Modifying a Custom Policy for Cloud Services
Function
This API is provided for the administrator to modify a custom policy for cloud services.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
Debugging
You can debug this API in API Explorer.
URI
PATCH /v3.0/OS-ROLE/roles/{role_id}
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
role_id |
Yes |
String |
Custom policy ID. For details about how to obtain a custom policy ID, see Custom Policy ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Yes |
Object |
Custom policy information. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
display_name |
Yes |
String |
Display name of the custom policy. |
type |
Yes |
String |
Display mode.
NOTE:
|
description |
Yes |
String |
Description of the custom policy. |
description_cn |
No |
String |
Description of the custom policy in Chinese. |
Yes |
Object |
Content of the custom policy. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Version |
Yes |
String |
Policy version. When creating a custom policy, set this parameter to 1.1.
NOTE:
|
Yes |
Array of objects |
Statement of the policy. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Action |
Yes |
Array of strings |
Specific operation permissions on a resource. For details about supported actions, see "Permissions and Supported Actions" in the API Reference of cloud services.
NOTE:
|
Effect |
Yes |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
Condition |
No |
Map<String,Map<String,Array<String>>> |
Conditions for the permission to take effect. For details, see Creating a Custom Policy.
NOTE:
Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals). "Condition": { "StringEquals": { "obs:prefix": [ "public" ] } } |
Resource |
No |
Array of strings |
Cloud resource.
NOTE:
|
Response Parameters
Parameter |
Type |
Description |
---|---|---|
Object |
Custom policy information. |
Parameter |
Type |
Description |
---|---|---|
catalog |
String |
Service catalog. |
display_name |
String |
Display name of the custom policy. |
description |
String |
Description of the custom policy. |
Object |
Resource link of the custom policy. |
|
Object |
Content of the custom policy. |
|
description_cn |
String |
Description of a custom policy in Chinese. This parameter is returned in the response only when description_cn is specified in the request. |
domain_id |
String |
Account ID. |
type |
String |
Display mode.
NOTE:
|
id |
String |
Custom policy ID. |
name |
String |
Name of the custom policy. |
updated_time |
String |
Time when the custom policy was last updated.
NOTE:
The value is a Unix timestamp in millisecond, for example, 1687913793000. |
created_time |
String |
Time when the custom policy was created.
NOTE:
The value is a Unix timestamp in millisecond, for example, 1687913793000. |
Parameter |
Type |
Description |
---|---|---|
Version |
String |
Policy version.
NOTE:
|
Array of objects |
Statement of the policy. |
Parameter |
Type |
Description |
---|---|---|
Action |
Array of strings |
Specific operation permissions on a resource. |
Effect |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
Condition |
Map<String,Map<String,Array<String>>> |
Conditions for the permission to take effect. If this parameter is not specified in the request, it will not be returned in the response. |
Resource |
Array of strings |
Cloud resource. If this parameter is not specified in the request, it will not be returned in the response.
NOTE:
|
Example Request
Request to modify the custom policy IAMCloudServicePolicy to allow only projects whose names start with ap-southeast-1 to obtain ACL information about all buckets.
PATCH https://iam.myhuaweicloud.com/v3.0/OS-ROLE/roles/{role_id}
{
"role": {
"display_name": "IAMCloudServicePolicy",
"type": "AX",
"description": "IAMDescription",
"description_cn": "Description in Chinese",
"policy": {
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"obs:bucket:GetBucketAcl"
],
"Condition": {
"StringStartWith": {
"g:ProjectName": [
"ap-southeast-1"
]
}
},
"Resource": [
"obs:*:*:bucket:*"
]
}
]
}
}
}
Example Response
Status code: 200
The request is successful.
{ "role": { "catalog": "CUSTOMED", "display_name": "IAMCloudServicePolicy", "description": "IAMDescription", "links": { "self": "https://iam.myhuaweicloud.com/v3/roles/93879fd90f1046f69e6e0b31c94d2615" }, "policy": { "Version": "1.1", "Statement": [ { "Action": [ "obs:bucket:GetBucketAcl" ], "Resource": [ "obs:*:*:bucket:*" ], "Effect": "Allow", "Condition": { "StringStartWith": { "g:ProjectName": [ "ap-southeast-1" ] } } } ] }, "description_cn": "Description in Chinese", "domain_id": "d78cbac186b744899480f25bd0...", "type": "AX", "id": "93879fd90f1046f69e6e0b31c94d2615", "name": "custom_d78cbac186b744899480f25bd022f468_1" } }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
400 |
Invalid parameters. |
401 |
Authentication failed. |
403 |
Access denied. |
500 |
Internal server error. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot