Updated on 2025-08-26 GMT+08:00

Obtaining the Access Policy List

Function

This API is used to obtain the access policy list.

Calling Method

For details, see Calling APIs.

URI

GET /api/v3/access-policies

Table 1 Query Parameters

Parameter

Mandatory

Type

Description

cluster_id

No

String

Definition:

Cluster ID. Only actions related to the cluster are returned. For details about how to obtain the value, see How to Obtain Parameters in the API URI.

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Request Parameters

None

Response Parameters

Status code: 200

Table 2 Response body parameters

Parameter

Type

Description

kind

String

Definition:

API type

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

List

apiVersion

String

Definition:

API version

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

v3

accessPolicyList

Array of AccessPolicyResp objects

Table 3 AccessPolicyResp

Parameter

Type

Description

kind

String

Definition:

API type

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

AccessPolicy

apiVersion

String

Definition:

API version

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

v3

name

String

Definition:

Access policy name

Constraints:

Enter 1 to 56 characters starting with a lowercase letter and not ending with a hyphen (-). Only lowercase letters, digits, hyphens (-), and periods (.) are allowed.

Range:

N/A

Default Value:

N/A

policyId

String

Definition:

Permission ID

Constraints:

The value is automatically generated and cannot be changed.

Range:

N/A

Default Value:

N/A

clusters

Array of strings

Definition:

List of cluster IDs. Wildcards (*) are allowed, which indicate all clusters.

Constraints:

A maximum of 200 clusters can be authorized at a time.

Range:

[*] or cluster ID list

Default Value:

N/A

accessScope

AccessScope object

Definition:

Access scope, which is used to specify the cluster and namespace to be authorized

Constraints:

N/A

policyType

String

Definition:

Permission type

Constraints:

N/A

Range:

  • CCEAdminPolicy: administrator permissions

  • CCEClusterAdminPolicy: O&M permissions

  • CCEEditPolicy: development permissions

  • CCEViewPolicy: read-only permissions

Default Value:

N/A

principal

Principal object

Definition:

Authorization object

Constraints:

N/A

createTime

String

Definition:

Creation time

Constraints:

N/A

Range:

N/A

Default Value:

N/A

updateTime

String

Definition:

Update time

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Table 4 AccessScope

Parameter

Type

Description

namespaces

Array of strings

Definition

List of cluster namespaces. Wildcards (*) are allowed to indicate all namespaces. If different clusters are selected, the namespace list can be a collection of multiple clusters. When RBAC authorization is used, CCE automatically checks whether the namespaces exist in the clusters.

Constraints

A maximum of 500 namespaces can be authorized at a time.

Range

[*] or cluster namespace list

Default Value

N/A

Table 5 Principal

Parameter

Type

Description

type

String

Definition:

Type of the authorization object

Constraints:

N/A

Range:

  • user: user

  • group: user group

  • agency: agency account

Default Value:

N/A

ids

Array of strings

Definition:

List of IDs of authorized objects. Enter the IDs based on the object type, user, user group, and agency account.

Constraints:

A maximum of 500 users or user groups can be authorized at a time.

Range:

N/A

Default Value:

N/A

Example Requests

None

Example Responses

Status code: 200

kind: List
apiVersion: v3
accessPolicyList:
  - kind: AccessPolicy
    apiVersion: v3
    name: test-access-policy
    policyId: 402358e8-2e3a-4531-bae7-fe9cba14d0d1
    clusters:
      - "*"
    accessScope:
      namespaces:
        - "*"
    policy: CCEAdminPolicy
    principal:
      type: user
      ids:
        - '069fcc2116c347b89869eae3cdxxxxxx1'
        - '069fcc2116c347b89869eae3cdxxxxxx2'
    createTime: ''
    updateTime: ''

Status Codes

Status Code

Description

200

Error Codes

See Error Codes.