Modifying a Custom Policy for Cloud Services¶
Function¶
This API is provided for the administrator to modify a custom policy for cloud services.
The API can be called using both the global endpoint and region-specific endpoints.
URI¶
PATCH /v3.0/OS-ROLE/roles/{role_id}
Parameter | Mandatory | Type | Description |
|---|---|---|---|
role_id | Yes | String | Custom policy ID. For details about how to obtain a custom policy ID, see Custom Policy ID. |
Request Parameters¶
Parameter | Mandatory | Type | Description |
|---|---|---|---|
Content-Type | Yes | String | Fill application/json;charset=utf8 in this field. |
X-Auth-Token | Yes | String | Token with Security Administrator permissions. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
Yes | Object | Custom policy information. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
display_name | Yes | String | Display name of the custom policy. |
type | Yes | String | Display mode. Note
|
description | Yes | String | Description of the custom policy. |
description_cn | No | String | Description of the custom policy. |
Yes | Object | Content of custom policy. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
Version | Yes | String | Policy version. When creating a custom policy, set this parameter to 1.1. Note
|
Yes | Array of objects | Statement of the policy. A policy can contain a maximum of eight statements. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
Action | Yes | Array of strings | Specific operation permission on a resource. A maximum of 100 actions are allowed. Note
|
Effect | Yes | String | Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
No | Object | Conditions for the permission to take effect. A maximum of 10 conditions are allowed. | |
Resource | No | Array of strings | Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters. Note
|
Parameter | Mandatory | Type | Description |
|---|---|---|---|
No | Object | Operator, for example, Bool and StringEquals.
|
Parameter | Mandatory | Type | Description |
|---|---|---|---|
<attribute> | No | Array of strings | Condition key. The condition key must correspond to the specified operator. A maximum of 10 condition keys are allowed.
|
Response Parameters¶
Parameter | Type | Description |
|---|---|---|
Object | Custom policy information. |
Parameter | Type | Description |
|---|---|---|
catalog | String | Service catalog. |
display_name | String | Display name of the custom policy. |
description | String | Description of the custom policy. |
Object | Resource link of the custom policy. | |
Object | Content of custom policy. | |
description_cn | String | Description of the custom policy. |
domain_id | String | Domain ID. |
type | String | Display mode. Note
|
id | String | Policy ID. |
name | String | Name of the custom policy. |
updated_time | String | Time when the custom policy was last updated. |
created_time | String | Time when the custom policy was created. |
references | String | Number of references. |
Parameter | Type | Description |
|---|---|---|
self | String | Resource link. |
Parameter | Type | Description |
|---|---|---|
Version | String | Policy version. Note
|
Array of objects | Statement of the policy. A policy can contain a maximum of eight statements. |
Parameter | Type | Description |
|---|---|---|
Action | Array of strings | Specific operation permission on a resource. A maximum of 100 actions are allowed. Note
|
Effect | String | Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Options:
|
Object | Conditions for the permission to take effect. A maximum of 10 conditions are allowed. | |
Resource | Array of strings | Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters. Note
|
Parameter | Type | Description |
|---|---|---|
Object | Operator, for example, Bool and StringEquals.
|
Parameter | Type | Description |
|---|---|---|
attribute | Array of strings | Condition key. The condition key must correspond to the specified operator. A maximum of 10 condition keys are allowed.
|
Example Request¶
PATCH https:///v3.0/OS-ROLE/roles/{role_id}
{
"role": {
"display_name": "IAMCloudServicePolicy",
"type": "AX",
"description": "IAMDescription",
"description_cn": "Policy description",
"policy": {
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"obs:bucket:GetBucketAcl"
],
"Condition": {
"StringStartWith": {
"g:ProjectName": [
""
]
}
},
"Resource": [
"obs:*:*:bucket:*"
]
}
]
}
}
}
Example Response¶
Status code: 200
The request is successful.
{
"role": {
"catalog": "CUSTOMED",
"display_name": "IAMCloudServicePolicy",
"description": "IAMDescription",
"links": {
"self": "https:///v3/roles/93879fd90f1046f69e6e0b31c94d2615"
},
"policy": {
"Version": "1.1",
"Statement": [
{
"Action": [
"obs:bucket:GetBucketAcl"
],
"Resource": [
"obs:*:*:bucket:*"
],
"Effect": "Allow",
"Condition": {
"StringStartWith": {
"g:ProjectName": [
""
]
}
}
}
]
},
"description_cn": "Policy description",
"domain_id": "d78cbac186b744899480f25bd0...",
"type": "AX",
"id": "93879fd90f1046f69e6e0b31c94d2615",
"name": "custom_d78cbac186b744899480f25bd022f468_1"
}
}
Status Codes¶
Status Code | Description |
|---|---|
200 | The request is successful. |
400 | The server failed to process the request. |
401 | Authentication failed. |
403 | Access denied. |
404 | The requested resource cannot be found. |
500 | Internal server error. |
Error Codes¶
None