Help Center/ Workspace/ Service Overview/ Permissions/ Permissions and Supported Actions
Updated on 2024-03-19 GMT+08:00

Permissions and Supported Actions

IMS provides system-defined policies. You can also create custom policies for more specific access control. Operations supported by policies are specific to APIs. The following are basic concepts related to policies:

  • Permissions: allow or deny certain operations.
  • APIs: APIs that can be called in a custom policy.
  • Actions: specific operations that are allowed or denied in a custom policy.
  • Dependencies: actions that a specific action depends on. When allowing an action for a user, you also need to allow its dependent actions for that user.
  • IAM projects or enterprise projects: Applicable scope of custom policies. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?.

Action

API

Supported Action

Project

Enterprise Project

workspace:desktops:create

POST /v2/{project_id}/desktops

Create a desktop

workspace:desktops:update

PUT /v2/{project_id}/desktops/{desktop_id}

Update a desktop

workspace:desktops:delete

DELETE /v2/{project_id}/desktops/{desktop_id}

Delete a desktop

workspace:desktops:get

GET /v2/{project_id}/desktops/{desktop_id}

Query desktop details

workspace:desktops:list

GET /v2/{project_id}/desktops

List desktops

workspace:desktops:listDetail

GET /v2/{project_id}/desktops/detail

List desktop details

workspace:desktops:batchDelete

POST /v2/{project_id}/desktops/batch-delete

Batch delete desktops

workspace:desktops:operate

POST /v2/{project_id}/desktops/action

Perform operations on a desktop (power-on/off, restart, and hibernation)

workspace:desktops:reboot

POST /v2/{project_id}/desktops/reboot

Restart a desktop

workspace:desktops:start

POST /v2/{project_id}/desktops/start

Start a desktop

workspace:desktops:stop

POST /v2/{project_id}/desktops/stop

Stop a desktop

workspace:desktops:getLastDeleteTime

GET /v2/{project_id}/desktops/last-desktop-delete-time

Query the time of deleting the last computer of a tenant

x

workspace:desktops:resize

POST /v2/{project_id}/desktops/resize

Change specifications

workspace:desktops:rebuild

POST /v2/{project_id}/desktops/rebuild

Rebuild a desktop

workspace:desktops:getActions

GET /v2/{project_id}/desktops/{desktop_id}/actions

Query desktop power-on/off information

workspace:desktops:getMonitor

GET /v2/{project_id}/desktop-monitor/{desktop_id}

Query desktop monitoring information

workspace:desktops:createConsole

GET /v2/{project_id}/desktops/{desktop_id}/remote-consoles

Obtain the URL for remote login to the console

workspace:desktops:updateSids

PUT /v2/{project_id}/desktops/sids

Update a desktop SID

workspace:desktops:rejoinDomain

POST /v2/{project_id}/desktops/{desktop_id}/rejoin-domain

Rejoin the AD domain

workspace:desktops:createImage

POST /v2/{project_id}/desktops/desktop-to-image

Convert a desktop to an image

x

workspace:desktops:export

GET /v2/{project_id}/desktops/export

Export a desktop list

workspace:desktops:detach

POST /v2/{project_id}/desktops/detach

Unbind a user

workspace:desktops:attach

POST /v2/{project_id}/desktops/attach

Assign desktops to a user

workspace:desktops:getSysprepVersion

GET /v2/{project_id}/desktops/{desktop_id}/sysprep

Query Sysprep version information

x

workspace:desktops:getConnectStatus

GET /v2/{project_id}/connections/status

Query desktop login status statistics

x

workspace:agencies:create

POST /v2/{project_id}/agencies

Create an agency

x

workspace:agencies:get

GET /v2/{project_id}/agencies

Query an agency

x

workspace:desktops:verifyDesktopName

POST /v2/{project_id}/verification/desktop-name

Verify the desktop name

x

workspace:desktops:getAdStatus

GET /v2/{project_id}/ad/status

Query the AD network status

x

workspace:desktopPools:create

POST /v2/{project_id}/desktop-pools

Create a desktop pool

workspace:desktopPools:update

PUT /v2/{project_id}/desktop-pools/{pool_id}

Modify desktop pool attributes

workspace:desktopPools:delete

DELETE /v2/{project_id}/desktop-pools/{pool_id}

Delete a desktop pool

workspace:desktopPools:get

GET /v2/{project_id}/desktop-pools/{pool_id}

Query desktop pool details

workspace:desktopPools:list

GET /v2/{project_id}/desktop-pools

List desktop pools

workspace:desktopPools:expand

POST /v2/{project_id}/desktop-pools/{pool_id}/expand

Expand the disk capacity of a desktop pool

workspace:desktopPools:resize

POST /v2/{project_id}/desktop-pools/{pool_id}/resize

Modify desktop pool specifications

workspace:desktopPools:rebuild

POST /v2/{project_id}/desktop-pools/{pool_id}/rebuild

Recompose system disks in a desktop pool

workspace:desktopPools:batchAddVolumes

POST /v2/{project_id}/desktop-pools/{pool_id}/volumes/batch-add

Batch add disks to a desktop pool

workspace:desktopPools:batchDeleteVolumes

POST /v2/{project_id}/desktop-pools/{pool_id}/volumes/batch-delete

Batch delete disks from a desktop pool

workspace:desktopPools:batchExpandVolumes

POST /v2/{project_id}/desktop-pools/{pool_id}/volumes/batch-expand

Batch expand the disk capacity of a desktop pool

workspace:desktopPools:operate

POST /v2/{project_id}/desktop-pools/{pool_id}/action

Perform operations on a desktop pool

workspace:desktopPools:authorizeUsers

POST /v2/{project_id}/desktop-pools/{pool_id}/users

Authorize users and user groups to use a desktop pool

workspace:desktopPools:listUsers

GET /v2/{project_id}/desktop-pools/{pool_id}/users

Query authorized users and user groups of a desktop pool

workspace:desktops:tag

POST /v2/{project_id}/desktops/{desktop_id}/tags

Create a desktop label

x

workspace:desktops:listTags

GET /v2/{project_id}/desktops/{desktop_id}/tags

Query desktop labels

x

workspace:desktops:untag

DELETE /v2/{project_id}/desktops/{desktop_id}/tags/{key}

Delete a desktop label

x

workspace:desktops:listProjectTags

GET /v2/{project_id}/desktops/tags

Query project labels

x

workspace:desktops:operateTags

POST /v2/{project_id}/desktops/{desktop_id}/tags/action

Batch add or delete labels

x

workspace:desktops:listByTags

POST /v2/{project_id}/desktops/resource_instances/action

Filter desktops by label

x

workspace:jobs:list

POST /v2/{project_id}/workspace-jobs

List jobs

x

workspace:jobs:get

GET /v2/{project_id}/workspace-jobs/{job_id}

Query job details

x

workspace:jobs:listSubJobs

GET /v2/{project_id}/workspace-sub-jobs

List subjobs

x

workspace:jobs:retry

POST /v2/{project_id}/workspace-jobs/{job_id}/actions

Retry a job

x

workspace:jobs:deleteSubJobRecords

POST /v2/{project_id}/workspace-sub-jobs/batch-delete

Delete subjob records

x

workspace:networks:createNat

POST /v2/{project_id}/internet

Enable network access of the NAT Gateway

workspace:networks:listNats

GET /v2/{project_id}/internet

Query network access of the NAT Gateway

workspace:networks:createEips

POST /v2/{project_id}/eips

Create an EIP

workspace:networks:listEips

GET /v2/{project_id}/eips

List EIPs

workspace:networks:bindEips

POST /v2/{project_id}/eips/binding

Bind an EIP

workspace:networks:unbindEips

POST /v2/{project_id}/eips/unbinding

Unbind an EIP

workspace:networks:getEipQuota

GET /v2/{project_id}/eips/quotas

Query the EIP quota

workspace:networks:listVpcs

GET /v2/{project_id}/vpcs

Query VPCs

workspace:networks:listSubnets

GET /v2/{project_id}/subnets

Query subnets

workspace:networks:listSecurityGroups

GET /v2/{project_id}/security-groups

List security groups

workspace:networks:getAvailableIp

GET /v2/{project_id}/subnets/{subnet_id}/available-ip

Query available IP addresses of a subnet by subnet ID

workspace:orders:create

POST /v2/{project_id}/periodic/subscribe/order

Subscribe to a yearly/monthly order

workspace:orders:change

POST /v2/{project_id}/periodic/{desktop_id}/change/order

Create a request for changing the subscription

workspace:renderDesktops:create

POST /v2/{project_id}/render-desktops

Create a rendering desktop

workspace:renderDesktops:delete

DELETE /v2/{project_id}/render-desktops

Delete a rendering desktop

workspace:renderDesktops:list

GET /v2/{project_id}/render-desktops

List rendering desktops

workspace:renderDesktops:action

POST /v2/{project_id}/render-desktops/action

Perform operations on a rendering desktop

workspace:renderDesktops:createConsole

GET /v2/{project_id}/render-desktops/{desktop_id}/remote-consoles

Obtain the URL for remote login to the console

workspace:renderDesktops:resize

PUT /v2/{project_id}/render-desktops/resize

Change rendering desktop specifications

workspace:scheduledTasks:create

POST /v2/{project_id}/scheduled-tasks

Create a scheduled task

x

workspace:scheduledTasks:list

GET /v2/{project_id}/scheduled-tasks

List scheduled tasks

x

workspace:scheduledTasks:update

PUT /v2/{project_id}/scheduled-tasks/{task_id}

Update a scheduled task

x

workspace:scheduledTasks:delete

DELETE /v2/{project_id}/scheduled-tasks/{task_id}

Delete a scheduled task

x

workspace:scheduledTasks:get

GET /v2/{project_id}/scheduled-tasks/{task_id}

Query scheduled task details

x

workspace:scheduledTasks:getFuture

POST /v2/{project_id}/scheduled-tasks/future-executions

Query the future execution time of a scheduled task

x

workspace:scheduledTasks:batchDelete

POST /v2/{project_id}/scheduled-tasks/batch-delete

Batch delete scheduled tasks

x

workspace:scheduledTasks:listRecords

GET /v2/{project_id}/scheduled-tasks/{task_id}/records

Query the execution records of a scheduled task

x

workspace:scheduledTasks:getRecord

GET /v2/{project_id}/scheduled-tasks/{task_id}/records/{record_id}

Query details about the execution records of a scheduled task

x

workspace:scheduledTasks:exportRecords

POST /v2/{project_id}/scheduled-tasks/{task_id}/records/export

Export details about the execution records of a scheduled task

x

workspace:statistics:getRunState

GET /v2/{project_id}/desktops/statistics/run-state

Collect operating status statistics

x

workspace:statistics:getLoginState

GET /v2/{project_id}/desktops/statistics/login-state

Collect login status statistics

x

workspace:statistics:getUnused

GET /v2/{project_id}/desktops/statistics/unused

Query desktops not used in a specified period

x

workspace:statistics:getUsed

POST /v2/{project_id}/desktops/statistics/used

Query the duration of using a desktop

x

workspace:bindingPolicies:getConfig

GET /v2/{project_id}/terminals/binding-desktops/config

Query the configuration of terminal-desktop binding

x

workspace:bindingPolicies:createConfig

POST /v2/{project_id}/terminals/binding-desktops/config

Configure terminal-desktop binding

x

workspace:bindingPolicies:get

GET /v2/{project_id}/terminals/binding-desktops

List the configurations of terminal-desktop binding

x

workspace:bindingPolicies:add

POST /v2/{project_id}/terminals/binding-desktops

Add terminal-desktop binding

x

workspace:bindingPolicies:update

PUT /v2/{project_id}/terminals/binding-desktops

Modify terminal-desktop binding

x

workspace:bindingPolicies:delete

POST /v2/{project_id}/terminals/binding-desktops/batch-delete

Delete terminal-desktop binding

x

workspace:bindingPolicies:getTemplate

GET /v2/{project_id}/terminals/binding-desktops/template

Download the template for terminal-desktop binding

x

workspace:bindingPolicies:import

POST /v2/{project_id}/terminals/binding-desktops/template/import

Batch import terminal-desktop binding

x

workspace:bindingPolicies:export

GET /v2/{project_id}/terminals/binding-desktops/template/export

Export information about terminal-desktop binding to an Excel file

x

workspace:volumes:add

POST /v2/{project_id}/desktops/{desktop_id}/volumes

Add a desktop disk

workspace:volumes:delete

POST /v2/{project_id}/desktops/{desktop_id}/volumes/batch-delete

Delete a data disk

workspace:volumes:batchAdd

POST /v2/{project_id}/desktops/volumes

Add disks to multiple desktops

workspace:volumes:batchAdd

POST /v2/{project_id}/volumes

Add a desktop disk

workspace:volumes:expand

POST /v2/{project_id}/desktops/{desktop_id}/volumes/{volume_id}/expand

Expand disk capacity

workspace:volumes:batchExpand

POST /v2/{project_id}/volumes/expand

Expand the disk capacity of a desktop

workspace:volumes:listDssPoolsDetail

GET /v2/{project_id}/dss-pools/detail

List details of dedicated distributed storage pools

workspace:wdh:listDesktops

GET /v2/{project_id}/hosts/{host_id}/servers

Query desktops of a workspace host

workspace:wdh:getType

GET /v2/{project_id}/hosts/types

Query workspace host types

workspace:wdh:create

POST /v2/{project_id}/hosts

Buy a workspace host

workspace:wdh:get

GET /v2/{project_id}/hosts

List workspace hosts

workspace:wdh:update

PUT /v2/{project_id}/hosts

Update a workspace host

workspace:tenants:get

GET /v2/{project_id}/workspaces

Query details about the workspace service

x

workspace:tenants:open

POST /v2/{project_id}/workspaces

Subscribe to the workspace service

x

workspace:tenants:update

PUT /v2/{project_id}/workspaces

Modify the attributes of the workspace service

x

workspace:tenants:delete

DELETE /v2/{project_id}/workspaces

Deregister the workspace service

x

workspace:tenants:checkEnterpriseIds

POST /v2/{project_id}/workspaces/enterprise-ids/check

Check whether the enterprise ID has been used

x

workspace:tenants:updateEnterpriseId

PUT /v2/{project_id}/workspaces/enterprise-id

Modify an enterprise ID

x

workspace:tenants:getRealms

GET /v2/{project_id}/workspaces/realms

Query tenant domain information

x

workspace:tenants:getLockStatus

GET /v2/{project_id}/workspaces/lock-status

Check whether the workspace service has been locked

x

workspace:tenants:unlock

PUT /v2/{project_id}/workspaces/lock-status

Unlock the workspace service

x

workspace:tenants:getRoles

GET /v2/{project_id}/tenants/roles

Query tenant roles

x

workspace:natMappings:getConfig

GET /v2/{project_id}/nat-mapping-configs

Query NAT mapping configuration items of a tenant

x

workspace:natMappings:updateConfig

PUT /v2/{project_id}/nat-mapping-configs

Modify NAT mapping configuration items of a tenant

x

workspace:sites:get

GET /v2/{project_id}/sites

Query site information

x

workspace:sites:add

POST /v2/{project_id}/sites

Add a site

x

workspace:sites:delete

DELETE /v2/{project_id}/sites/{site_id}

Delete a site

x

workspace:sites:updateAccessMode

PUT /v2/{project_id}/sites/{site_id}/access-mode

Modify the site access mode

x

workspace:sites:updateSubnets

PUT /v2/{project_id}/sites/{site_id}/subnet-ids

Modify a site service subnet

x

workspace:privacystatements:sign

POST /v2/{project_id}/privacystatement

Sign the privacy statement

x

workspace:quotas:get

GET /v2/{project_id}/quotas

Query tenant quota

x

workspace:authConfigs:get

GET /v2/{project_id}/auth-config/method-config

Query the configuration of the authentication login mode

x

workspace:authConfigs:update

PUT /v2/{project_id}/auth-config/method-config

Update the authentication policy configuration

x

workspace:assistAuthConfigs:get

GET /v2/{project_id}/assist-auth-config/method-config

Query the configuration of auxiliary authentication

x

workspace:assistAuthConfigs:update

PUT /v2/{project_id}/assist-auth-config/method-config

Update the configuration of auxiliary authentication

x

workspace:accessPolicies:create

POST /v2/{project_id}/access-policy

Create an access policy

x

workspace:accessPolicies:delete

DELETE /v2/{project_id}/access-policy

Delete a specified access policy

x

workspace:accessPolicies:get

GET /v2/{project_id}/access-policy

Query access policies

x

workspace:accessPolicies:getTarget

GET /v2/{project_id}/access-policy/{access_policy_id}/objects

Query the target object of a specified access policy

x

workspace:accessPolicies:updateTarget

PUT /v2/{project_id}/access-policy/{access_policy_id}/objects

Update the target object of a specified access policy

x

workspace:availabilityZones:list

GET /v2/{project_id}/availability-zones

Query supported AZs

x

workspace:availabilityZones:getSummary

GET /v2/{project_id}/availability-zones/summary

Query the summary of AZs

x

workspace:availabilityZones:get

GET /v2/{project_id}/availability-zones/detail

Query AZ details

x

workspace:connections:securityList

GET /v2/{project_id}/connections/desktops

Query connection information

x

workspace:connections:securityExport

GET /v2/{project_id}/connections/desktops/export

Export connection records

x

workspace:connections:securityList

GET /v2/{project_id}/desktops/connections

Query connection information

x

workspace:connections:securityExport

GET /v2/{project_id}/desktops/connections/export

Export connection records

x

workspace:policyGroups:create

POST /v2/{project_id}/policy-groups

Add a policy group

x

workspace:policyGroups:delete

DELETE /v2/{project_id}/policy-groups/{policy_group_id}

Delete a policy group

x

workspace:policyGroups:update

PUT /v2/{project_id}/policy-groups/{policy_group_id}

Modify a policy group

x

workspace:policyGroups:list

GET /v2/{project_id}/policy-groups

List policy groups

x

workspace:policyGroups:get

GET /v2/{project_id}/policy-groups/{policy_group_id}

Query policy groups

x

workspace:policyGroups:export

POST /v2/{project_id}/policy-groups/export

Export a policy group

x

workspace:policyGroups:import

POST /v2/{project_id}/policy-groups/import

Import a policy group

x

workspace:policyGroups:listPolicies

GET /v2/{project_id}/policy-groups/{policy_group_id}/policies

Query policy items in a policy group

x

workspace:policyGroups:updatePolicies

PUT /v2/{project_id}/policy-groups/{policy_group_id}/policies

Modify policy items in a policy group

x

workspace:policyGroups:listTargets

GET /v2/{project_id}/policy-groups/{policy_group_id}/targets

Query the target object of a policy group

x

workspace:policyGroups:updateTargets

PUT /v2/{project_id}/policy-groups/{policy_group_id}/targets

Modify the target object of a policy group

x

workspace:policyGroups:listDetail

GET /v2/{project_id}/policy-groups/detail

List policy group details

x

workspace:policyGroups:getQuotas

GET /v2/{project_id}/policy-groups/quotas

Query the maximum number of policy groups

x

workspace:policyGroups:getMaxPriority

GET /v2/{project_id}/policy-groups/max-priority

Query the maximum priority of a policy group

x

workspace:policyGroups:getOriginalPolicies

GET /v2/{project_id}/policy-groups/original-policies

Query initial policy items

x

workspace:policyGroups:createTemplate

POST /v2/{project_id}/policy-groups/policy-template

Create a policy template

x

workspace:policyGroups:updateTemplate

PUT /v2/{project_id}/policy-groups/policy-template/{policy_group_id}

Update a policy template

x

workspace:userGroups:create

POST /v2/{project_id}/groups

Create a user group

x

workspace:userGroups:list

GET /v2/{project_id}/groups

Query user groups

x

workspace:userGroups:update

PUT /v2/{project_id}/groups/{group_id}

Modify a user group

x

workspace:userGroups:delete

DELETE /v2/{project_id}/groups/{group_id}

Delete a desktop user group

x

workspace:userGroups:batchDelete

POST /v2/{project_id}/groups/batch-delete

Batch delete user groups

x

workspace:userGroups:operate

POST /v2/{project_id}/groups/{group_id}/actions

Perform operations on a user group

x

workspace:userGroups:getUsers

GET /v2/{project_id}/groups/{group_id}/users

Query users in a user group

x

workspace:ou:create

POST /v2/{project_id}/ous

Add OU information

x

workspace:ou:delete

DELETE /v2/{project_id}/ous/{ou_id}

Delete OU information

x

workspace:ou:update

PUT /v2/{project_id}/ous/{ou_id}

Update OU information

x

workspace:ou:get

GET /v2/{project_id}/ous

Query OU information

x

workspace:users:create

POST /v2/{project_id}/users

Create a user

x

workspace:users:delete

DELETE /v2/{project_id}/users/{user_id}

Delete a specified user

x

workspace:users:update

PUT /v2/{project_id}/users/{user_id}

Modify user information

x

workspace:users:list

GET /v2/{project_id}/users

Query users

x

workspace:users:get

GET /v2/{project_id}/users/{user_id}

Query user details

x

workspace:users:operate

POST /v2/{project_id}/users/{user_id}/actions

Indicate operations (locking, unlocking, and resetting passwords)

x

workspace:users:resetPassword

POST /v2/{project_id}/users/password

Reset a user password

x

workspace:users:resendEmail

POST /v2/{project_id}/users/{user_id}/resend-email

Resend an email

x

workspace:users:batchDelete

POST /v2/{project_id}/users/batch-delete

Batch delete users

x

workspace:users:uploadTemplate

POST /v2/{project_id}/users/template-upload

Upload a user template file

x

workspace:users:getTemplate

GET /v2/{project_id}/users/desktop-users/template

Download a user template file

x

workspace:users:importUser

POST /v2/{project_id}/users/desktop-users/action/import

Import users

x

workspace:users:checkExist

POST /v2/{project_id}/users/exist

Check whether the user exists

x

workspace:users:listOtps

GET /v2/{project_id}/users/{user_id}/otp-devices

Query OTP devices

x

workspace:users:deleteOtps

DELETE /v2/{project_id}/users/{user_id}/otp-devices

Unbind an OTP device

x

workspace:users:getImportTemplate

GET /v2/{project_id}/users/template/download

Download a user template

x

workspace:users:import

POST /v2/{project_id}/users/import

Import a user

x

workspace:users:export

POST /v2/{project_id}/users/export

Export a user

x

workspace:users:batchCreate

POST /v2/{project_id}/users/batch-create

Batch create users

x

workspace:users:randomPassword

GET /v2/{project_id}/users/{user_id}/random-password

Reset a random password for a user

x

workspace:images:list

GET /v2/{project_id}/images

List product images