Updated on 2025-08-20 GMT+08:00

Configuring Authorization

Function

This API is used to configure ModelArts authorization.

This API applies to the following scenario: When IAM users need to be granted the permission to access ModelArts, the administrator can use this API to configure authorization. Before using this API, the administrator must have the Security Administrator permission configured in IAM, and access keys must be configured for the IAM users. After the authorization is configured, IAM users are granted the permission to access ModelArts resources so that they can use functions such as training management, development environment, data management, and real-time services. If the administrator does not have the required permission or an IAM user does not exist, the API will return an error message.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

URI

POST /v2/{project_id}/authorizations

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition: Project ID. For details, see Obtaining a Project ID and Name.

Constraints: N/A

Range: N/A

Default Value: N/A

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

user_id

No

String

Definition: user ID. For details, see Obtaining a Username and ID. If user_id is set to all, all IAM users are authorized. If some IAM users have been authorized, the authorization setting will be updated. This parameter is mandatory only if the authorization method is set to Agency.

Constraints: N/A

Range: The value must contain 3 to 32 characters. Letters, digits, and hyphens (-) are allowed.

Default Value: N/A

type

No

String

Definition: Authorization type. Agency is recommended.

Constraints: N/A

Range:

  • AGENCY: agency

  • CREDENTIAL: access keys (AK/SK)

Default Value: N/A

content

Yes

String

Definition: Authorization content.

Constraints:

  • When the authorization type is agency, this field is the agency name.

  • When the authorization type is access key, this field is the access key ID (AK).

Range: 0 to 64

Default Value: N/A

secret_key

No

String

Definition: Secret access key (SK).

Constraints: This field is required only when the authorization type is access key.

Range: The value must contain 40 characters. Letters and digits are allowed.

Default Value: N/A

user_name

No

String

Definition: Username.

Constraints: If user_id is set to all-users, all users will be displayed.

Range: N/A

Default Value: N/A

user_type

No

String

Definition: User type.

Constraints: N/A

Range:

  • IAM: IAM user. The user_id field is mandatory.

  • FEDERATE: federated user. The user_name field is mandatory, and the user_id field is not needed.

  • GRANT: agency. The user_id field is mandatory, and its value is the agency ID.

  • ALL-USERS: all users. The user_id field is mandatory, and its value is all.

Default Value: IAM.

Response Parameters

Status code: 200

OK

None

Example Requests

The following is an example of how to upload authorization whose authorization type is agency and authorization content is modelarts_agency.

POST https://{endpoint}/v2/{project_id}/authorizations

{
  "user_id" : "****d80fb058844ae8b82aa66d9fe****",
  "type" : "agency",
  "content" : "modelarts_agency"
}

Example Responses

Status code: 200

OK

{
  "result" : "true"
}

Status Codes

Status Code

Description

200

OK

400

Bad request

401

Unauthorized

403

Forbidden

404

Not found

Error Codes

See Error Codes.