Updated on 2025-08-26 GMT+08:00

Updating an Access Policy

Function

This API is used to update an access policy.

Calling Method

For details, see Calling APIs.

URI

PUT /api/v3/access-policies/{policy_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

policy_id

Yes

String

Definition:

Access policy ID. For details about how to obtain the access policy ID, see Obtaining the Access Policy List.

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

kind

No

String

Definition:

API type

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

AccessPolicy

apiVersion

No

String

Definition:

API version

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

v3

name

No

String

Definition:

Access policy name

Constraints:

Enter 1 to 56 characters starting with a lowercase letter and not ending with a hyphen (-). Only lowercase letters, digits, hyphens (-), and periods (.) are allowed.

Range:

N/A

Default Value:

N/A

clusters

Yes

Array of strings

Definition:

List of cluster IDs. Wildcards (*) are allowed, which indicate all clusters. For details about how to obtain the value, see How to Obtain Parameters in the API URI.

Constraints:

A maximum of 200 clusters can be authorized at a time.

Range:

[*] or cluster ID list

Default Value:

N/A

accessScope

Yes

AccessScope object

Definition:

Access scope, which is used to specify the cluster and namespace to be authorized

Constraints:

N/A

policyType

Yes

String

Definition:

Permission type

Constraints:

N/A

Range:

  • CCEAdminPolicy: administrator permissions

  • CCEClusterAdminPolicy: O&M permissions

  • CCEEditPolicy: development permissions

  • CCEViewPolicy: read-only permissions

Default Value:

N/A

principal

Yes

Principal object

Definition:

Authorization object

Constraints:

N/A

Table 3 AccessScope

Parameter

Mandatory

Type

Description

namespaces

Yes

Array of strings

Definition

List of cluster namespaces. Wildcards (*) are allowed to indicate all namespaces. If different clusters are selected, the namespace list can be a collection of multiple clusters. When RBAC authorization is used, CCE automatically checks whether the namespaces exist in the clusters.

Constraints

A maximum of 500 namespaces can be authorized at a time.

Range

[*] or cluster namespace list

Default Value

N/A

Table 4 Principal

Parameter

Mandatory

Type

Description

type

Yes

String

Definition:

Type of the authorization object

Constraints:

N/A

Range:

  • user: user

  • group: user group

  • agency: agency account

Default Value:

N/A

ids

Yes

Array of strings

Definition:

List of IDs of authorized objects. Enter the IDs based on the object type, user, user group, and agency account.

Constraints:

A maximum of 500 users or user groups can be authorized at a time.

Range:

N/A

Default Value:

N/A

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

kind

String

Definition:

API type

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

AccessPolicy

apiVersion

String

Definition:

API version

Constraints:

The value cannot be changed.

Range:

N/A

Default Value:

v3

name

String

Definition:

Access policy name

Constraints:

Enter 1 to 56 characters starting with a lowercase letter and not ending with a hyphen (-). Only lowercase letters, digits, hyphens (-), and periods (.) are allowed.

Range:

N/A

Default Value:

N/A

policyId

String

Definition:

Permission ID

Constraints:

The value is automatically generated and cannot be changed.

Range:

N/A

Default Value:

N/A

clusters

Array of strings

Definition:

List of cluster IDs. Wildcards (*) are allowed, which indicate all clusters.

Constraints:

A maximum of 200 clusters can be authorized at a time.

Range:

[*] or cluster ID list

Default Value:

N/A

accessScope

AccessScope object

Definition:

Access scope, which is used to specify the cluster and namespace to be authorized

Constraints:

N/A

policyType

String

Definition:

Permission type

Constraints:

N/A

Range:

  • CCEAdminPolicy: administrator permissions

  • CCEClusterAdminPolicy: O&M permissions

  • CCEEditPolicy: development permissions

  • CCEViewPolicy: read-only permissions

Default Value:

N/A

principal

Principal object

Definition:

Authorization object

Constraints:

N/A

createTime

String

Definition:

Creation time

Constraints:

N/A

Range:

N/A

Default Value:

N/A

updateTime

String

Definition:

Update time

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Table 6 AccessScope

Parameter

Type

Description

namespaces

Array of strings

Definition

List of cluster namespaces. Wildcards (*) are allowed to indicate all namespaces. If different clusters are selected, the namespace list can be a collection of multiple clusters. When RBAC authorization is used, CCE automatically checks whether the namespaces exist in the clusters.

Constraints

A maximum of 500 namespaces can be authorized at a time.

Range

[*] or cluster namespace list

Default Value

N/A

Table 7 Principal

Parameter

Type

Description

type

String

Definition:

Type of the authorization object

Constraints:

N/A

Range:

  • user: user

  • group: user group

  • agency: agency account

Default Value:

N/A

ids

Array of strings

Definition:

List of IDs of authorized objects. Enter the IDs based on the object type, user, user group, and agency account.

Constraints:

A maximum of 500 users or user groups can be authorized at a time.

Range:

N/A

Default Value:

N/A

Example Requests

Update an access policy.

POST /api/v3/access-policies

{
  "kind" : "AccessPolicy",
  "apiVersion" : "v2",
  "name" : "test-access-policy",
  "accessScope" : {
    "clusters" : [ "*" ],
    "namespaces" : [ "*" ]
  },
  "policy" : "CCEAdminPolicy",
  "principal" : {
    "type" : "user",
    "ids" : [ "069fcc2116c347b89869eae3cdxxxxxx1", "069fcc2116c347b89869eae3cdxxxxxx2" ]
  }
}

Example Responses

Status code: 200

{
  "kind" : "AccessPolicy",
  "apiVersion" : "v3",
  "name" : "test-access-policy",
  "policyId" : "402358e8-2e3a-4531-bae7-fe9cba14d0d1",
  "clusters" : [ "*" ],
  "accessScope" : {
    "namespaces" : [ "*" ]
  },
  "policy" : "CCEAdminPolicy",
  "principal" : {
    "type" : "user",
    "ids" : [ "069fcc2116c347b89869eae3cdxxxxxx1", "069fcc2116c347b89869eae3cdxxxxxx2" ]
  },
  "createTime" : "",
  "updateTime" : ""
}

Status Codes

Status Code

Description

200

Error Codes

See Error Codes.