Querying Permissions of an Agency for a Region-specific Project
Function
This API is provided for the administrator to query the permissions of an agency for a region-specific project.
The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
Debugging
You can debug this API in API Explorer.
URI
GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
agency_id |
Yes |
String |
Agency ID. For details about how to obtain the agency ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
project_id |
Yes |
String |
Project ID of the delegating party. For details about how to obtain the project ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Fill application/json;charset=utf8 in this field. |
X-Auth-Token |
Yes |
String |
Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions. |
Response Parameters
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Permission information. |
Parameter |
Type |
Description |
---|---|---|
domain_id |
String |
ID of the account which the permission belongs to. |
flag |
String |
If this parameter is set to fine_grained, the permission is a system-defined policy. |
description_cn |
String |
Description of the permission in Chinese. |
catalog |
String |
Service catalog of the permission. |
name |
String |
Permission name. This parameter is carried in the token of a user, allowing the system to determine whether the user has permissions to access a specific cloud service. |
description |
String |
Description of the permission. |
Object |
Permission resource link. |
|
id |
String |
Permission ID. |
display_name |
String |
Display name of the permission. |
type |
String |
Display mode of the permission.
NOTE:
|
Object |
Content of the permission. |
|
updated_time |
String |
Time when the permission was last updated.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
created_time |
String |
Time when the permission was created.
NOTE:
The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
Parameter |
Type |
Description |
---|---|---|
self |
String |
Resource link. |
previous |
String |
Previous resource link. |
next |
String |
Next resource link. |
Parameter |
Type |
Description |
---|---|---|
Array of objects |
Dependent permissions. |
|
Array of objects |
Statement of the permission. |
|
Version |
String |
Policy version.
NOTE:
|
Parameter |
Type |
Description |
---|---|---|
catalog |
String |
Service catalog of the permission. |
display_name |
String |
Display name of the permission. |
Parameter |
Type |
Description |
---|---|---|
Action |
Array of strings |
Specific operation permissions on a resource.
NOTE:
|
Effect |
String |
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
Condition |
Object |
Conditions for the permission to take effect. For details, see Creating a Custom Policy.
NOTE:
Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals). "Condition": { "StringEquals": { "obs:prefix": [ "public" ] } } |
Resource |
Array of strings |
Cloud resource.
NOTE:
|
Example Request
Request for querying permissions of an agency for a region-specific project
GET https://iam.myhuaweicloud.com/v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles
Example Response
Status code: 200
The request is successful.
{ "roles": [ { "domain_id": null, "flag": "fine_grained", "description_cn": "Description of the permission in Chinese", "catalog": "AOM", "name": "system_all_30", "description": "AOM read only", "id": "75cfe22af2b3498d82b655fbb39de498", "display_name": "AOM Viewer", "type": "XA", "policy": { "Version": "1.1", "Statement": [ { "Action": [ "aom:*:list", "aom:*:get", "apm:*:list", "apm:*:get" ], "Effect": "Allow" } ] } } ] }
Status Codes
Status Code |
Description |
---|---|
200 |
The request is successful. |
401 |
Authentication failed. |
403 |
Access denied. |
404 |
The requested resource cannot be found. |
500 |
Internal server error. |
Error Codes
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot