Updated on 2025-07-03 GMT+08:00

Modifying the ACL for Console Access

Function

This API is used by the administrator to modify the ACL for console access. The change will be applied to all IAM users and federated users (SP initiated) of the account.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Debugging

You can debug this API in API Explorer.

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy

Table 1 URI parameters

Parameter

Mandatory

Type

Description

domain_id

Yes

String

Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.

Table 3 Parameter in the request body

Parameter

Mandatory

Type

Description

console_acl_policy

Yes

object

ACL for console access.

Table 4 console_acl_policy

Parameter

Mandatory

Type

Description

allow_address_netmasks

No

Array of objects

IPv4 address or CIDR block from which access is allowed. Specify either allow_address_netmasks or allow_ip_ranges.

allow_ip_ranges

No

Array of objects

IPv4 address range from which access is allowed. Specify either allow_address_netmasks or allow_ip_ranges.

allow_address_netmasks_ipv6

No

Array of objects

IPv6 address or CIDR block from which access is allowed. Specify either allow_address_netmasks_ipv6 and allow_ip_ranges_ipv6.

allow_ip_ranges_ipv6

No

Array of objects

IPv6 address range from which API access is allowed. Specify either allow_address_netmasks_ipv6 or allow_ip_ranges_ipv6.

Table 5 allow_address_netmasks

Parameter

Mandatory

Type

Description

address_netmask

Yes

String

IPv4 address or CIDR block, for example, 192.168.0.1/24.

description

No

String

Description of an IP address or CIDR block.

Table 6 allow_ip_ranges

Parameter

Mandatory

Type

Description

description

No

String

Description of an IP address range.

ip_range

Yes

String

IPv4 address range, for example, 0.0.0.0-255.255.255.255.

Table 7 allow_address_netmasks_ipv6

Parameter

Mandatory

Type

Description

address_netmask

Yes

String

IPv6 address or CIDR block, for example, 0000:0000:0000:0000:0000:0000:0000:0000/100.

description

No

String

Description of an IP address or CIDR block.

Table 8 allow_ip_ranges_ipv6

Parameter

Mandatory

Type

Description

description

No

String

Description

ip_range

Yes

String

IPv6 address range, for example, 0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.

Response Parameters

Table 9 Parameters in the response body

Parameter

Type

Description

console_acl_policy

object

ACL for console access.

Table 10 console_acl_policy

Parameter

Type

Description

allow_address_netmasks

Array of objects

IPv4 address or CIDR block from which access is allowed. This parameter is only returned when an IPv4 address range or CIDR block from which access is allowed is specified.

allow_ip_ranges

Array of objects

IPv4 address range from which access is allowed. This parameter is only returned when an IPv4 address range from which access is allowed is specified.

allow_address_netmasks_ipv6

Array of objects

IPv6 address or CIDR block from which access is allowed. This parameter is only returned when an IPv6 address range or CIDR block from which access is allowed is specified.

allow_ip_ranges_ipv6

Array of objects

IPv6 address range from which access is allowed. This parameter is only returned when an IPv6 address range from which access is allowed is specified.

Table 11 allow_address_netmasks

Parameter

Type

Description

address_netmask

String

IPv4 address or CIDR block, for example, 192.168.0.1/24.

description

String

Description of an IPv4 address or CIDR block.

Table 12 allow_ip_ranges

Parameter

Type

Description

description

String

Description of an IPv4 address range.

ip_range

String

IPv4 address range, for example, 0.0.0.0-255.255.255.255.

Table 13 allow_address_netmasks_ipv6

Parameter

Type

Description

address_netmask

String

IPv6 address or CIDR block, for example, 0000:0000:0000:0000:0000:0000:0000:0000/100.

description

String

Description of an IP address or CIDR block.

Table 14 allow_ip_ranges_ipv6

Parameter

Type

Description

description

String

Description

ip_range

String

IPv6 address range, for example, 0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.

Example Request

PUT https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy 
{
	"console_acl_policy": {
		"allow_ip_ranges": [{
			"ip_range": "0.0.0.0-255.255.255.255",
			"description": "IPv4 address range"
               }],
		"allow_ip_ranges_ipv6": [{
			"ip_range": "0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
"description": "IPv6 address range"
		}],
		"allow_address_netmasks": [{
			"address_netmask": "192.168.0.1/24",
"description": "IPv4 address or CIDR block"
		}],
		"allow_address_netmasks_ipv6": [{
			"address_netmask": "0000:0000:0000:0000:0000:0000:0000:0000/100",
"description": "IPv6 address or CIDR block"
		}]
	}
}

Example Response

Status code: 200

The request is successful.

	"console_acl_policy": {
		"allow_ip_ranges": [{
			"ip_range": "0.0.0.0-255.255.255.255",
"description": "IPv4 address range"
		}],
		"allow_ip_ranges_ipv6": [{
			"ip_range": "0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
"description": "IPv6 address range"
		}],
		"allow_address_netmasks": [{
			"address_netmask": "192.168.0.1/24",
"description": "IPv4 address or CIDR block"
		}],
		"allow_address_netmasks_ipv6": [{
			"address_netmask": "0000:0000:0000:0000:0000:0000:0000:0000/100",
"description": "IPv6 address or CIDR block"
		}]
	}

Status code: 400

The request body is abnormal.

  • Example 1
{ 
   "error_msg" : "'%(key)s' is a required property.", 
   "error_code" : "IAM.0072" 
 }
  • Example 2
{ 
   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
   "error_code" : "IAM.0073" 
 }

Status code: 500

The system is abnormal.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code

Description

200

The request is successful.

400

The request body is abnormal.

401

Authentication failed.

403

Access denied.

500

The system is abnormal.

Error Codes

For details, see Error Codes.