Request Conditions
Request conditions are useful in determining when a custom policy takes effect. A request condition consists of a condition key and operator. Condition keys are either global or service-level and are used in the Condition element of a policy statement. Global condition keys (starting with g:) are available for operations of all services, while service-level condition keys (starting with a service name such as ges) are available only for operations of a specific service. An operator is used together with a condition key to form a complete condition statement.
GES has a group of predefined condition keys that can be used in IAM. For example, to define an allow permission, you can use the condition key hw:SourceIp to match requesters by IP address. The following table shows the request conditions that are used with GES.
|
Condition Key |
Type |
Description |
|---|---|---|
|
g:CurrentTime |
Date and time |
Time when an authentication request is received
NOTE:
The time is in ISO 8601 format, for example, 2012-11-11T23:59:59Z. |
|
g:MFAPresent |
Boolean |
Whether multi-factor authentication is used for user login |
|
g:UserId |
String |
User ID used for current login |
|
g:UserName |
String |
Username used for current login |
|
g:ProjectName |
String |
Project of the current login |
|
g:DomainName |
String |
Domain of the current login |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
