设备接入 IoTDA
云服务在IAM预置了常用授权项,称为系统身份策略。如果IAM系统身份策略无法满足授权要求,管理员可以根据各服务支持的授权项,创建IAM自定义身份策略来进行精细的访问控制,IAM自定义身份策略是对系统身份策略的扩展和补充。
除IAM服务外,Organizations服务中的服务控制策略(Service Control Policy,以下简称SCP)也可以使用这些授权项元素设置访问控制策略。
SCP不直接进行授权,只划定权限边界。将SCP绑定到组织单元或者成员账号时,并没有直接对组织单元或成员账号授予操作权限,而是规定了成员账号或组织单元包含的成员账号的授权范围。IAM身份策略授予权限的有效性受SCP限制,只有在SCP允许范围内的权限才能生效。
IAM服务与Organizations服务在使用这些元素进行访问控制时,存在着一些区别,详情请参见:IAM服务与Organizations服务权限访问控制的区别。
本章节介绍IAM服务基于身份策略授权场景中自定义身份策略和组织服务中SCP使用的元素,这些元素包含了操作(Action)、资源(Resource)和条件(Condition)。
操作(Action)
操作(Action)即为身份策略中支持的授权项。
- “访问级别”列描述如何对操作进行分类(list、read和write等)。此分类可帮助您了解在身份策略中相应操作对应的访问级别。
- “资源类型”列指每个操作是否支持资源级权限。
- 资源类型支持通配符号*表示所有。如果此列没有值(-),则必须在身份策略语句的Resource元素中指定所有资源类型(“*”)。
- 如果该列包含资源类型,则必须在具有该操作的语句中指定该资源的URN。
- 资源类型列中必需资源在表中用星号(*)标识,表示使用此操作必须指定该资源类型。
-
关于IoTDA定义的资源类型的详细信息请参见资源类型(Resource)。
- “条件键”列包括了可以在身份策略语句的Condition元素中IoTDA支持指定的键值。
- 如果该授权项资源类型列存在值,则表示条件键仅对列举的资源类型生效。
- 如果该授权项资源类型列没有值(-),则表示条件键对整个授权项生效。
- 如果此列条件键没有值(-),表示此操作不支持指定条件键。
关于IoTDA定义的条件键的详细信息请参见表4。
- “别名”列包括了可以在身份策略中配置的策略授权项。通过这些授权项,可以控制支持策略授权的API访问。详细信息请参见身份策略兼容性说明。
您可以在身份策略语句的Action元素中指定以下IoTDA的相关操作。
表1 IoTDA支持的授权项 授权项
描述
访问级别
资源类型(*为必须)
条件键
别名
iotda:products:create
创建产品
write
app
g:EnterpriseProjectId
-
iotda:products:queryList
查询产品列表
list
app
g:EnterpriseProjectId
-
iotda:products:query
查询产品
read
app
g:EnterpriseProjectId
-
iotda:products:modify
修改产品
write
app
g:EnterpriseProjectId
-
iotda:products:delete
删除产品
write
app
g:EnterpriseProjectId
-
iotda:devices:register
创建设备
write
app
g:EnterpriseProjectId
-
iotda:devices:queryList
查询设备列表
list
app
g:EnterpriseProjectId
-
iotda:devices:query
查询设备
read
app
g:EnterpriseProjectId
-
iotda:devices:queryGroupList
查询设备群组列表
list
app
g:EnterpriseProjectId
-
iotda:devices:modify
修改设备
write
app
g:EnterpriseProjectId
-
iotda:devices:changeGateway
修改设备网关
write
app
g:EnterpriseProjectId
-
iotda:devices:delete
删除设备
write
app
g:EnterpriseProjectId
-
iotda:devices:resetSecret
重置设备密钥
write
app
g:EnterpriseProjectId
-
iotda:devices:freeze
冻结设备
write
app
g:EnterpriseProjectId
-
iotda:devices:unfreeze
解冻设备
write
app
g:EnterpriseProjectId
-
iotda:devices:resetFingerprint
重置设备指纹
write
app
g:EnterpriseProjectId
-
iotda:devices:queryList
灵活搜索设备列表
list
app
g:EnterpriseProjectId
-
iotda:devices:queryHistoryData
查询设备历史数据
list
app
g:EnterpriseProjectId
-
iotda:messages:send
下发设备消息
write
app
g:EnterpriseProjectId
-
iotda:messages:queryList
查询设备消息列表
list
app
g:EnterpriseProjectId
-
iotda:messages:query
查询指定消息id的消息
read
app
g:EnterpriseProjectId
-
iotda:messages:delete
删除指定消息id的消息
write
app
g:EnterpriseProjectId
iotda:message:broadcast
下发广播消息
write
app
g:EnterpriseProjectId
-
iotda:commands:send
下发设备命令
write
app
g:EnterpriseProjectId
-
iotda:asynccommands:send
下发异步设备命令
write
app
g:EnterpriseProjectId
-
iotda:asynccommands:query
查询指定id的命令
read
app
g:EnterpriseProjectId
-
iotda:historycommands:queryList
查询历史异步命令列表
list
app
g:EnterpriseProjectId
-
iotda:historycommands:queryCommandsCount
统计历史异步命令总数
read
app
g:EnterpriseProjectId
-
iotda:properties:modify
修改设备属性
write
app
g:EnterpriseProjectId
-
iotda:properties:query
查询设备属性
read
app
g:EnterpriseProjectId
-
iotda:shadow:query
查询设备影子数据
read
app
g:EnterpriseProjectId
-
iotda:shadow:delete
删除设备影子数据
write
app
g:EnterpriseProjectId
iotda:shadow:config
配置设备影子预期数据
write
app
g:EnterpriseProjectId
-
iotda:amqpqueue:create
创建AMQP队列
write
-
g:EnterpriseProjectId
-
iotda:amqpqueue:queryList
查询AMQP列表
list
-
g:EnterpriseProjectId
-
iotda:amqpqueue:query
查询单个AMQP队列
read
-
g:EnterpriseProjectId
-
iotda:amqpqueue:delete
删除AMQP队列
write
-
g:EnterpriseProjectId
-
iotda:amqpqueue:disconnect
断开AMQP队列连接
write
-
g:EnterpriseProjectId
iotda:amqpqueue:delete
iotda:accesscode:create
生成接入凭证
write
-
g:EnterpriseProjectId
-
iotda:routingrules:create
创建规则触发条件
write
app
g:EnterpriseProjectId
-
iotda:routingrules:queryList
查询规则条件列表
list
app
g:EnterpriseProjectId
-
iotda:routingrules:query
查询规则条件
read
app
g:EnterpriseProjectId
-
iotda:routingrules:modify
修改规则触发条件
write
app
g:EnterpriseProjectId
-
iotda:routingrules:delete
删除规则触发条件
write
app
g:EnterpriseProjectId
-
iotda:routingrules:verifySql
校验SQL有效性
write
app
g:EnterpriseProjectId
-
iotda:routingbacklogpolicy:create
创建外出推送积压策略
write
-
g:EnterpriseProjectId
-
iotda:routingbacklogpolicy:queryList
查询外出推送积压策略列表
list
-
g:EnterpriseProjectId
-
iotda:routingbacklogpolicy:delete
删除外出推送积压策略
write
-
g:EnterpriseProjectId
-
iotda:routingbacklogpolicy:query
查询外出推送积压策略
read
-
g:EnterpriseProjectId
-
iotda:routingbacklogpolicy:update
修改外出推送积压策略
write
-
g:EnterpriseProjectId
-
iotda:routingflowcontrolpolicy:create
创建外出流控策略
write
-
g:EnterpriseProjectId
-
iotda:routingflowcontrolpolicy:update
更新外出流控策略
write
-
g:EnterpriseProjectId
-
iotda:routingflowcontrolpolicy:queryList
查询外出流控策略列表
list
-
g:EnterpriseProjectId
-
iotda:routingflowcontrolpolicy:query
查询流控策略详情
read
-
g:EnterpriseProjectId
-
iotda:routingflowcontrolpolicy:delete
删除外出流控策略
write
-
g:EnterpriseProjectId
-
iotda:routingactions:create
创建规则动作
write
app
g:EnterpriseProjectId
iotda:HttpForwardingEnableSSL
iotda:HttpForwardingEnableAuthentication
iotda:DMSKafkaForwardingEnableAuthentication
iotda:DMSKafkaForwardingEnableSSL
iotda:MysqlForwardingEnableSSL
iotda:PostgresqlForwardingEnableSSL
iotda:MRSKafkaForwardingEnableAuthentication
iotda:DMSRocketMQForwardingEnableSSL
iotda:MongoDBForwardingEnableSSL
-
iotda:routingactions:queryList
查询规则动作列表
list
app
g:EnterpriseProjectId
-
iotda:routingactions:query
查询规则动作
read
app
g:EnterpriseProjectId
-
iotda:routingactions:modify
修改规则动作
write
app
g:EnterpriseProjectId
iotda:HttpForwardingEnableSSL
iotda:HttpForwardingEnableAuthentication
iotda:DMSKafkaForwardingEnableAuthentication
iotda:DMSKafkaForwardingEnableSSL
iotda:MysqlForwardingEnableSSL
iotda:PostgresqlForwardingEnableSSL
iotda:MRSKafkaForwardingEnableAuthentication
iotda:DMSRocketMQForwardingEnableSSL
iotda:MongoDBForwardingEnableSSL
-
iotda:routingactions:delete
删除规则动作
write
app
g:EnterpriseProjectId
-
iotda:routingactions:verifyConnectivity
验证连通性
write
app
g:EnterpriseProjectId
iotda:routingactions:modify
iotda:routingactions:queryStats
查询规则动作的统计
read
app
g:EnterpriseProjectId
iotda:routingactions:query
iotda:routingactions:clearMessage
清理规则动作积压数据
write
app
g:EnterpriseProjectId
-
iotda:rules:create
创建规则
write
-
g:EnterpriseProjectId
-
iotda:rules:queryList
查询规则列表
list
-
g:EnterpriseProjectId
-
iotda:rules:modify
修改规则
write
-
g:EnterpriseProjectId
-
iotda:rules:query
查询规则
read
-
g:EnterpriseProjectId
-
iotda:rules:delete
删除规则
write
-
g:EnterpriseProjectId
-
iotda:rules:modifyStatus
修改规则状态
write
-
g:EnterpriseProjectId
-
iotda:group:create
添加设备组
write
app
g:EnterpriseProjectId
-
iotda:group:queryList
查询设备组列表
list
app
g:EnterpriseProjectId
-
iotda:group:query
查询设备组
read
app
g:EnterpriseProjectId
-
iotda:group:modify
修改设备组
write
app
g:EnterpriseProjectId
-
iotda:group:delete
删除设备组
write
app
g:EnterpriseProjectId
-
iotda:group:addDevice
管理设备组中的设备
write
app
g:EnterpriseProjectId
-
iotda:group:queryDeviceList
查询设备组设备列表
list
app
g:EnterpriseProjectId
-
iotda:tags:bind
绑定标签
tagging
-
- g:EnterpriseProjectId
- g:RequestTag/<tag-key>
- g:TagKeys
-
iotda:tags:unbind
解绑标签
tagging
-
- g:EnterpriseProjectId
- g:RequestTag/<tag-key>
- g:TagKeys
-
iotda:tags:queryResourceList
按标签查询资源
list
-
- g:EnterpriseProjectId
- g:RequestTag/<tag-key>
- g:TagKeys
iotda:tags:query
iotda:apps:queryList
查询资源空间列表
list
app
g:EnterpriseProjectId
-
iotda:app:create
创建资源空间
write
app
g:EnterpriseProjectId
-
iotda:apps:query
查询资源空间
read
app
g:EnterpriseProjectId
-
iotda:apps:delete
删除资源空间
write
app
g:EnterpriseProjectId
-
iotda:apps:update
修改资源空间
write
app
g:EnterpriseProjectId
iotda:batchtasks:create
创建批量任务
write
-
g:EnterpriseProjectId
-
iotda:batchtasks:queryList
查询批量任务列表
list
-
g:EnterpriseProjectId
-
iotda:batchtasks:query
查询批量任务
read
-
g:EnterpriseProjectId
-
iotda:batchtasks:retry
批量任务重试
write
-
g:EnterpriseProjectId
iotda:batchtasks:create
iotda:batchtasks:stop
批量任务停止
write
-
g:EnterpriseProjectId
-
iotda:batchtasks:delete
删除批量任务
write
-
g:EnterpriseProjectId
-
iotda:batchtaskfiles:create
上传批量任务文件
write
-
g:EnterpriseProjectId
-
iotda:batchtaskfiles:queryList
查询批量任务文件列表
list
-
g:EnterpriseProjectId
-
iotda:batchtaskfiles:delete
删除批量任务文件
write
-
g:EnterpriseProjectId
-
iotda:certificates:upload
上传设备CA证书
write
app
g:EnterpriseProjectId
-
iotda:certificates:queryList
获取设备CA证书列表
list
app
g:EnterpriseProjectId
-
iotda:certificates:delete
删除设备CA证书
write
app
g:EnterpriseProjectId
-
iotda:certificates:check
验证设备CA证书
write
app
g:EnterpriseProjectId
-
iotda:certificate:query
查询设备CA证书
read
app
g:EnterpriseProjectId
-
iotda:certificates:update
更新设备CA证书
write
app
g:EnterpriseProjectId
-
iotda:certificates:debug
调试设备CA证书
write
app
g:EnterpriseProjectId
-
iotda:appcacertificate:queryList
查询应用侧CA证书列表
list
-
g:EnterpriseProjectId
-
iotda:appcacertificate:create
上传应用侧CA证书
write
-
g:EnterpriseProjectId
-
iotda:appcacertificate:delete
删除应用侧CA证书
write
-
g:EnterpriseProjectId
iotda:cacertificates:delete
iotda:appcacertificate:update
更新应用侧CA证书
write
-
g:EnterpriseProjectId
iotda:cacertificates:update
iotda:servercertificate:query
查询接入证书
read
-
g:EnterpriseProjectId
-
iotda:servercertificate:update
更新接入证书
write
-
g:EnterpriseProjectId
-
iotda:servercertificate:create
创建接入证书
write
-
g:EnterpriseProjectId
-
iotda:servercertificate:delete
删除接入证书
write
-
g:EnterpriseProjectId
-
iotda:servercertificate:queryList
查询接入证书列表
list
-
g:EnterpriseProjectId
-
iotda:otapackages:create
创建OTA升级包
write
-
g:EnterpriseProjectId
-
iotda:otapackages:queryList
查询OTA升级包列表
list
-
g:EnterpriseProjectId
-
iotda:otapackages:query
获取OTA升级包详情
read
-
g:EnterpriseProjectId
-
iotda:otapackages:delete
删除OTA升级包
write
-
g:EnterpriseProjectId
-
iotda:obsbucket:query
查询已配置的文件上传桶名
read
-
g:EnterpriseProjectId
-
iotda:obsbucket:create
配置文件上传OBS桶
write
-
g:EnterpriseProjectId
-
iotda:simulator:register
注册设备模拟器
write
app
g:EnterpriseProjectId
-
iotda:simulator:queryHistoryData
查询设备模拟器历史数据
list
app
g:EnterpriseProjectId
-
iotda:simulator:delete
删除设备模拟器
write
app
g:EnterpriseProjectId
-
iotda:bundle:query
查询插件信息
read
app
g:EnterpriseProjectId
-
iotda:bundle:queryList
查询插件列表
list
app
g:EnterpriseProjectId
-
iotda:bundle:create
创建插件信息
write
app
g:EnterpriseProjectId
-
iotda:bundle:update
更新插件信息
write
app
g:EnterpriseProjectId
-
iotda:offlinebundle:deploy
离线插件部署
write
app
g:EnterpriseProjectId
-
iotda:onlinebundle:deploy
在线插件部署
write
app
g:EnterpriseProjectId
-
iotda:bundlemapping:query
查询编解码对应关系
read
-
g:EnterpriseProjectId
-
iotda:bundlemapping:save
保存编解码对应关系
write
-
g:EnterpriseProjectId
-
iotda:bundlemessage:query
查询插件消息
read
-
g:EnterpriseProjectId
-
iotda:bundlemessage:save
保存插件消息
write
-
g:EnterpriseProjectId
-
iotda:devicedebugmessage:send
发送设备调试消息
write
-
g:EnterpriseProjectId
iotda:bundlemessage:send
iotda:devicedebugmessage:queryList
查询设备调试消息列表
list
-
g:EnterpriseProjectId
-
iotda:bridge:queryList
查询网桥列表
list
-
g:EnterpriseProjectId
-
iotda:bridge:create
创建网桥
write
-
g:EnterpriseProjectId
-
iotda:bridge:delete
删除网桥
write
-
g:EnterpriseProjectId
-
iotda:bridge:reset
重置网桥密钥
write
-
g:EnterpriseProjectId
-
iotda:exporttasks:queryList
查询导出任务列表
list
-
g:EnterpriseProjectId
-
iotda:exporttasks:create
创建导出任务
write
-
g:EnterpriseProjectId
-
iotda:exporttasks:query
下载导出结果文件
read
-
g:EnterpriseProjectId
-
iotda:harmonysoftbus:queryList
查询鸿蒙软总线列表
list
-
g:EnterpriseProjectId
-
iotda:harmonysoftbus:create
创建鸿蒙软总线
write
-
g:EnterpriseProjectId
-
iotda:harmonysoftbus:delete
删除鸿蒙软总线
write
-
g:EnterpriseProjectId
-
iotda:harmonysoftbus:reset
重置鸿蒙软总线key
write
-
g:EnterpriseProjectId
-
iotda:harmonysoftbus:sync
同步鸿蒙软总线
write
-
g:EnterpriseProjectId
-
iotda:instance:queryList
查询实例列表
list
instance
g:EnterpriseProjectId
g:TagKeys
g:RequestTag/<tag-key>
-
iotda:instance:update
更新实例
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
iotda:AllowPublicAccess
iotda:AllowPublicForwarding
iotda:DomainConfiguration
-
iotda:instance:delete
删除实例
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:query
查询实例详情
read
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:restart
重启实例创建
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:queryTaskList
查询实例任务列表
list
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:queryTask
查询实例任务详情
read
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:operateTag
操作实例标签
tagging
instance
g:EnterpriseProjectId
g:TagKeys
g:RequestTag/<tag-key>
-
iotda:instance:listTags
查询实例标签列表
list
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:queryOutBoundChannelList
查询外出对接通道列表
list
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:createOutBoundChannel
创建外出对接通道
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:queryProtocolAdaptorList
查询协议层插件适配器列表
list
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:createProtocolAdaptor
创建协议层插件适配器
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:updateProtocolAdaptor
更新协议层插件适配
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:queryProtocolAdaptor
查询协议层插件适配器详情
read
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:deleteProtocolAdaptor
删除协议层插件适配器
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:instance:queryProtocolAdaptorLog
查询泛协议适配器运行日志
read
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:protocoladaptorimage:queryList
查询泛协议镜像列表
list
-
-
-
iotda:protocoladaptorimage:create
创建泛协议镜像
write
-
-
-
iotda:protocoladaptorimage:update
更新泛协议镜像
write
-
-
-
iotda:protocoladaptorimage:delete
删除泛协议镜像
write
-
-
-
iotda:dbtable:query
查询数据库表结构
read
-
g:EnterpriseProjectId
-
iotda:dbtable:queryList
查询数据库表
list
-
g:EnterpriseProjectId
-
iotda:messagetrace:queryList
查询消息跟踪配置列表
list
-
g:EnterpriseProjectId
-
iotda:messagetrace:update
修改消息跟踪配置
write
-
g:EnterpriseProjectId
-
iotda:messagetracedata:delete
删除消息跟踪数据
write
-
g:EnterpriseProjectId
-
iotda:messagetracedata:queryList
查询消息跟踪数据列表
list
-
g:EnterpriseProjectId
-
iotda:productconfig:queryList
查询产品配置列表
list
-
g:EnterpriseProjectId
-
iotda:productconfig:create
创建产品配置
write
-
g:EnterpriseProjectId
-
iotda:productconfig:query
查询产品配置
read
-
g:EnterpriseProjectId
-
iotda:productfunctions:queryList
查询产品函数列表
list
app
g:EnterpriseProjectId
-
iotda:productfunctions:create
创建产品函数
write
app
g:EnterpriseProjectId
-
iotda:productfunctions:delete
删除产品函数
write
app
g:EnterpriseProjectId
-
iotda:topics:queryList
查询自定义topic列表
list
app
g:EnterpriseProjectId
-
iotda:topics:create
创建自定义topic
write
app
g:EnterpriseProjectId
-
iotda:topics:delete
删除自定义topic
write
app
g:EnterpriseProjectId
-
iotda:topics:modify
修改自定义topic
write
app
g:EnterpriseProjectId
-
iotda:tunnel:queryList
查询隧道列表
list
-
g:EnterpriseProjectId
-
iotda:tunnel:create
创建设备隧道
write
-
g:EnterpriseProjectId
-
iotda:tunnel:delete
删除设备隧道
write
-
g:EnterpriseProjectId
-
iotda:tunnel:query
查询隧道详情
read
-
g:EnterpriseProjectId
-
iotda:tunnel:close
关闭设备隧道
write
-
g:EnterpriseProjectId
iotda:tunnel:update
iotda:scripts:delete
卸载JavaScript插件脚本
write
app
g:EnterpriseProjectId
-
iotda:scripts:create
上传JavaScript插件脚本
write
app
g:EnterpriseProjectId
-
iotda:scripts:run
运行JavaScript插件脚本
write
app
g:EnterpriseProjectId
-
iotda:scripts:query
查询JavaScript插件脚本
read
app
g:EnterpriseProjectId
-
iotda:device-proxies:create
创建设备代理
write
app
g:EnterpriseProjectId
-
iotda:device-proxies:queryList
查询设备代理列表
list
app
g:EnterpriseProjectId
-
iotda:device-proxies:query
查询设备代理
read
app
g:EnterpriseProjectId
-
iotda:device-proxies:modify
修改设备代理
write
app
g:EnterpriseProjectId
-
iotda:device-proxies:delete
删除设备代理
write
app
g:EnterpriseProjectId
-
iotda:devicepolicy:create
创建设备策略
write
app
g:EnterpriseProjectId
-
iotda:devicepolicy:delete
删除设备策略
write
app
g:EnterpriseProjectId
-
iotda:devicepolicy:update
修改设备策略
write
app
g:EnterpriseProjectId
-
iotda:devicepolicy:query
查询设备策略
read
app
g:EnterpriseProjectId
-
iotda:devicepolicy:queryList
查询设备策略列表
list
app
g:EnterpriseProjectId
-
iotda:devicepolicy:bind
绑定设备策略
permission_management
app
g:EnterpriseProjectId
-
iotda:devicepolicy:unbind
解除绑定设备策略
permission_management
app
g:EnterpriseProjectId
-
iotda:devicepolicy:queryTargets
查询绑定策略的设备列表
list
app
g:EnterpriseProjectId
-
iotda:routingprivatelink:create
创建流转规则私有连接
write
-
g:EnterpriseProjectId
-
iotda:routingprivatelink:queryList
查询流转规则私有连接列表
list
-
g:EnterpriseProjectId
-
iotda:routingprivatelink:query
查询流转规则私有连接
read
-
g:EnterpriseProjectId
-
iotda:routingprivatelink:delete
删除流转规则私有连接
write
-
g:EnterpriseProjectId
-
iotda:provisioningtemplate:create
创建自注册模板
write
-
g:EnterpriseProjectId
-
iotda:provisioningtemplate:queryList
查询自注册模板列表
list
-
g:EnterpriseProjectId
-
iotda:provisioningtemplate:delete
删除自注册模板
write
-
g:EnterpriseProjectId
-
iotda:provisioningtemplate:query
查询自注册模板
read
-
g:EnterpriseProjectId
-
iotda:provisioningtemplate:update
更新自注册模板
write
-
g:EnterpriseProjectId
-
iotda:deviceauthorizers:create
创建自定义鉴权
write
instance
g:EnterpriseProjectId
-
iotda:deviceauthorizers:query
查询自定义鉴权详情
read
instance
g:EnterpriseProjectId
-
iotda:deviceauthorizers:queryList
查询自定义鉴权列表
list
instance
g:EnterpriseProjectId
-
iotda:deviceauthorizers:delete
删除自定义鉴权
write
instance
g:EnterpriseProjectId
-
iotda:deviceauthorizers:update
更新自定义鉴权
write
instance
g:EnterpriseProjectId
-
iotda:deviceauthenticationtemplate:create
创建设备鉴权模板
write
instance
g:EnterpriseProjectId
-
iotda:deviceauthenticationtemplate:queryList
查询设备鉴权模板列表
list
instance
g:EnterpriseProjectId
-
iotda:deviceauthenticationtemplate:delete
删除设备鉴权模板
write
instance
g:EnterpriseProjectId
-
iotda:deviceauthenticationtemplate:update
更新设备鉴权模板
write
instance
g:EnterpriseProjectId
-
iotda:deviceauthenticationtemplate:query
查询设备鉴权模板
read
instance
g:EnterpriseProjectId
-
iotda:deviceauthenticationtemplate:debug
调试设备鉴权模板
write
instance
g:EnterpriseProjectId
-
iotda:devicecertificates:queryList
查询设备证书列表
list
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:devicecertificates:delete
删除设备证书
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:devicecertificates:update
更新设证书
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:devicecertificates:query
查询设备证书
read
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:devicecertificates:queryDeviceList
查询设备列表
read
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:securityprofile:create
创建安全态势感知配置
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:securityprofile:queryList
查询安全态势感知配置列表
list
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:securityprofile:delete
删除安全态势感知配置
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:securityprofile:update
更新安全态势感知配置
write
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
iotda:securityprofile:query
查询安全态势感知配置
read
instance
g:EnterpriseProjectId
g:ResourceTag/<tag-key>
-
IoTDA的API通常对应着一个或多个授权项。表2 API与授权项的关系展示了API与授权项的关系,以及该API需要依赖的授权项。
表2 API与授权项的关系 API
对应的授权项
依赖的授权项
POST /v5/iot/{project_id}/products
iotda:products:create
-
GET /v5/iot/{project_id}/products
iotda:products:queryList
-
GET /v5/iot/{project_id}/products/{product_id}
iotda:products:query
-
PUT /v5/iot/{project_id}/products/{product_id}
iotda:products:modify
-
DELETE /v5/iot/{project_id}/products/{product_id}
iotda:products:delete
-
POST /v5/iot/{project_id}/devices
iotda:devices:register
-
GET /v5/iot/{project_id}/devices
iotda:devices:queryList
-
GET /v5/iot/{project_id}/devices/{device_id}
iotda:devices:query
-
POST /v5/iot/{project_id}/devices/{device_id}/list-device-group
iotda:devices:queryGroupList
PUT /v5/iot/{project_id}/devices/{device_id}
iotda:devices:modify
-
DELETE /v5/iot/{project_id}/devices/{device_id}
iotda:devices:delete
-
POST /v5/iot/{project_id}/devices/{device_id}/action
iotda:devices:resetSecret
-
POST /v5/iot/{project_id}/devices/{device_id}/freeze
iotda:devices:freeze
-
POST /v5/iot/{project_id}/devices/{device_id}/unfreeze
iotda:devices:unfreeze
-
POST /v5/iot/{project_id}/devices/{device_id}/reset-fingerprint
iotda:devices:resetFingerprint
-
POST /v5/iot/{project_id}/search/query-devices
iotda:devices:queryList
-
POST /v5/iot/{project_id}/devices/{device_id}/messages
iotda:messages:send
-
GET /v5/iot/{project_id}/devices/{device_id}/messages
iotda:messages:queryList
-
GET /v5/iot/{project_id}/devices/{device_id}/messages/{message_id}
iotda:messages:query
-
POST /v5/iot/{project_id}/broadcast-messages
iotda:message:broadcast
-
POST /v5/iot/{project_id}/devices/{device_id}/commands
iotda:commands:send
-
POST /v5/iot/{project_id}/devices/{device_id}/async-commands
iotda:asynccommands:send
-
GET /v5/iot/{project_id}/devices/{device_id}/async-commands/{command_id}
iotda:asynccommands:query
-
PUT /v5/iot/{project_id}/devices/{device_id}/properties
iotda:properties:modify
-
GET /v5/iot/{project_id}/devices/{device_id}/properties
iotda:properties:query
-
GET /v5/iot/{project_id}/devices/{device_id}/shadow
iotda:shadow:query
-
PUT /v5/iot/{project_id}/devices/{device_id}/shadow
iotda:shadow:config
-
POST /v5/iot/{project_id}/amqp-queues
iotda:amqpqueue:create
-
GET /v5/iot/{project_id}/amqp-queues
iotda:amqpqueue:queryList
-
GET /v5/iot/{project_id}/amqp-queues/{queue_id}
iotda:amqpqueue:query
-
DELETE /v5/iot/{project_id}/amqp-queues/{queue_id}
iotda:amqpqueue:delete
-
POST /v5/iot/{project_id}/auth/accesscode
iotda:accesscode:create
-
POST /v5/iot/{project_id}/routing-rule/rules
iotda:routingrules:create
-
GET /v5/iot/{project_id}/routing-rule/rules
iotda:routingrules:queryList
-
GET /v5/iot/{project_id}/routing-rule/rules/{rule_id}
iotda:routingrules:query
-
PUT /v5/iot/{project_id}/routing-rule/rules/{rule_id}
iotda:routingrules:modify
-
DELETE /v5/iot/{project_id}/routing-rule/rules/{rule_id}
iotda:routingrules:delete
-
POST /v5/iot/{project_id}/routing-rule/backlog-policy
iotda:routingbacklogpolicy:create
-
GET /v5/iot/{project_id}/routing-rule/backlog-policy
iotda:routingbacklogpolicy:queryList
-
DELETE /v5/iot/{project_id}/routing-rule/backlog-policy/{policy_id}
iotda:routingbacklogpolicy:delete
-
GET /v5/iot/{project_id}/routing-rule/backlog-policy/{policy_id}
iotda:routingbacklogpolicy:query
-
PUT /v5/iot/{project_id}/routing-rule/backlog-policy/{policy_id}
iotda:routingbacklogpolicy:update
-
POST /v5/iot/{project_id}/routing-rule/flowcontrol-policy
iotda:routingflowcontrolpolicy:create
-
PUT /v5/iot/{project_id}/routing-rule/flowcontrol-policy/{policy_id}
iotda:routingflowcontrolpolicy:update
-
GET /v5/iot/{project_id}/routing-rule/flowcontrol-policy
iotda:routingflowcontrolpolicy:queryList
-
GET /v5/iot/{project_id}/routing-rule/flowcontrol-policy/{policy_id}
iotda:routingflowcontrolpolicy:query
-
DELETE /v5/iot/{project_id}/routing-rule/flowcontrol-policy/{policy_id}
iotda:routingflowcontrolpolicy:delete
-
POST /v5/iot/{project_id}/routing-rule/private-links
iotda:routingprivatelink:create
-
GET /v5/iot/{project_id}/routing-rule/private-links
iotda:routingprivatelink:queryList
-
GET /v5/iot/{project_id}/routing-rule/private-links/{link_id}
iotda:routingprivatelink:query
-
DELETE /v5/iot/{project_id}/routing-rule/private-links/{link_id}
iotda:routingprivatelink:delete
-
POST /v5/iot/{project_id}/routing-rule/actions
iotda:routingactions:create
-
GET /v5/iot/{project_id}/routing-rule/actions
iotda:routingactions:queryList
-
GET /v5/iot/{project_id}/routing-rule/actions/{action_id}
iotda:routingactions:query
-
PUT /v5/iot/{project_id}/routing-rule/actions/{action_id}
iotda:routingactions:modify
-
DELETE /v5/iot/{project_id}/routing-rule/actions/{action_id}
iotda:routingactions:delete
-
POST /v5/iot/{project_id}/rules
iotda:rules:create
-
GET /v5/iot/{project_id}/rules
iotda:rules:queryList
-
PUT /v5/iot/{project_id}/rules/{rule_id}
iotda:rules:modify
-
GET /v5/iot/{project_id}/rules/{rule_id}
iotda:rules:query
-
DELETE /v5/iot/{project_id}/rules/{rule_id}
iotda:rules:delete
-
PUT /v5/iot/{project_id}/rules/{rule_id}/status
iotda:rules:modifyStatus
-
POST /v5/iot/{project_id}/device-group
iotda:group:create
-
GET /v5/iot/{project_id}/device-group
iotda:group:queryList
-
GET /v5/iot/{project_id}/device-group/{group_id}
iotda:group:query
-
PUT /v5/iot/{project_id}/device-group/{group_id}
iotda:group:modify
-
DELETE /v5/iot/{project_id}/device-group/{group_id}
iotda:group:delete
-
POST /v5/iot/{project_id}/device-group/{group_id}/action
iotda:group:addDevice
-
GET /v5/iot/{project_id}/device-group/{group_id}/devices
iotda:group:queryDeviceList
-
POST /v5/iot/{project_id}/tags/bind-resource
iotda:tags:bind
-
POST /v5/iot/{project_id}/tags/unbind-resource
iotda:tags:unbind
-
POST /v5/iot/{project_id}/tags/query-resources
iotda:tags:queryResourceList
-
GET /v5/iot/{project_id}/apps
iotda:apps:queryList
-
POST /v5/iot/{project_id}/apps
iotda:app:create
-
GET /v5/iot/{project_id}/apps/{app_id}
iotda:apps:query
-
DELETE /v5/iot/{project_id}/apps/{app_id}
iotda:apps:delete
-
PUT /v5/iot/{project_id}/apps/{app_id}
iotda:apps:update
POST /v5/iot/{project_id}/batchtasks
iotda:batchtasks:create
-
GET /v5/iot/{project_id}/batchtasks
iotda:batchtasks:queryList
-
GET /v5/iot/{project_id}/batchtasks/{task_id}
iotda:batchtasks:query
-
POST /v5/iot/{project_id}/batchtasks/{task_id}/retry
iotda:batchtasks:retry
-
POST /v5/iot/{project_id}/batchtasks/{task_id}/stop
iotda:batchtasks:stop
-
DELETE /v5/iot/{project_id}/batchtasks/{task_id}
iotda:batchtasks:delete
-
POST /v5/iot/{project_id}/batchtask-files
iotda:batchtaskfiles:create
-
GET /v5/iot/{project_id}/batchtask-files
iotda:batchtaskfiles:queryList
-
DELETE /v5/iot/{project_id}/batchtask-files/{file_id}
iotda:batchtaskfiles:delete
-
POST /v5/iot/{project_id}/certificates
iotda:certificates:upload
-
GET /v5/iot/{project_id}/certificates
iotda:certificates:queryList
-
DELETE /v5/iot/{project_id}/certificates/{certificate_id}
iotda:certificates:delete
-
POST /v5/iot/{project_id}/certificates/{certificate_id}/action
iotda:certificates:check
-
GET /v5/iot/{project_id}/certificates/{certificate_id}
iotda:certificate:query
-
PUT /v5/iot/{project_id}/certificates/{certificate_id}
iotda:certificates:update
-
POST /v5/iot/{project_id}/certificates/{certificate_id}/debug
iotda:certificates:debug
-
GET /v5/iot/{project_id}/certificates/app-cert
iotda:appcacertificate:queryList
-
POST /v5/iot/{project_id}/certificates/app-cert
iotda:appcacertificate:create
-
DELETE /v5/iot/{project_id}/certificates/app-cert/{certificate_id}
iotda:appcacertificate:delete
-
PUT
/v5/iot/{project_id}/certificates/app-cert/{certificate_id}
iotda:appcacertificate:update
-
GET /v1/iot/secretmgmt/certificates/servercert
iotda:servercertificate:query
-
PUT /v1/iot/secretmgmt/certificates/servercert
iotda:servercertificate:update
-
POST /v1/iot/secretmgmt/certificates/servercert
iotda:servercertificate:create
-
DELETE /v1/iot/secretmgmt/certificates/servercert
iotda:servercertificate:delete
-
GET /v1/iot/secretmgmt/certificates/servercert/list
iotda:servercertificate:queryList
-
GET /v5/iot/{project_id}/file-storage/device
iotda:obsbucket:query
-
POST /v5/iot/{project_id}/file-storage/device
iotda:obsbucket:create
-
PUT /iodev/portal/authorized/v1.5.0/apps/{appId}/nbDevices
iotda:simulator:register
-
GET /iodev/portal/authorized/v1.5.0/apps/{appId}/simulator/devices/{deviceId}/historyData
iotda:simulator:queryHistoryData
-
DELETE /iodev/portal/authorized/v1.5.0/apps/{appId}/simulator/devices/{deviceId}
iotda:simulator:delete
-
GET /sps/portal/bundle/v2.0.0/apps/{appid}/queryTaskIdByProductId
iotda:bundle:query
-
POST /sps/portal/cigcodec/device
iotda:bundle:create
-
PUT /sps/portal/cigcodec/device
iotda:bundle:update
-
GET /sps/portal/cigcodec/device/{id}/downloadSignBundle2
iotda:bundle:query
-
POST /sps/portal/bundle/v2.0.0/apps/{id}/defaultCIGAppId/bundlePackages/newSign
iotda:offlinebundle:deploy
-
POST /sps/portal/cigcodec/device/deploy2
iotda:onlinebundle:deploy
-
GET /sps/portal/cigcodec/historydevices
iotda:bundle:queryList
-
GET /sps/portal/cigcodec/device/{id}/mapping
iotda:bundlemapping:query
-
PUT /sps/portal/cigcodec/device/{id}/mapping
iotda:bundlemapping:save
-
GET /sps/portal/cigcodec/device/{id}/message
iotda:bundlemessage:query
-
PUT /sps/portal/cigcodec/device/{id}/message
iotda:bundlemessage:save
-
POST /iodev/portal/authorized/v1.5.0/apps/{appId}/nbDeviceData
iotda:devicedebugmessage:send
-
GET /iodev/portal/authorized/v1.5.0/apps/{appId}/nbDevice/hexLogs/{id}
iotda:devicedebugmessage:queryList
-
POST /v5/iot/{project_id}/ota-upgrades/packages
iotda:otapackages:create
-
GET /v5/iot/{project_id}/ota-upgrades/packages
iotda:otapackages:queryList
-
GET /v5/iot/{project_id}/ota-upgrades/packages/{package_id}
iotda:otapackages:query
-
DELETE /v5/iot/{project_id}/ota-upgrades/packages/{package_id}
iotda:otapackages:delete
-
GET /v5/iot/{project_id}/tunnels
iotda:tunnel:queryList
-
POST /v5/iot/{project_id}/tunnels
iotda:tunnel:create
-
DELETE /v5/iot/{project_id}/tunnels/{id}
iotda:tunnel:delete
-
GET /v5/iot/{project_id}/tunnels/{id}
iotda:tunnel:query
-
PUT /v5/iot/{project_id}/tunnels/{id}
iotda:tunnel:close
-
GET /v5/iot/{project_id}/bridges
iotda:bridge:queryList
-
POST /v5/iot/{project_id}/bridges
iotda:bridge:create
-
DELETE /v5/iot/{project_id}/bridges/{bridge_id}
iotda:bridge:delete
-
POST /v5/iot/{project_id}/bridges/{bridge_id}/reset-secret
iotda:bridge:reset
-
GET /v5/iot/{project_id}/export-tasks
iotda:exporttasks:queryList
-
POST /v5/iot/{project_id}/export-tasks
iotda:exporttasks:create
-
GET /v5/iot/{project_id}/export-tasks/{id}/file
iotda:exporttasks:query
-
GET /v5/iot/{project_id}/harmony-soft-bus
iotda:harmonysoftbus:queryList
-
POST /v5/iot/{project_id}/harmony-soft-bus
iotda:harmonysoftbus:create
-
DELETE /v5/iot/{project_id}/harmony-soft-bus/{id}
iotda:harmonysoftbus:delete
-
POST /v5/iot/{project_id}/harmony-soft-bus/{id}/reset-bus-key
iotda:harmonysoftbus:reset
-
POST /v5/iot/{project_id}/harmony-soft-bus/{id}/sync
iotda:harmonysoftbus:sync
-
GET /v5/iot/{project_id}/iotda-instances/{instance_id}
iotda:instance:query
-
GET /v5/iot/{project_id}/iotda-instances
iotda:instance:queryList
-
POST /v5/iot/{project_id}/iotda-instances
iotda:instance:create
-
PUT /v5/iot/{project_id}/instances/{instance_id}
iotda:instance:update
-
/v5/iot/{project_id}/instances/{instance_id}/restart
iotda:instance:restart
-
GET /v5/iot/{project_id}/iotda-instances/{instance_id}/tasks
iotda:instance:queryTaskList
-
GET /v5/iot/{project_id}/iotda-instances/{instance_id}/tasks/{task_id}
iotda:instance:queryTask
-
GET /v5/iot/{project_id}/iotda-instances/tags
iotda:instance:listTags
-
POST /v5/iot/{project_id}/iotda-instances/{instance_id}/bind-tags
iotda:instance:operateTag
-
POST /v5/iot/{project_id}/iotda-instances/{instance_id}/unbind-tags
iotda:instance:operateTag
-
GET /v5/iot/{project_id}/instances/{instance_id}/outbound-channel
iotda:instance:queryOutBoundChannelList
-
POST /v5/iot/{project_id}/instances/{instance_id}/outbound-channel
iotda:instance:createOutBoundChannel
-
GET /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors
iotda:instance:queryProtocolAdaptorList
-
POST /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors
iotda:instance:createProtocolAdaptor
-
GET /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}
iotda:instance:queryProtocolAdaptor
-
PUT /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}
iotda:instance:updateProtocolAdaptor
-
DELETE /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}
iotda:instance:deleteProtocolAdaptor
-
POST /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}/query-logs
iotda:instance:queryProtocolAdaptorLog
-
GET /v5/iot/{project_id}/protocol-adaptors/images
iotda:protocoladaptorimage:queryList
-
POST /v5/iot/{project_id}/protocol-adaptors/images
iotda:protocoladaptorimage:create
-
PUT /v5/iot/{project_id}/protocol-adaptors/images/{id}
iotda:protocoladaptorimage:update
-
DELETE /v5/iot/{project_id}/protocol-adaptors/images/{id}
iotda:protocoladaptorimage:delete
-
POST /v5/iot/{project_id}/iodbagent/tables/detail-query
iotda:dbtable:query
-
POST /v5/iot/{project_id}/iodbagent/tables/list-query
iotda:dbtable:queryList
-
GET /v5/iot/{project_id}/monitor/device-config
iotda:messagetrace:queryList
-
PUT /v5/iot/{project_id}/monitor/device-config/{device_id}
iotda:messagetrace:update
-
GET /v5/iot/{project_id}/monitor/device-config/{device_id}
iotda:messagetrace:query
-
DELETE /v5/iot/{project_id}/monitor/message-trace-data
iotda:messagetracedata:delete
-
GET /v5/iot/{project_id}/monitor/message-trace-data
iotda:messagetracedata:queryList
-
GET /v5/iot/{project_id}/product-config
iotda:productconfig:queryList
-
POST /v5/iot/{project_id}/product-config
iotda:productconfig:create
-
GET /v5/iot/{project_id}/product-config/{id}
iotda:productconfig:query
-
GET /v5/iot/{project_id}/product-functions
iotda:productfunctions:queryList
-
POST /v5/iot/{project_id}/product-functions
iotda:productfunctions:create
-
DELETE /v5/iot/{project_id}/product-functions/{function_id}
iotda:productfunctions:delete
-
GET /v5/iot/{project_id}/topics
iotda:topics:queryList
-
POST /v5/iot/{project_id}/topics
iotda:topics:create
-
DELETE /v5/iot/{project_id}/topics/{topic_id}
iotda:topics:delete
-
PUT /v5/iot/{project_id}/topics/{topic_id}
iotda:topics:modify
-
DELETE /v5/iot/{project_id}/products/{product_id}/scripts
iotda:scripts:delete
-
POST /v5/iot/{project_id}/products/{product_id}/scripts
iotda:scripts:create
-
POST /v5/iot/{project_id}/products/{product_id}/scripts/action
iotda:scripts:run
-
GET /v5/iot/{project_id}/products/{product_id}/scripts
iotda:scripts:query
-
POST /v5/iot/{project_id}/device-proxies
iotda:device-proxies:create
-
GET /v5/iot/{project_id}/device-proxies
iotda:device-proxies:queryList
-
GET /v5/iot/{project_id}/device-proxies/{proxy_id}
iotda:device-proxies:query
-
PUT /v5/iot/{project_id}/device-proxies/{proxy_id}
iotda:device-proxies:modify
-
DELETE /v5/iot/{project_id}/device-proxies/{proxy_id}
iotda:device-proxies:delete
-
POST /v5/iot/{project_id}/device-policies
iotda:devicepolicy:create
-
GET /v5/iot/{project_id}/device-policies
iotda:devicepolicy:queryList
-
DELETE /v5/iot/{project_id}/device-policies/{policy_id}
iotda:devicepolicy:delete
-
GET /v5/iot/{project_id}/device-policies/{policy_id}
iotda:devicepolicy:query
-
PUT /v5/iot/{project_id}/device-policies/{policy_id}
iotda:devicepolicy:update
-
POST /v5/iot/{project_id}/device-policies/{policy_id}/bind
iotda:devicepolicy:bind
-
POST /v5/iot/{project_id}/device-policies/{policy_id}/unbind
iotda:devicepolicy:unbind
-
GET /v5/iot/{project_id}/device-policies/{policy_id}/targets
iotda:devicepolicy:queryTargets
-
POST /v5/iot/{project_id}/provisioning-templates
iotda:provisioningtemplate:create
-
GET /v5/iot/{project_id}/provisioning-templates
iotda:provisioningtemplate:queryList
-
DELETE /v5/iot/{project_id}/provisioning-templates/{template_id}
iotda:provisioningtemplate:delete
-
PUT /v5/iot/{project_id}/provisioning-templates/{template_id}
iotda:provisioningtemplate:update
-
GET /v5/iot/{project_id}/provisioning-templates/{template_id}
iotda:provisioningtemplate:query
-
POST /v5/iot/{project_id}/device-authentication-templates
iotda:deviceauthenticationtemplate:create
-
GET /v5/iot/{project_id}/device-authentication-templates
iotda:deviceauthenticationtemplate:queryList
-
DELETE /v5/iot/{project_id}/device-authentication-templates/{template_id}
iotda:deviceauthenticationtemplate:delete
-
PUT /v5/iot/{project_id}/device-authentication-templates/{template_id}
iotda:deviceauthenticationtemplate:update
-
GET /v5/iot/{project_id}/device-authentication-templates/{template_id}
iotda:deviceauthenticationtemplate:query
-
POST /v5/iot/{project_id}/device-authentication-templates/{template_id}/debug
iotda:deviceauthenticationtemplate:debug
-
GET /v5/iot/{project_id}/device-certificates
iotda:devicecertificates:queryList
-
GET /v5/iot/{project_id}/device-certificates/{certificate_id}
iotda:devicecertificates:query
-
PUT /v5/iot/{project_id}/device-certificates/{certificate_id}
iotda:devicecertificates:update
-
DELETE /v5/iot/{project_id}/device-certificates/{certificate_id}
iotda:devicecertificates:delete
-
POST /v5/iot/{project_id}/device-certificates/{certificate_id}/list-device
iotda:devicecertificates:queryDeviceList
-
POST /v5/iot/{project_id}/security-profiles
iotda:securityprofile:create
-
GET /v5/iot/{project_id}/security-profiles
iotda:securityprofile:queryList
-
DELETE /v5/iot/{project_id}/security-profiles/{profile_id}
iotda:securityprofile:delete
-
PUT /v5/iot/{project_id}/security-profiles/{profile_id}
iotda:securityprofile:update
-
GET /v5/iot/{project_id}/security-profiles/{profile_id}
iotda:securityprofile:query
-
POST /v5/iot/{project_id}/device-authorizers
iotda:deviceauthorizers:create
-
GET /v5/iot/{project_id}/device-authorizers/{authorizer_id}
iotda:deviceauthorizers:query
-
GET /v5/iot/{project_id}/device-authorizers
iotda:deviceauthorizers:queryList
-
DELETE /v5/iot/{project_id}/device-authorizers/{authorizer_id}
iotda:deviceauthorizers:delete
-
PUT /v5/iot/{project_id}/device-authorizers/{authorizer_id}
iotda:deviceauthorizers:update
-
- “条件键”列包括了可以在身份策略语句的Condition元素中IoTDA支持指定的键值。
资源类型(Resource)
资源类型(Resource)表示身份策略所作用的资源。如表3 IoTDA支持的资源类型中的某些操作指定了可以在该操作指定的资源类型,则必须在具有该操作的身份策略语句中指定该资源的URN,身份策略仅作用于此资源;如未指定,Resource默认为“*”,则身份策略将应用到所有资源。您也可以在身份策略中设置条件,从而指定资源类型。
IoTDA定义了以下可以在身份策略的Resource元素中使用的资源类型。
条件(Condition)
条件(Condition)是身份策略生效的特定条件,包括条件键和运算符。
- 条件键表示身份策略语句的Condition元素中的键值。根据适用范围,分为全局级条件键和服务级条件键。
- 全局级条件键(前缀为g:)适用于所有操作,在鉴权过程中,云服务不需要提供用户身份信息,系统将自动获取并鉴权。详情请参见:全局条件键。
- 服务级条件键(前缀通常为服务缩写,如iotda:)仅适用于对应服务的操作,详情请参见表4。
- 单值/多值表示API调用时请求中与条件关联的值数。单值条件键在API调用时的请求中最多包含一个值,多值条件键在API调用时请求可以包含多个值。例如:g:SourceVpce是单值条件键,表示仅允许通过某个VPC终端节点发起请求访问某资源,一个请求最多包含一个VPC终端节点ID值。g:TagKeys是多值条件键,表示请求中携带的所有标签的key组成的列表,当用户在调用API请求时传入标签可以传入多个值。
- 运算符与条件键、条件值一起构成完整的条件判断语句,当请求信息满足该条件时,身份策略才能生效。支持的运算符请参见:运算符。
IoTDA定义了以下可以在身份策略的Condition元素中使用的条件键,您可以使用这些条件键进一步细化身份策略语句应表4 IoTDA支持的服务级条件键
|
服务级条件键 |
类型 |
单值/多值 |
说明 |
|---|---|---|---|
|
iotda:AllowPublicAccess |
Boolean |
单值 |
根据修改实例时设置的允许公网访问的配置过滤请求。 |
|
iotda:DomainConfiguration |
Boolean |
单值 |
根据修改实例时是否配置接入域名过滤请求。 |
|
iotda:DeviceGroupId |
String |
单值 |
根据创建隧道时设置的设备所属的群组过滤请求。 |
|
iotda:HttpForwardingEnableSSL |
Boolean |
单值 |
根据创建/修改规则动作时设置的Http通道开启TLS协议的配置过滤请求。 |
|
iotda:HttpForwardingEnableAuthentication |
Boolean |
单值 |
根据创建/修改规则动作时设置的Http通道启用Token认证的配置过滤请求。 |
|
iotda:DMSKafkaForwardingEnableAuthentication |
Boolean |
单值 |
根据创建/修改规则动作时设置的DMSKafka通道启用mechanism为SCRAM-SHA-512的配置过滤请求。 |
|
iotda:DMSKafkaForwardingEnableSSL |
Boolean |
单值 |
根据创建/修改规则动作时设置的DMSKafka通道开启TLS协议的配置过滤请求。 |
|
iotda:MysqlForwardingEnableSSL |
Boolean |
单值 |
根据创建/修改规则动作时设置的Mysql协议通道开启TLS协议的配置过滤请求。 |
|
iotda:PostgresqlForwardingEnableSSL |
Boolean |
单值 |
根据创建/修改规则动作时设置的Postgresql协议通道开启TLS协议的配置过滤请求。 |
|
iotda:MRSKafkaForwardingEnableAuthentication |
Boolean |
单值 |
根据创建/修改规则动作时设置的MRSKafka通道启用Kerberos认证的配置过滤请求。 |
|
iotda:DMSRocketMQForwardingEnableSSL |
Boolean |
单值 |
根据创建/修改规则动作时设置的RocketMQ通道开启TLS协议的配置过滤请求。 |
|
iotda:MongoDBForwardingEnableSSL |
Boolean |
单值 |
根据创建/修改规则动作时设置的MongoDB通道开启TLS协议的配置过滤请求。 |
