You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule. This way, you can manage users and assets in a more efficient manner and limit the time periods during which users can access assets.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-bastionhost:CreateRule |
create |
*All Resource
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| InstanceId |
string |
Yes |
The bastion host ID. Note
You can call the DescribeInstances operation to query the bastion host ID. |
bastionhost-cn-5yd2ymfsa0e |
| RegionId |
string |
No |
The region ID of the bastion host. Note
For more information about the mapping between region IDs and region names, see Regions and zones. |
cn-hangzhou |
| RuleName |
string |
Yes |
The name of the authorization rule. The name can be up to 128 characters in length. |
rule |
| Comment |
string |
No |
The remarks of the authorization rule. The remarks can be up to 500 characters in length. |
comment |
| EffectiveStartTime |
integer |
No |
The start time of the validity period of the authorization rule. Specify a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC. |
1669630029 |
| EffectiveEndTime |
integer |
No |
The end time of the validity period of the authorization rule. Specify a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC. |
1672502400 |
| UserIds |
array |
No |
An array that consists of user IDs. |
|
|
string |
No |
The user ID. Note
You can call the ListUsers operation to query the user ID. |
1 |
|
| UserGroupIds |
array |
No |
An array that consists of user group IDs. |
|
|
string |
No |
The user group ID. Note
You can call the ListUserGroups operation to query the user group ID. |
1 |
|
| Hosts |
array<object> |
No |
The host information. |
|
|
object |
No |
The host ID and the host account ID that you want to authorize to manage. |
||
| HostId |
string |
No |
The host ID. |
1 |
| HostAccountIds |
array |
No |
An array that consists of host account IDs. |
|
|
string |
No |
The host account ID. |
1 |
|
| Databases |
array<object> |
No |
The information about the database that runs on your server. |
|
|
object |
No |
The database ID and the database account ID that you want to authorize to manage. |
||
| DatabaseId |
string |
No |
The database ID. |
2 |
| DatabaseAccountIds |
array |
No |
An array that consists of database account IDs. |
|
|
string |
No |
The database account ID. |
4 |
|
| HostGroups |
array<object> |
No |
The information about the asset group that you want to authorize to manage. |
|
|
object |
No |
The asset group that you want to authorize to manage. |
||
| HostGroupId |
string |
No |
The asset group ID. |
3 |
| HostAccountNames |
array |
No |
An array that consists of asset account names. |
|
|
string |
No |
The username of the asset account. |
root |
Hosts array
Host parameters
| Parameter | Type | Description |
| HostId | string | The host ID. |
| HostAccountIds | array[string] | An array that consists of host account IDs. |
HostGroups array
HostGroup parameters
| Parameter | Type | Description |
| HostGroupId | string | The host group ID. |
| HostAccountNames | array[string] | An array that consists of host account usernames. |
AssetGroup parameter
| Parameter | Type | Description |
| AssetGroupId | string | The asset group ID. |
| AssetAccountNames | array[string] | An array that consists of asset account usernames. |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The request ID. |
BFA818E3-0A53-51F4-8DB5-AF2A62A6D042 |
| RuleId |
string |
The authorization rule ID. |
1 |
Examples
Success response
JSON format
{
"RequestId": "BFA818E3-0A53-51F4-8DB5-AF2A62A6D042",
"RuleId": "1"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | InvalidParameter | The argument is invalid. | The argument is invalid. |
| 400 | RuleAlreadyExists | The rule already exists. | The rule already exists. |
| 500 | InternalError | An unknown error occurred. | An unknown error occurred. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.