": "f67224e84dc849ab954ce29fb4f47f8e", "name": "custom_d78cbac186b744899480f25bd022f468_0" } }
Status Codes
Status Code |
Description |
---|---|
201 |
The request is successful. |
400 |
The server failed to process the request. |
401 |
Authentication failed. |
403 |
Access denied. |
500 |
Internal server error. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot