Updated on 2025-08-26 GMT+08:00

Obtaining Access Policy Details

Function

This API is used to obtain an access policy.

Calling Method

For details, see Calling APIs.

URI

GET /api/v3/access-policies/{policy_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

policy_id

Yes

String

Definition:

Access policy ID. For details about how to obtain the access policy ID, see Obtaining the Access Policy List.

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Request Parameters

None

Response Parameters

Status code: 200

Table 2 Response body parameters

Parameter

Type

Description

kind

String

Definition:

API type

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

AccessPolicy

apiVersion

String

Definition:

API version

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

v3

name

String

Definition:

Access policy name

Constraints:

Enter 1 to 56 characters starting with a lowercase letter and not ending with a hyphen (-). Only lowercase letters, digits, hyphens (-), and periods (.) are allowed.

Range:

N/A

Default Value:

N/A

policyId

String

Definition:

Permission ID

Constraints:

The value is automatically generated and cannot be changed.

Range:

N/A

Default Value:

N/A

clusters

Array of strings

Definition:

List of cluster IDs. Wildcards (*) are allowed, which indicate all clusters.

Constraints:

A maximum of 200 clusters can be authorized at a time.

Range:

[*] or cluster ID list

Default Value:

N/A

accessScope

AccessScope object

Definition:

Access scope, which is used to specify the cluster and namespace to be authorized

Constraints:

N/A

policyType

String

Definition:

Permission type

Constraints:

N/A

Range:

  • CCEAdminPolicy: administrator permissions

  • CCEClusterAdminPolicy: O&M permissions

  • CCEEditPolicy: development permissions

  • CCEViewPolicy: read-only permissions

Default Value:

N/A

principal

Principal object

Definition:

Authorization object

Constraints:

N/A

createTime

String

Definition:

Creation time

Constraints:

N/A

Range:

N/A

Default Value:

N/A

updateTime

String

Definition:

Update time

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Table 3 AccessScope

Parameter

Type

Description

namespaces

Array of strings

Definition

List of cluster namespaces. Wildcards (*) are allowed to indicate all namespaces. If different clusters are selected, the namespace list can be a collection of multiple clusters. When RBAC authorization is used, CCE automatically checks whether the namespaces exist in the clusters.

Constraints

A maximum of 500 namespaces can be authorized at a time.

Range

[*] or cluster namespace list

Default Value

N/A

Table 4 Principal

Parameter

Type

Description

type

String

Definition:

Type of the authorization object

Constraints:

N/A

Range:

  • user: user

  • group: user group

  • agency: agency account

Default Value:

N/A

ids

Array of strings

Definition:

List of IDs of authorized objects. Enter the IDs based on the object type, user, user group, and agency account.

Constraints:

A maximum of 500 users or user groups can be authorized at a time.

Range:

N/A

Default Value:

N/A

Example Requests

None

Example Responses

Status code: 200

{
  "kind" : "AccessPolicy",
  "apiVersion" : "v3",
  "name" : "test-access-policy",
  "policyId" : "402358e8-2e3a-4531-bae7-fe9cba14d0d1",
  "clusters" : [ "*" ],
  "accessScope" : {
    "namespaces" : [ "*" ]
  },
  "policy" : "CCEAdminPolicy",
  "principal" : {
    "type" : "user",
    "ids" : [ "069fcc2116c347b89869eae3cdxxxxxx1", "069fcc2116c347b89869eae3cdxxxxxx2" ]
  },
  "createTime" : "",
  "updateTime" : ""
}

Status Codes

Status Code

Description

200

Error Codes

See Error Codes.