All Products
Search
Document Center

Bastionhost:GetPolicy

Last Updated:Nov 27, 2024

Queries the detailed information about a control policy.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-bastionhost:GetPolicy
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
InstanceIdstringYes

The ID of the bastion host to which the control policy to query belongs.

Note You can call the DescribeInstances operation to query the ID of the bastion host.
bastionhost-cn-zvp2d3syb0g
RegionIdstringNo

The region ID of the bastion host to which the control policy to query belongs.

Note For more information about the mapping between region IDs and region names, see Regions and zones.
cn-hangzhou
PolicyIdstringYes

The ID of the control policy that you want to query.

Note You can call the ListPolicies operation to query the control policy ID.
3

Response parameters

ParameterTypeDescriptionExample
object
Policyobject

The details of the control policy.

AccessTimeRangeConfigobject

The details of the logon period restrictions.

EffectiveTimearray<object>

The details of the periods during which logons are allowed.

itemobject
Daysarray

The days of a week on which logons are allowed.

itemstring

The day of the week during which logons are allowed. Valid values:

  • 1: Monday.
  • 2: Tuesday.
  • 3: Wednesday.
  • 4: Thursday.
  • 5: Friday.
  • 6: Saturday.
  • 7: Sunday.
[2]
Hoursarray

The time periods during which logons are allowed.

itemstring

The periods of the day during which logons are allowed. Valid values:

  • 0: 00:00 to 01:00.
  • 1: 01:00 to 02:00.
  • 2: 02:00 to 03:00.
  • 3: 03:00 to 04:00.
  • 4: 04:00 to 05:00.
  • 5: 05:00 to 06:00.
  • 6: 06:00 to 07:00.
  • 7: 07:00 to 08:00.
  • 8: 08:00 to 09:00.
  • 9: 09:00 to 10:00.
  • 10: 10:00 to 11:00.
  • 11: 11:00 to 12:00.
  • 12: 12:00 to 13:00.
  • 13: 13:00 to 14:00.
  • 14: 14:00 to 15:00.
  • 15: 15:00 to 16:00.
  • 16: 16:00 to 17:00.
  • 17: 17:00 to 18:00.
  • 18: 18:00 to 19:00.
  • 19: 19:00 to 20:00.
  • 20: 20:00 to 21:00.
  • 21: 21:00 to 22:00.
  • 22: 22:00 to 23:00.
  • 23: 23:00 to 24:00.
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23]
CommandConfigobject

The details of the command policy.

Approvalobject

The details of the command approval settings.

Commandsarray

An array of commands that can be run only after approval.

itemstring

The command that can be run only after approval.

ls
Denyobject

The details of the command control setting.

AclTypestring

The type of command control. Valid values:

  • white: whitelist mode.
  • black: blacklist mode.
black
Commandsarray

An array of controlled commands.

itemstring

The controlled command.

ls
Commentstring

The description of the control policy.

comment
IPAclConfigobject

The access control settings on source IP addresses.

AclTypestring

The mode of access control on source IP addresses. Valid values:

  • white: whitelist mode.
  • black: blacklist mode.
black
IPsarray

The IP addresses from which logons are not allowed.

itemstring

The controlled IP addresses.

[10.10.**.**]
PolicyNamestring

The name of the control policy.

test
PolicyIdstring

The ID of the control policy.

3
Prioritylong

The priority of the control policy. A smaller value indicates a higher priority.

1
ProtocolConfigobject

The details of protocol control.

RDPobject

The configuration details of Remote Desktop Protocol (RDP) options.

ClipboardDownloadstring

Indicates whether downloading from the clipboard is enabled. Valid values:

  • Enable
  • Disable
Enable
ClipboardUploadstring

Indicates whether file uploading from the clipboard is enabled. Valid values:

  • Enable
  • Disable
Enable
DiskRedirectionstring

Indicates whether driver mapping is enabled. Valid values:

  • Enable
  • Disable
Enable
RecordKeyboardstring

Indicates whether keyboard recording is enabled. Valid values:

  • Enable
  • Disable
Enable
SSHobject

The configuration details of SSH and SSH File Transfer Protocol (SFTP) options.

ExecCommandstring

Indicates whether remote command execution is enabled. Valid values:

  • Enable
  • Disable
Enable
SFTPChannelstring

Indicates whether the SFTP channel option is enabled. Valid values:

  • Enable
  • Disable
Enable
SFTPDownloadFilestring

Indicates whether file downloading is enabled in SFTP-based O&M. Valid values:

  • Enable
  • Disable
Enable
SFTPMkdirstring

Indicates whether folder creation is enabled in SFTP-based O&M. Valid values:

  • Enable
  • Disable
Enable
SFTPRemoveFilestring

Indicates whether file deletion is enabled in SFTP-based O&M. Valid values:

  • Enable
  • Disable
Enable
SFTPRenameFilestring

Indicates whether file renaming is enabled in SFTP-based O&M. Valid values:

  • Enable
  • Disable
Enable
SFTPRmdirstring

Indicates whether folder deletion is enabled in SFTP-based O&M. Valid values:

  • Enable
  • Disable
Enable
SFTPUploadFilestring

Indicates whether file uploading is enabled in SFTP-based O&M. Valid values:

  • Enable
  • Disable
Enable
SSHChannelstring

Indicates whether the SSH channel option is enabled. Valid values:

  • Enable
  • Disable
Enable
X11Forwardingstring

Indicates whether X11 forwarding is enabled. Valid values:

  • Enable
  • Disable
Enable
ApprovalConfigobject

The O&M approval setting.

SwitchStatusstring

Indicates whether O&M approval is enabled in the control policy. Valid values:

  • On: O&M approval is enabled.
  • Off: O&M approval is disabled.
Off
RequestIdstring

The request ID.

0D29F2C0-8B4B-5861-9474-F3F23D25594B

Examples

Sample success responses

JSONformat

{
  "Policy": {
    "AccessTimeRangeConfig": {
      "EffectiveTime": [
        {
          "Days": [
            "[2]"
          ],
          "Hours": [
            "[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23]"
          ]
        }
      ]
    },
    "CommandConfig": {
      "Approval": {
        "Commands": [
          "ls"
        ]
      },
      "Deny": {
        "AclType": "black",
        "Commands": [
          "ls"
        ]
      }
    },
    "Comment": "comment",
    "IPAclConfig": {
      "AclType": "black",
      "IPs": [
        "[10.10.**.**]"
      ]
    },
    "PolicyName": "test",
    "PolicyId": "3",
    "Priority": 1,
    "ProtocolConfig": {
      "RDP": {
        "ClipboardDownload": "Enable",
        "ClipboardUpload": "Enable",
        "DiskRedirection": "Enable",
        "RecordKeyboard": "Enable"
      },
      "SSH": {
        "ExecCommand": "Enable",
        "SFTPChannel": "Enable",
        "SFTPDownloadFile": "Enable",
        "SFTPMkdir": "Enable",
        "SFTPRemoveFile": "Enable",
        "SFTPRenameFile": "Enable",
        "SFTPRmdir": "Enable",
        "SFTPUploadFile": "Enable",
        "SSHChannel": "Enable",
        "X11Forwarding": "Enable"
      }
    },
    "ApprovalConfig": {
      "SwitchStatus": "Off"
    }
  },
  "RequestId": "0D29F2C0-8B4B-5861-9474-F3F23D25594B"
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidParameterThe argument is invalid.The argument is invalid.
404PolicyNotFoundThe policy is not found.The policy is not found.
500InternalErrorAn unknown error occurred.An unknown error occurred.

For a list of error codes, visit the Service error codes.