Authentication rules for Mobile Push API calls made by RAM users
To allow a RAM user to log on to the console:
1. Search for "Mobile Cloud" and grant read-only and management permissions as needed. At a minimum, you must grant the read-only permission.
2. Search for "Mobile Push" and grant read-only and management permissions as needed. At a minimum, you must grant the read-only permission.
If you grant the read-only permission, you must also grant permissions for each API operation.
If you grant the management permission, the RAM user can use all features of Mobile Push. This includes permissions for all the OpenAPI operations listed below.
When a RAM user calls the Mobile Push OpenAPI to access app resources in an Alibaba Cloud account, the Mobile Push service checks permissions with Resource Access Management (RAM). This check ensures that the resource owner has granted the necessary permissions to the caller.
Each Mobile Push API determines the required resource permissions based on the resources involved and the API semantics. The following tables list the authentication rule for each API.
About the app
Action | Authentication rule |
|---|---|
mpush:ListSummaryApps | acs:mhub:*:$accountid:app/* |
Pushes
Action | Authentication rule |
|---|---|
mpush:Push | acs:mhub:*:$accountid:app/$AppKey |
mpush:PushMessageToAndroid | acs:mhub:*:$accountid:app/$AppKey |
mpush:PushMessageToiOS | acs:mhub:*:$accountid:app/$AppKey |
mpush:PushNoticeToAndroid | acs:mhub:*:$accountid:app/$AppKey |
mpush:PushNoticeToiOS | acs:mhub:*:$accountid:app/$AppKey |
mpush:CancelPush | acs:mhub:*:$accountid:app/$AppKey |
Device binding
Action | Authentication rule |
|---|---|
mpush:QueryAliases | acs:mhub:*:$accountid:app/$AppKey |
mpush:BindAlias | acs:mhub:*:$accountid:app/$AppKey |
mpush:UnbindAlias | acs:mhub:*:$accountid:app/$AppKey |
mpush:QueryTags | acs:mhub:*:$accountid:app/$AppKey |
mpush:ListTags | acs:mhub:*:$accountid:app/$AppKey |
mpush:BindTag | acs:mhub:*:$accountid:app/$AppKey |
mpush:UnbindTag | acs:mhub:*:$accountid:app/$AppKey |
Queries and statistics
Action | Authentication rule |
|---|---|
mpush:QueryUniqueDeviceStat | acs:mhub:*:$accountid:app/$AppKey |
mpush:QueryPushStatByApp | acs:mhub:*:$accountid:app/$AppKey |
mpush:QueryDeviceStat | acs:mhub:*:$accountid:app/$AppKey |
mpush:ListPushRecords | acs:mhub:*:$accountid:app/$AppKey |
mpush:QueryPushStatByMsg | acs:mhub:*:$accountid:app/$AppKey |
mpush:CheckDevices | acs:mhub:*:$accountid:app/$AppKey |
mpush:QueryDeviceInfo | acs:mhub:*:$accountid:app/$AppKey |