Authorization Policy Language

<p class="shortdesc"></p> <table class="table" id="authorizepolicy__table_oz3_pgk_flb"><caption></caption><colgroup><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="authorizepolicy__table_oz3_pgk_flb__entry__1">Interface Name</th> <th class="entry" id="authorizepolicy__table_oz3_pgk_flb__entry__2">Authentication Rules</th> <th class="entry" id="authorizepolicy__table_oz3_pgk_flb__entry__3">Description</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 " rowspan="2"> <p class="p">AddUserToGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 " rowspan="2"> <p class="p">Add sub-users to group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">AdminResetPassword</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Reset sub-account password</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 " rowspan="2"> <p class="p">AttachPolicyToGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 " rowspan="2"> <p class="p">Attach authorization to group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 " rowspan="2"> <p class="p">AttachPolicyToUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 " rowspan="2"> <p class="p">Attach authorization to user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">BatchUpdatePolicyToGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${groupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Batch authorization to group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">BatchUpdatePolicyToUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Batch authorization to user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">CreateAccessKey</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${UserName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Create access key</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">CreateGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Create group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">CreatePolicy</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Create an authorization policy</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">CreatePolicyVersion</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Create policy version</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">CreateUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Create user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">DeleteAccessKey</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${UserName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Delete access key</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">DeleteGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Delete group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">DeletePolicy</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Delete policy</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">DeletePolicyVersion</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Delete policy version</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">DeleteUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Delete user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 " rowspan="2"> <p class="p">DetachPolicyFromGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 " rowspan="2"> <p class="p">Detach policy from group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 " rowspan="2"> <p class="p">DetachPolicyFromUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 " rowspan="2"> <p class="p">Detach policy from user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ExportAccessKey</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${UserName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Export access key to local</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">GetAccessKey</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${UserName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Get access key</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">GetGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Get group information</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">GetPolicy</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Get policy information</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">GetPolicyVersion</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Get the authorization policy version</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">GetRamSummary</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:ramsummary/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Get RAM Summary</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">GetUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Get user information</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListAccessKey</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${UserName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List access key</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListGroups</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List groups</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListGroupsCanAddForUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List groups that can add for user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListGroupsForUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List groups for user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListPolicies</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List authorization policies</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListPoliciesCanAttachToGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List policies that can attach to group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListPoliciesCanAttachToUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List authorization policies that can attach to user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListPoliciesForGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List authorization policies for group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListPoliciesForUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List authorization policies for user</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListPolicyVersions</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List authorization policy versions</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListUsers</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/*</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List authorization policies for group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListUsersCanAddToGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List sub-users that can add to group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">ListUsersForGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">List sub-users for group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 " rowspan="2"> <p class="p">RemoveUserFromGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 " rowspan="2"> <p class="p">Remove sub-users from group</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">SetDefaultPolicyVersion</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:policy/${PolicyName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Set default policy version</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">UpdateAccessKey</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${UserName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Update access key</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">UpdateGroup</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:group/${GroupName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Update group information</p> </td> </tr> <tr class="row"> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__1 "> <p class="p">UpdateUser</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__2 "> <p class="p">pcs:ram:*:${AccountId}:user/${LoginName}</p> </td> <td class="entry" headers="authorizepolicy__table_oz3_pgk_flb__entry__3 "> <p class="p">Update user information</p> </td> </tr> </tbody></table>
Did the above content solve your problem? Yes No
Please complete information!

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Technical Support

cloud products