Querying a Policy
Function
Querying APIs by filter criterion.
URI
GET /v1/{project_id}/instances/{instance_id}/policies/show
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. For how to obtain the project ID, see Obtaining a Project ID (lakeformation_04_0026.xml). |
|
instance_id |
Yes |
String |
LakeFormation instance ID. The value is automatically generated when the instance is created, for example, 2180518f-42b8-4947-b20b-adfc53981a25. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
filter |
No |
String |
Permission policy filter expression, which is not supported currently. |
|
resource_name |
No |
String |
Full name of a metadata resource. The value can contain 1 to 1,000 characters. |
|
resource_type |
No |
String |
Metadata resource type. The options are CATALOG, DATABASE, TABLE, FUNC, MODEL, COLUMN, and URI. Enumeration values:
|
|
principal_source |
No |
String |
Source of the authorization entity. The values are IAM (cloud user), SAML (SAML-based federation), LDAP (ID user), and LOCAL (local user). Enumeration values:
|
|
principal_type |
No |
String |
Authorization entity type. The options are USER (user), GROUP (group), ROLE (role), SHARE (shared), and OTHER (others). Enumeration values:
|
|
principal_name |
No |
String |
Name of the authorization entity. The value can contain 1 to 1,000 characters. |
|
limit |
No |
Integer |
Number of returned records. The default value is 1000. The value ranges from 1 to 2147483647. |
|
marker |
No |
String |
ID of the record where the query starts. The value consists of 0 to 256 characters. |
|
reverse_page |
No |
Boolean |
Whether to query the previous page. The default value is false. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
Array of strings |
Tenant token. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
Request ID, which is used to locate auxiliary information. |
|
Parameter |
Type |
Description |
|---|---|---|
|
policies |
Array of LakeFormationPolicy objects |
LakeCat policies. |
|
page_info |
PagedInfo object |
Pagination information. |
|
Parameter |
Type |
Description |
|---|---|---|
|
project_id |
String |
Project ID. |
|
instance_id |
String |
Instance ID. |
|
principal_type |
String |
Entity type. The options are USER (user), GROUP (group), ROLE (role), SHARE (shared), and OTHER (others). Enumeration values:
|
|
principal_source |
String |
Entity source. The options are IAM (cloud user), SAML (SAML-based federation), LDAP (permission policy), LOCAL (local user), AGENT (agency), AGENTTENANT (agency), and OTHER (others). Enumeration values:
|
|
principal_name |
String |
Entity name. |
|
resource |
ResourceInfo object |
Resource information. |
|
resource_name |
String |
Require to perform splitting in dotted format. |
|
permissions |
Array of strings |
Permissions: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values:
|
|
grant_able_permissions |
Array of strings |
Permissions that can be transferred: ALL, CREATE, ALTER, DROP, DESCRIBE, EXEC, CREATE_DATABASE, LIST_DATABASE, CREATE_TABLE, LIST_TABLE, CREATE_FUNC, LIST_FUNC, REGISTER_MODEL, LIST_MODEL, INSERT, UPDATE, DELETE, SELECT, READ, WRITE, OPERATE, INTROSPECTION, SOURCES, DICT GET, TRUNCATE, OPTIMIZE, CREATE TEMPORARY TABLE, CREATE DICTIONARY, CREATE VIEW, SHOW DATABASES, SHOW TABLES, SHOW DICTIONARIES, SHOW COLUMNS, DROP DATABASE, DROP VIEW, DROP DICTIONARY, DROP TABLE, ALTER TABLE, ALTER UPDATE, ALTER DELETE, ALTER COLUMN, ALTER ADD COLUMN, ALTER DROP COLUMN, ALTER MODIFY COLUMN, ALTER COMMENT COLUMN, ALTER CLEAR COLUMN, ALTER RENAME COLUMN, ALTER INDEX, ALTER ORDER BY, ALTER ADD INDEX, ALTER DROP INDEX, ALTER MATERIALIZE INDEX, ALTER CLEAR INDEX, ALTER CONSTRAINT, ALTER ADD CONSTRAINT, ALTER DROP CONSTRAINT, ALTER TTL, ALTER MATERIALIZE TTL, ALTER SETTINGS, ALTER MOVE PARTITION, ALTER FETCH PARTITION, ALTER FREEZE PARTITION, ALTER VIEW, ALTER VIEW REFRESH, and ALTER VIEW MODIFY QUERY. Enumeration values:
|
|
created_time |
Long |
Creation time. |
|
condition |
String |
Conditions. |
|
obligation |
String |
Obligation, including data filter and data mask. |
|
authorization_paths |
Array of strings |
Authorization path list. |
|
parameters |
Map<String,String> |
Parameter. |
|
access_policy_type |
String |
Policy type. The options are DEFAULT (common policy) and ROW_FILTER (row filtering policy). Enumeration values:
|
|
Parameter |
Type |
Description |
|---|---|---|
|
catalogs |
Array of CatalogInfo objects |
Catalog information. |
|
uris |
Array of strings |
URI. |
|
type |
String |
Resource type. The options are CATALOG, DATABASE, TABLE, COLUMN, FUNC, MODEL, and URI. Enumeration values:
|
|
Parameter |
Type |
Description |
|---|---|---|
|
databases |
Array of DatabaseInfo objects |
Subdatabase information. |
|
name |
String |
Catalog name. |
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
Database name. The value should contain 1 to 128 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed. |
|
tables |
Array of TableInfo objects |
Subtables. |
|
functions |
Array of FunctionInfo objects |
Subfunctions. |
|
Parameter |
Type |
Description |
|---|---|---|
|
columns |
ColumnInfo object |
Sub-columns. |
|
name |
String |
Table name. |
|
Parameter |
Type |
Description |
|---|---|---|
|
column_name |
Array of strings |
Column name. The value can contain 1 to 767 characters. Only letters, digits, and special characters (_-+*(),) are allowed. |
|
filter |
String |
Whether to filter out an item. The options are Include and Exclude. Enumeration values:
|
|
Parameter |
Type |
Description |
|---|---|---|
|
current_count |
Integer |
Number of objects returned this time. The value ranges from 0 to 2000. |
|
next_marker |
String |
Query address of the next page. If the next page does not exist, the value is null. (If the value is null, the response body does not contain this parameter.) |
|
previous_marker |
String |
Query address of the previous page. If the previous page does not exist, the value is null. (If the value is null, the response body does not contain this parameter.) |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
|
solution_msg |
String |
Solution. |
Example Requests
GET https://{endpoint}/v1/{project_id}/instances/{instance_id}/policies/show
Example Responses
Status code: 200
OK
{
"policies" : [ {
"project_id" : "41aa75443xxxxxx2c6afaaa40cc046",
"instance_id" : "51c51596-2e97-47bf-xxxx-0fc728c04ced",
"principal_type" : "USER",
"principal_source" : "IAM",
"principal_name" : "user1",
"resource" : {
"catalogs" : [ {
"databases" : [ {
"name" : "db1",
"tables" : [ { } ],
"functions" : [ { } ]
} ],
"name" : "catalog1"
} ],
"uris" : [ "string" ],
"type" : "CATALOG"
},
"resource_name" : "string",
"permissions" : [ "DROP", "ALTER" ],
"grant_able_permissions" : [ "ALTER" ],
"created_time" : 0,
"condition" : "ip=127.0.0.1",
"obligation" : "DATAFILTER:c1<10;DATAMASK:INCLUDE:c1",
"authorization_paths" : [ "obs://location/uri/" ]
} ],
"page_info" : {
"current_count" : 2000,
"next_marker" : "006f492b-xxxx",
"previous_marker" : "003e6eba-xxxx"
}
}
Status code: 400
Bad Request
{
"error_code" : "common.01000001",
"error_msg" : "failed to read http request, please check your input, code: 400, reason: Type mismatch., cause: TypeMismatchException"
}
Status code: 401
Unauthorized
{
"error_code": 'APIG.1002',
"error_msg": 'Incorrect token or token resolution failed'
}
Status code: 403
Forbidden
{
"error" : {
"code" : "403",
"message" : "X-Auth-Token is invalid in the request",
"error_code" : null,
"error_msg" : null,
"title" : "Forbidden"
},
"error_code" : "403",
"error_msg" : "X-Auth-Token is invalid in the request",
"title" : "Forbidden"
}
Status code: 404
Not Found
{
"error_code" : "common.01000001",
"error_msg" : "response status exception, code: 404"
}
Status code: 408
Request Timeout
{
"error_code" : "common.00000408",
"error_msg" : "timeout exception occurred"
}
Status code: 500
Internal Server Error
{
"error_code" : "common.00000500",
"error_msg" : "internal error"
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
OK |
|
400 |
Bad Request |
|
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
408 |
Request Timeout |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
