weihongmin1
46d24ba358
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com> Co-authored-by: weihongmin1 <weihongmin1@huawei.com> Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
92 KiB
Action List
Token Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Obtaining an Agency Token |
iam:tokens:assume |
- |
Access Key Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Listing Permanent Access Keys |
iam:credentials:listCredentials |
- |
|
Querying a Permanent Access Key |
iam:credentials:getCredential |
- |
|
Creating a Permanent Access Key |
iam:credentials:createCredential |
- |
|
Modifying a Permanent Access Key |
iam:credentials:updateCredential |
- |
|
Deleting a Permanent Access Key |
iam:credentials:deleteCredential |
- |
Virtual MFA Device Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Unbinding a Virtual MFA Device |
iam:mfa:unbindMFADevice |
- |
|
Binding a Virtual MFA Device |
iam:mfa:bindMFADevice |
- |
|
Creating a Virtual MFA Device |
iam:mfa:createVirtualMFADevice |
- |
|
Deleting a Virtual MFA Device |
iam:mfa:deleteVirtualMFADevice |
- |
Project Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Creating a Project |
iam:projects:createProject |
- |
|
Modifying Project Data |
iam:projects:updateProject |
- |
|
Setting the Status of a Specified Project |
iam:projects:updateProject |
- |
|
Querying the List of Projects Accessible to Users |
iam:projects:listProjectsForUser |
- |
|
Deleting a Project |
iam:projects:deleteProject |
- |
|
Querying the Quotas of a Project |
iam:quotas:listQuotasForProject |
- |
Tenant Management
Permission |
API |
Action |
IAM Project (Project) |
|---|---|---|---|
Querying Tenant Quotas |
iam:quotas:listQuotas |
- |
User Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Listing Users |
iam:users:listUsers |
- |
|
Querying User Details |
iam:users:getUser |
- |
|
Querying User Details (Recommended) |
iam:users:getUser |
- |
|
Querying the User Group Which a User Belongs to |
iam:groups:listGroupsForUser |
- |
|
Querying Users in a User Group |
iam:users:listUsersForGroup |
- |
|
Creating a User |
iam:users:createUser |
- |
|
Changing the Password of a User |
iam:users:updateUserPassword |
- |
|
Modifying User Information |
iam:users:updateUser |
- |
|
Deleting a User |
iam:users:deleteUser |
- |
|
Creating a User (Recommended) |
iam:users:createUser |
- |
|
Resetting a User's Password |
× |
iam:users:resetUserPassword |
- |
Configuring Login Protection |
× |
iam:users:setUserLoginProtect |
- |
Listing Users Who Have Access to a Specified Project |
× |
iam:users:listUsersForProject |
- |
Deleting a User from a User Group |
iam:permissions:removeUserFromGroup |
- |
|
Querying MFA Device Information of Users |
iam:mfa:listVirtualMFADevices |
- |
|
Querying the MFA Device Information of a User |
iam:mfa:getVirtualMFADevice |
- |
|
Querying Login Protection Configurations of Users |
iam:users:listUserLoginProtects |
- |
|
Querying the Login Protection Configuration of a User |
iam:users:getUserLoginProtect |
- |
User Group Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Querying Users in a User Group |
iam:users:listUsersForGroup |
- |
|
Listing User Groups |
iam:groups:listGroups |
- |
|
Querying User Group Details |
iam:groups:getGroup |
- |
|
Creating a User Group |
iam:groups:createGroup |
- |
|
Adding a User to a User Group |
iam:permissions:addUserToGroup |
- |
|
Updating a User Group |
iam:groups:updateGroup |
- |
|
Deleting a User Group |
|
- |
|
Checking Whether a User Belongs to a Specified User Group |
iam:permissions:checkUserInGroup |
- |
Permissions Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Querying a Role List |
iam:roles:listRoles |
- |
|
Querying Role Details |
iam:roles:getRole |
- |
|
Querying Permissions of a User Group Under a Domain |
iam:permissions:listRolesForGroupOnDomain |
- |
|
Querying Permissions of a User Group Corresponding to a Project |
iam:permissions:listRolesForGroupOnProject |
- |
|
Granting Permissions to a User Group of a Domain |
PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroupOnDomain |
- |
Granting Permissions to a User Group Corresponding to a Project |
PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroupOnProject |
- |
Removing Permissions of a User Group Corresponding to a Project |
DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:revokeRoleFromGroupOnProject |
- |
Removing Permissions of a User Group of a Domain |
DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:revokeRoleFromGroupOnDomain |
- |
Querying Whether a User Group Under a Domain Has Specific Permissions |
HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:checkRoleForGroupOnDomain |
- |
Querying Whether a User Group Corresponding to a Project Has Specific Permissions |
HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:checkRoleForGroupOnProject |
- |
Granting Permissions to a User Group |
PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} |
iam:permissions:grantRoleToGroup |
- |
Querying the Permissions Granted to a User for a Specified Project |
× |
iam:permissions:listRolesForUserOnProject |
- |
Querying All Permissions of a User Group |
× |
iam:permissions:listRolesForGroup |
- |
Checking Whether a User Group Has Specified Permissions |
iam:permissions:checkRoleForGroup |
- |
|
Removing Permissions of a User Group |
iam:permissions:revokeRoleFromGroup |
- |
|
Querying a Resource Quota |
GET /v3.0/OS-QUOTA/domains/{domain_id}?type={user, group, idp, agency, policy} |
iam:quotas:listQuotas |
- |
Custom Policy Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Listing Custom Policies |
iam:roles:listRoles |
- |
|
Querying Custom Policy Details |
iam:roles:getRole |
- |
|
Creating a Custom Policy |
iam:roles:createRole |
- |
|
Modifying a Custom Policy |
iam:roles:updateRole |
- |
|
Deleting a Custom Policy |
iam:roles:deleteRole |
- |
Agency Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Creating an Agency |
iam:agencies:createAgency |
- |
|
Listing Agencies |
iam:agencies:listAgencies |
- |
|
Obtaining Details of a Specified Agency |
iam:agencies:getAgency |
- |
|
Modifying an Agency |
iam:agencies:updateAgency |
- |
|
Deleting an Agency |
iam:agencies:deleteAgency |
- |
|
Granting Permissions to an Agency for a Project |
PUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:grantRoleToAgencyOnProject |
- |
Checking Whether an Agency Has the Specified Permissions on a Project |
HEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:checkRoleForAgencyOnProject |
- |
Querying the List of Permissions of an Agency on a Project |
GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles |
iam:permissions:listRolesForAgencyOnProject |
- |
Removing Permissions of an Agency on a Project |
DELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:revokeRoleFromAgencyOnProject |
- |
Granting Permissions to an Agency on a Domain |
PUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:grantRoleToAgencyOnDomain |
- |
Checking Whether an Agency Has the Specified Permissions on a Domain |
HEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:checkRoleForAgencyOnDomain |
- |
Querying the List of Permissions of an Agency on a Domain |
GET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles |
iam:permissions:listRolesForAgencyOnDomain |
- |
Removing Permissions of an Agency on a Domain |
DELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} |
iam:permissions:revokeRoleFromAgencyOnDomain |
- |
Querying All Permissions of an Agency |
GET /v3.0/OS-INHERIT/domains/{domain_id}/agencies/{agency_id}/roles/inherited_to_projects |
iam:permissions:listRolesForAgency |
- |
Granting Specified Permissions to an Agency for All Projects |
PUT /v3.0/OS-INHERIT/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}/inherited_to_projects |
iam:permissions:grantRoleToAgency |
- |
Checking Whether an Agency Has Specified Permissions |
HEAD /v3.0/OS-INHERIT/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}/inherited_to_projects |
iam:permissions:checkRoleForAgency |
- |
Removing Specified Permissions of an Agency in All Projects |
iam:permissions:revokeRoleFromAgency |
- |
Security Settings
Permission |
API |
Action |
IAM Project (Project) |
|---|---|---|---|
Querying the Operation Protection Policy |
GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy |
iam:securitypolicies:getProtectPolicy |
- |
Querying the Password Policy |
GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy |
iam:securitypolicies:getPasswordPolicy |
- |
Querying the Login Authentication Policy |
iam:securitypolicies:getLoginPolicy |
- |
Federated Identity Authentication Management
Permission |
API |
Action |
IAM Project |
|---|---|---|---|
Querying the Identity Provider List |
iam:identityProviders:listIdentityProviders |
- |
|
Querying an Identity Provider |
iam:identityProviders:getIdentityProvider |
- |
|
Creating an Identity Provider |
iam:identityProviders:createIdentityProvider |
- |
|
Updating an Identity Provider |
iam:identityProviders:updateIdentityProvider |
- |
|
Deleting an Identity Provider |
iam:identityProviders:deleteIdentityProvider |
- |
|
Creating an OpenID Connect Identity Provider |
POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:createOpenIDConnectConfig |
- |
Modifying an OpenID Connect Identity Provider |
PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:updateOpenIDConnectConfig |
- |
Querying an OpenID Connect Identity Provider |
GET /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config |
iam:identityProviders:getOpenIDConnectConfig |
- |
Querying the Mapping List |
iam:identityProviders:listMappings |
- |
|
Querying Mapping Details |
iam:identityProviders:getMapping |
- |
|
Creating a Mapping |
iam:identityProviders:createMapping |
- |
|
Updating a Mapping |
iam:identityProviders:updateMapping |
- |
|
Deleting a Mapping |
iam:identityProviders:deleteMapping |
- |
|
Querying the Protocol List |
iam:identityProviders:listProtocols |
- |
|
Querying a Protocol |
GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:getProtocol |
- |
Registering a Protocol |
PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:createProtocol |
- |
Updating a Protocol |
PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:updateProtocol |
- |
Deleting a Protocol |
DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} |
iam:identityProviders:deleteProtocol |
- |
Querying a Metadata File |
GET /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata |
iam:identityProviders:getIDPMetadata |
- |
Importing a Metadata File |
POST /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata |
iam:identityProviders:createIDPMetadata |
- |