ListGroupAuthorizationRules

更新时间:
复制 MD 格式

Retrieves the authorization rules for an instance group.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

iotcc:ListGroupAuthorizationRules

list

*CloudConnector

acs:iotcc:{#regionId}:{#accountId}:cloudconnector/{#CloudConnectorId}

None None

Request parameters

Parameter

Type

Required

Description

Example

IoTCloudConnectorGroupId

string

Yes

ID of the IoT Cloud Connector group.

iotccg-g00epppbi9di9y****

AuthorizationRuleIds

array

No

IDs of authorization rules. You can specify up to 20 rule IDs.

string

No

ID of an authorization rule. You can specify up to 20 rule IDs.

gar-ez91t41jvi6tr8****

DestinationType

array

No

Type of destination. You can specify up to 20 destination types. Valid values:

  • Cidr: CIDR block.

  • Domain: Domain name.

string

No

Type of destination. You can specify up to 20 destination types. Valid values:

  • Cidr: CIDR block.

  • Domain: Domain name.

Cidr

Destination

array

No

Destination address. You can specify up to 20 destination addresses.

string

No

Destination address. You can specify up to 20 destination addresses.

47.0.XX.XX

Protocol

array

No

Protocol type. Valid values:

  • tcp.

  • udp.

  • icmp.

  • all: All protocols.

string

No

Protocol type. You can specify up to 20 protocol types. Valid values:

  • tcp.

  • udp.

  • icmp.

  • all: All protocols.

tcp

DestinationPort

array

No

Destination port range. You can specify up to 20 destination ports. Valid values:

  • TCP and UDP: 1 to 65535. Use a forward slash (/) to separate the start and end ports. Example: 1/200.

  • ICMP: -1/-1.

  • ALL: -1/-1.

string

No

Destination port range. You can specify up to 20 destination ports. Valid values:

  • TCP and UDP: 1 to 65535. Use a forward slash (/) to separate the start and end ports. Example: 1/200.

  • ICMP: -1/-1.

  • ALL: -1/-1.

80/80

AuthorizationRuleStatus

array

No

Status of the authorization rule. You can specify up to 20 rule statuses. Valid values:

  • Creating: Creating.

  • Created: Created.

  • Deleting: Deleting.

  • Updating: Updating.

string

No

Status of the authorization rule. You can specify up to 20 rule statuses. Valid values:

  • Creating: Creating.

  • Created: Created.

  • Deleting: Deleting.

  • Updating: Updating.

Created

AuthorizationRuleName

array

No

Name of the authorization rule. You can specify up to 20 rule names.

The name must be 2 to 128 characters in length. It must start with a letter or Chinese character. It can contain letters, digits, periods (.), underscores (_), and hyphens (-).

string

No

Name of the authorization rule. You can specify up to 20 rule names.

The name must be 2 to 128 characters in length. It must start with a letter or Chinese character. It can contain letters, digits, periods (.), underscores (_), and hyphens (-).

ruletest

Policy

array

No

Access policy. You can specify up to 20 policies. Valid values:

  • Permit: Allow.

  • Deny: Deny.

string

No

Access policy. You can specify up to 20 policies. Valid values:

  • Permit: Allow.

  • Deny: Deny.

Permit

NextToken

string

No

Token for the next query. Valid values:

  • Leave this parameter empty for the first query or when no more results are available.

  • If more results are available, set this parameter to the NextToken value returned by the previous API call.

FFmyTO70tTpLG6I3FmYAXGKPd****

MaxResults

integer

No

Maximum number of entries to return per page. Valid values: 1 to 50. Default value: 10.

10

RegionId

string

Yes

ID of the region where the IoT Cloud Connector group resides.

You can call the DescribeRegions operation to query region IDs.

cn-hangzhou

Type

string

No

Type of the authorization rule. Valid values:

  • System: System-defined rule.

  • Customer: Custom rule.

  • Default: Default rule.

System

Response elements

Element

Type

Description

Example

object

Response information.

RequestId

string

ID of the request.

54B48E3D-DF70-471B-AA93-08E683A1B45

TotalCount

integer

Total number of entries.

10

NextToken

string

Token for the next query. Valid values:

  • An empty NextToken indicates no more results.

  • A non-empty NextToken is the token for the next query.

FFmyTO70tTpLG6I3FmYAXGKPd****

MaxResults

integer

Maximum number of entries to return per page.

10

GroupAuthorizationRules

array<object>

List of authorization rules.

object

A list of authorization rules.

IoTCloudConnectorGroupId

string

ID of the IoT Cloud Connector group.

iotccg-g00epppbi9di9y****

Policy

string

Access policy. Valid values:

  • Permit: Allow.

  • Deny: Deny.

Permit

AuthorizationRuleStatus

string

Status of the authorization rule. Valid values:

  • Creating: Creating.

  • Created: Created.

  • Deleting: Deleting.

  • Updating: Updating.

Created

SourceCidrs

array

Source CIDR blocks.

string

Source CIDR block.

192.168.0.0/32

DestinationType

string

Type of destination. Valid values:

  • Cidr: CIDR block.

  • Domain: Domain name.

Cidr

DestinationPort

string

Destination port range. Valid values:

  • TCP and UDP: 1 to 65535. Use a forward slash (/) to separate the start and end ports. Example: 1/200.

  • ICMP: -1/-1.

  • ALL: -1/-1.

80/80

Protocol

string

Protocol type. Valid values:

  • tcp.

  • udp.

  • icmp.

  • all: All protocols.

tcp

Destination

string

Destination address.

47.0.XX.XX

AuthorizationRuleName

string

Name of the authorization rule.

ruletest

AuthorizationRuleDescription

string

Description of the authorization rule.

rule

AuthorizationRuleId

string

ID of the authorization rule.

gar-ez91t41jvi6tr8****

Type

string

Type of the authorization rule. Valid values:

  • System: System-defined rule.

  • Customer: Custom rule.

  • Default: Default rule.

System

Examples

Success response

JSON format

{
  "RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B45",
  "TotalCount": 10,
  "NextToken": "FFmyTO70tTpLG6I3FmYAXGKPd****",
  "MaxResults": 10,
  "GroupAuthorizationRules": [
    {
      "IoTCloudConnectorGroupId": "iotccg-g00epppbi9di9y****",
      "Policy": "Permit",
      "AuthorizationRuleStatus": "Created",
      "SourceCidrs": [
        "192.168.0.0/32"
      ],
      "DestinationType": "Cidr",
      "DestinationPort": "80/80",
      "Protocol": "tcp",
      "Destination": "47.0.XX.XX",
      "AuthorizationRuleName": "ruletest",
      "AuthorizationRuleDescription": "rule",
      "AuthorizationRuleId": "gar-ez91t41jvi6tr8****",
      "Type": "System"
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description

400 Forbidden.RAM Ram user does not have permission to perform this operation. The error message returned because the RAM user does not have the permissions to perform the operation.
400 ResourceNotFound.IoTCloudConnectorGroup The param of IoTCloudConnectorGroupId is illegal.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.