Action List¶
Token Management¶
Permission | API | Action |
|---|---|---|
Obtaining an Agency Token | iam:tokens:assume |
Access Key Management¶
Permission | API | Action |
|---|---|---|
Listing Permanent Access Keys | iam:credentials:listCredentials | |
Querying a Permanent Access Key | iam:credentials:getCredential | |
Creating a Permanent Access Key | iam:credentials:createCredential | |
Modifying a Permanent Access Key | iam:credentials:updateCredential | |
Deleting a Permanent Access Key | iam:credentials:deleteCredential |
Virtual MFA Device Management¶
Permission | API | Action |
|---|---|---|
Unbinding a Virtual MFA Device | iam:mfa:unbindMFADevice | |
Binding a Virtual MFA Device | iam:mfa:bindMFADevice | |
Creating a Virtual MFA Device | iam:mfa:createVirtualMFADevice | |
Deleting a Virtual MFA Device | iam:mfa:deleteVirtualMFADevice |
Project Management¶
Permission | API | Action |
|---|---|---|
Creating a Project | iam:projects:createProject | |
Modifying Project Data | iam:projects:updateProject | |
Changing Project Status | iam:projects:updateProject | |
Querying the List of Projects Accessible to Users | iam:projects:listProjectsForUser | |
Deleting a Project | iam:projects:deleteProject | |
Querying the Quotas of a Project | iam:quotas:listQuotasForProject |
Tenant Management¶
Permission | API | Action |
|---|---|---|
Querying Tenant Quotas | iam:quotas:listQuotas |
User Management¶
Permission | API | Action |
|---|---|---|
Listing Users | iam:users:listUsers | |
Querying User Details | iam:users:getUser | |
Querying User Details (Recommended) | iam:users:getUser | |
Querying the User Group Which a User Belongs to | iam:groups:listGroupsForUser | |
Querying Users in a User Group | iam:users:listUsersForGroup | |
Creating a User | iam:users:createUser | |
Changing the Password of a User | iam:users:updateUserPassword | |
Modifying User Information | iam:users:updateUser | |
Deleting a User | iam:users:deleteUser | |
Creating a User (Recommended) | iam:users:createUser | |
Resetting a User's Password | x | iam:users:resetUserPassword |
Configuring Login Protection | x | iam:users:setUserLoginProtect |
Listing Users Who Have Access to a Specified Project | x | iam:users:listUsersForProject |
Deleting a User from a User Group | iam:permissions:removeUserFromGroup | |
Querying MFA Device Information of Users | iam:mfa:listVirtualMFADevices | |
Querying the MFA Device Information of a User | iam:mfa:getVirtualMFADevice | |
Querying Login Protection Configurations of Users | iam:users:listUserLoginProtects | |
Querying the Login Protection Configuration of a User | iam:users:getUserLoginProtect |
User Group Management¶
Permission | API | Action |
|---|---|---|
Querying Users in a User Group | iam:users:listUsersForGroup | |
Listing User Groups | iam:groups:listGroups | |
Querying User Group Details | iam:groups:getGroup | |
Creating a User Group | iam:groups:createGroup | |
Adding a User to a User Group | iam:permissions:addUserToGroup | |
Updating User Group Information | iam:groups:updateGroup | |
Deleting a User Group |
| |
Checking Whether a User Belongs to a Specified User Group | iam:permissions:checkUserInGroup |
Permissions Management¶
Permission | API | Action |
|---|---|---|
Querying a Role List | iam:roles:listRoles | |
Querying Role Details | iam:roles:getRole | |
Querying Permissions of a User Group Under a Domain | iam:permissions:listRolesForGroupOnDomain | |
Querying Permissions of a User Group Corresponding to a Project | iam:permissions:listRolesForGroupOnProject | |
Granting Permissions to a User Group of a Domain | PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} | iam:permissions:grantRoleToGroupOnDomain |
Granting Permissions to a User Group Corresponding to a Project | PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} | iam:permissions:grantRoleToGroupOnProject |
Removing Permissions of a User Group Corresponding to a Project | DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} | iam:permissions:revokeRoleFromGroupOnProject |
Removing Permissions of a User Group of a Domain | DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} | iam:permissions:revokeRoleFromGroupOnDomain |
Querying Whether a User Group Under a Domain Has Specific Permissions | HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} | iam:permissions:checkRoleForGroupOnDomain |
Querying Whether a User Group Corresponding to a Project Has Specific Permissions | HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} | iam:permissions:checkRoleForGroupOnProject |
Granting Permissions to a User Group | PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} | iam:permissions:grantRoleToGroup |
Querying the Permissions Granted to a User for a Specified Project | x | iam:permissions:listRolesForUserOnProject |
Querying All Permissions of a User Group | x | iam:permissions:listRolesForGroup |
Checking Whether a User Group Has Specified Permissions | iam:permissions:checkRoleForGroup | |
Removing Permissions of a User Group | iam:permissions:revokeRoleFromGroup | |
Querying a Resource Quota | GET /v3.0/OS-QUOTA/domains/{domain_id}?type={user, group, idp, agency, policy} | iam:quotas:listQuotas |
Custom Policy Management¶
Permission | API | Action |
|---|---|---|
Listing Custom Policies | iam:roles:listRoles | |
Querying Custom Policy Details | iam:roles:getRole | |
Creating a Custom Policy | iam:roles:createRole | |
Modifying a Custom Policy | iam:roles:updateRole | |
Deleting a Custom Policy | iam:roles:deleteRole |
Agency Management¶
Permission | API | Action |
|---|---|---|
Creating an Agency | iam:agencies:createAgency | |
Listing Agencies | iam:agencies:listAgencies | |
Querying Agency Details | iam:agencies:getAgency | |
Modifying an Agency | iam:agencies:updateAgency | |
Deleting an Agency | iam:agencies:deleteAgency | |
Granting Permissions to an Agency for a Project | PUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} | iam:permissions:grantRoleToAgencyOnProject |
Checking Whether an Agency Has the Specified Permissions on a Project | HEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} | iam:permissions:checkRoleForAgencyOnProject |
Querying Permissions of an Agency for a Project | GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles | iam:permissions:listRolesForAgencyOnProject |
Removing Permissions of an Agency on a Project | DELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id} | iam:permissions:revokeRoleFromAgencyOnProject |
Granting Permissions to an Agency on a Domain | PUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} | iam:permissions:grantRoleToAgencyOnDomain |
Checking Whether an Agency Has the Specified Permissions on a Domain | HEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} | iam:permissions:checkRoleForAgencyOnDomain |
Querying the List of Permissions of an Agency on a Domain | GET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles | iam:permissions:listRolesForAgencyOnDomain |
Removing Permissions of an Agency on a Domain | DELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id} | iam:permissions:revokeRoleFromAgencyOnDomain |
Security Settings¶
Permission | API | Action |
|---|---|---|
Querying the Operation Protection Policy | GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/protect-policy | iam:securitypolicies:getProtectPolicy |
Querying the Password Policy | GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy | iam:securitypolicies:getPasswordPolicy |
Querying the Login Authentication Policy | iam:securitypolicies:getLoginPolicy |
Federated Identity Authentication Management¶
Permission | API | Action |
|---|---|---|
Querying the Identity Provider List | iam:identityProviders:listIdentityProviders | |
Querying an Identity Provider | iam:identityProviders:getIdentityProvider | |
Creating an Identity Provider | iam:identityProviders:createIdentityProvider | |
Updating an Identity Provider | iam:identityProviders:updateIdentityProvider | |
Deleting an Identity Provider | iam:identityProviders:deleteIdentityProvider | |
Creating an OpenID Connect Identity Provider | POST /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config | iam:identityProviders:createOpenIDConnectConfig |
Modifying an OpenID Connect Identity Provider | PUT /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config | iam:identityProviders:updateOpenIDConnectConfig |
Querying an OpenID Connect Identity Provider | GET /v3.0/OS-FEDERATION/identity-providers/{idp_id}/openid-connect-config | iam:identityProviders:getOpenIDConnectConfig |
Querying the Mapping List | iam:identityProviders:listMappings | |
Querying Mapping Details | iam:identityProviders:getMapping | |
Creating a Mapping | iam:identityProviders:createMapping | |
Updating a Mapping | iam:identityProviders:updateMapping | |
Deleting a Mapping | iam:identityProviders:deleteMapping | |
Querying the Protocol List | iam:identityProviders:listProtocols | |
Querying a Protocol | GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} | iam:identityProviders:getProtocol |
Registering a Protocol | PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} | iam:identityProviders:createProtocol |
Updating a Protocol | PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} | iam:identityProviders:updateProtocol |
Deleting a Protocol | DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} | iam:identityProviders:deleteProtocol |
Querying a Metadata File | GET /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata | iam:identityProviders:getIDPMetadata |
Importing a Metadata File | POST /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata | iam:identityProviders:createIDPMetadata |