yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
b31d0d5dd6ae811ab874eb3e1a389c78a6615381
doc-exports/docs/iam/api-ref/iam_02_0022.html
weihongmin1 46d24ba358 IAM API 0401 Version 
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
2026-01-14 14:13:49 +00:00

17 KiB
Raw Blame History

Querying the Operation Protection Policy

Function

This API is used to query the operation protection policy.

URI

GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy

Table 1 URI parameters

Parameter

Mandatory

Type

Description

domain_id

Yes

String

Domain ID.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Token with Security Administrator permissions.

Response Parameters

Table 3 Parameters in the response body

Parameter

Type

Description

protect_policy

Object

Operation protection policy.
Table 4 protect_policy

Parameter

Type

Description

allow_user

AllowUserBody object

Attributes that IAM users can modify.

operation_protection

Boolean

Whether operation protection has been enabled. The value can be true or false.

mobile

String

Mobile number used for verification.

admin_check

String

Whether to designate a person for verification. The value on indicates that a specific person is designated for verification, and the value off indicates that the operator is designated for verification.

email

String

Email address used for verification.

scene

String

Verification method. The options are mobile and email.
Table 5 protect_policy.allow_user

Parameter

Type

Description

manage_accesskey

boolean

Whether IAM users are allowed to manage AKs by themselves. The value can be true or false.

manage_email

boolean

Whether IAM users are allowed to change their email addresses. The value can be true or false.

manage_mobile

boolean

Whether IAM users are allowed to change their mobile numbers. The value can be true or false.

manage_password

boolean

Whether IAM users are allowed to change their passwords. The value can be true or false.

Example Request

GET https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy

Example Response

Status code: 200

The request is successful.

{ 
  "protect_policy" : { 
    "allow_user": {      
    "manage_mobile": false,      
    "manage_accesskey": false,      
    "manage_email": false,      
    "manage_password": false    
    },
    "operation_protection" : false, 
    "mobile": "",    
    "admin_check": "off",    
    "email": "",    
    "scene": ""
  } 
}

Status code: 403

Access denied.

  • Example 1
{ 
   "error_msg" : "You are not authorized to perform the requested action.", 
   "error_code" : "IAM.0002" 
 }
  • Example 2
{ 
   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
   "error_code" : "IAM.0003" 
 }

Status code: 404

The requested resource cannot be found.

{ 
  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
  "error_code" : "IAM.0004" 
}

Status code: 500

Internal server error.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code

Description

200

The request is successful.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

500

Internal server error.
Parent topic: Security Settings