Querying All Permissions of a User Group¶
Function¶
This API is provided for the administrator to query all permissions that have been assigned to a user group.
URI¶
GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects
Parameter | Mandatory | Type | Description |
---|---|---|---|
domain_id | Yes | String | Account ID. For details about how to obtain the ID, see Obtaining User, Account, User Group, Project, and Agency Information. |
group_id | Yes | String | User group ID. For details about how to obtain a user group ID, see Obtaining User, Account, User Group, Project, and Agency Information. |
Request Parameters¶
Parameter | Mandatory | Type | Description |
---|---|---|---|
X-Auth-Token | Yes | String | Token with Security Administrator permissions. |
Response Parameters¶
Status code: 200
Parameter | Type | Description |
---|---|---|
object | Resource link information. | |
Array of objects | Permission information. | |
total_number | Integer | Total number of custom policies. This parameter is returned only when domain_id is specified in the request. |
Parameter | Type | Description |
---|---|---|
domain_id | String | ID of the account to which the permission belongs. |
flag | String | If this parameter is set to fine_grained, the permission is a system-defined policy. |
description_cn | String | Description of the permission in Chinese. |
catalog | String | Service catalog of the permission. |
name | String | Permission name. This parameter is carried in the token of a user, allowing the system to determine whether the user has permissions to access a specific cloud service. |
description | String | Description of the permission. |
object | Permission resource link. | |
id | String | Permission ID. |
display_name | String | Display name of the permission. |
type | String | Display mode of the permission. Note
|
object | Content of the permission. | |
updated_time | String | Time when the permission was last updated. Note The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
created_time | String | Time when the permission was created. Note The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601. |
Parameter | Type | Description |
---|---|---|
self | String | Resource link. |
previous | String | Previous resource link. |
next | String | Next resource link. |
Parameter | Type | Description |
---|---|---|
Array of objects | Dependent permissions. | |
Array of objects | Statement of the permission. | |
Version | String | Policy version. Note
|
Parameter | Type | Description |
---|---|---|
catalog | String | Service catalog of the permission. |
display_name | String | Display name of the permission. |
Parameter | Type | Description |
---|---|---|
Action | Array of strings | Specific operation permissions on a resource. A maximum of 100 actions are allowed. For details about supported actions, see "Permissions Policies and Supported Actions" in the API Reference of cloud services. Note
|
Effect | String | Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements. Enumerated values:
|
Condition | Object | Conditions for the permission to take effect. A maximum of 10 conditions are allowed. For details, see "Creating a Custom Policy" in the Identity and Access Management User Guide. Note Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals). "Condition": {
"StringEquals": {
"obs:prefix": [
"public"
]
}
}
|
Resource | Array of strings | Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters. Note
|
Example Request¶
Request for querying all permissions of a user group
GET https://sample.domain.com/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects
Example Response¶
Status code: 200
The request is successful.
{
"roles" : [ {
"domain_id" : null,
"description_cn" : "Description of the permission in Chinese",
"catalog" : "VulnScan",
"name" : "wscn_adm",
"description" : "Vulnerability Scan Service administrator of tasks and reports.",
"links" : {
"next" : null,
"previous" : null,
"self" : "https://sample.domain.com/v3/roles/0af84c1502f447fa9c2fa18083fbb..."
},
"id" : "0af84c1502f447fa9c2fa18083fbb...",
"display_name" : "VSS Administrator",
"type" : "XA",
"policy" : {
"Version" : "1.0",
"Statement" : [ {
"Action" : [ "WebScan:*:*" ],
"Effect" : "Allow"
} ],
"Depends" : [ {
"catalog" : "BASE",
"display_name" : "Server Administrator"
}, {
"catalog" : "BASE",
"display_name" : "Tenant Guest"
} ]
}
}, {
"domain_id" : null,
"flag" : "fine_grained",
"description_cn" : "Description of the permission in Chinese",
"catalog" : "CSE",
"name" : "system_all_34",
"description" : "All permissions of CSE service.",
"links" : {
"next" : null,
"previous" : null,
"self" : "https://sample.domain.com/v3/roles/0b5ea44ebdc64a24a9c372b2317f7..."
},
"id" : "0b5ea44ebdc64a24a9c372b2317f7...",
"display_name" : "CSE Admin",
"type" : "XA",
"policy" : {
"Version" : "1.1",
"Statement" : [ {
"Action" : [ "cse:*:*", "ecs:*:*", "evs:*:*", "vpc:*:*" ],
"Effect" : "Allow"
} ]
}
} ],
"links" : {
"next" : null,
"previous" : null,
"self" : "https://sample.domain.com/v3/roles"
}
}
Status Codes¶
Status Code | Description |
---|---|
200 | The request is successful. |
401 | Authentication failed. |
403 | Access denied. |
Error Codes¶
For details, see Error Codes.