Help Center/ Workspace/ API Reference/ Workspace APIs/ Policy Group/ Creating an Access Policy
Updated on 2025-07-14 GMT+08:00
View PDF
Share

Creating an Access Policy

Function

Creates an access policy.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

URI

POST /v2/{project_id}/access-policy

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

No

String

User token.

It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.

Content-Type

Yes

String

MIME type of the request body, for example, application/json.
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

policy

Yes

AccessPolicyInfo object

Access policy information.

policy_objects_list

No

Array of AccessPolicyObjectInfo objects

Objects to which the policy is applied.
Table 4 AccessPolicyInfo

Parameter

Mandatory

Type

Description

policy_name

No

String

Policy name.

blacklist_type

No

String

Blacklist type. Currently, the blacklist supports only the Internet.

  • INTERNET: Internet

access_control_type

No

String

Access control type, which defaults to ACCESS_TYPE.

  • ACCESS_TYPE: access type

  • IP_WHITE_LIST: IP address whitelist

ip_list

No

Array of IpInfo objects

IP addresses of a policy.

is_enable

No

Boolean

Whether the IP address whitelist takes effect. This value can be updated only separately. This value has the highest priority. If this value is transferred, only the policy's activation status will be changed.

is_block_all

No

Boolean

Whether the IP address whitelist prohibits access from all IP addresses. If is_enable is set to false, this value cannot be changed. This value can be updated only separately.
Table 5 IpInfo

Parameter

Mandatory

Type

Description

ip_address

Yes

String

IP address.

subnet_mask

Yes

String

Subnet mask.
Table 6 AccessPolicyObjectInfo

Parameter

Mandatory

Type

Description

object_id

Yes

String

ID of an object in the blacklist.

object_type

Yes

String

Object type

  • USER: user

  • USERGROUP: user group

object_name

No

String

Object name This parameter will not be verified later.

Response Parameters

Status code: 200

Normal.

Status code: 400

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 401

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 403

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 404

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 405

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 500

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 503

Table 13 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

encoded_authorization_message

String

Encrypted detailed reason for rejection. You can call the API decode-authorization-message of STS to decrypt the reason.

Example Requests

post /v2/{project_id}/access-policy

{
  "policy" : {
    "policy_name" : "PRIVATE_ACCESS",
    "blacklist_type" : "INTERNET"
  }
}

Example Responses

None

Status Codes

Status Code

Description

200

Normal.

400

The request cannot be understood by the server due to malformed syntax.

401

Authentication failed.

403

No operation permission.

404

No resources found.

405

The request method is not allowed.

500

An internal service error occurred. For details about the error code, see the error code description.

503

Service unavailable.

Error Codes

See Error Codes.

Parent topic: Policy Group