You can create a custom policy for IoT Platform and attach the policy to a RAM user. This policy grants the RAM user the permissions to call a specified IoT Platform API operation.
For information about how to grant permissions to a RAM user, see Custom permissions.
The following table describes the valid values of the Action element that you must configure when you create a custom Resource Access Management (RAM) policy for IoT Platform.
The following table describes specific API operations that you can specify in RAM policies. The API operations must be specified in the iot:${API operation name} format. ${API operation name} specifies the name of an API operation that you want to specify. For information about the API operations provided by IoT Platform, see List of operations by function.
Operation | Action in a RAM policy | Resource in the RAM policy | Description |
CreateProduct | iot:CreateProduct | * | Creates a product. |
UpdateProduct | iot:UpdateProduct | * | Modifies the details of a product. |
QueryProduct | iot:QueryProduct | * | Queries the details of a product. |
QueryProductList | iot:QueryProductList | * | Queries products. |
DeleteProduct | iot:DeleteProduct | * | Deletes a product. |
CreateProductTags | iot:CreateProductTags | * | Creates product tags. |
UpdateProductTags | iot:UpdateProductTags | * | Modifies the tags of a product. |
DeleteProductTags | iot:DeleteProductTags | * | Deletes product tags. |
ListProductTags | iot:ListProductTags | * | Queries product tags. |
ListProductByTags | iot:ListProductByTags | * | Queries products by tag. |
RegisterDevice | iot:RegisterDevice | * | Registers a device. |
QueryDevice | iot:QueryDevice | * | Queries the devices of a specified product. |
DeleteDevice | iot:DeleteDevice | * | Deletes a device. |
QueryPageByApplyId | iot:QueryPageByApplyId | * | Queries the details of multiple devices that are registered at the same time. |
BatchGetDeviceState | iot:BatchGetDeviceState | * | Queries the statuses of multiple devices. |
BatchRegisterDeviceWithApplyId | iot:BatchRegisterDeviceWithApplyId | * | Creates multiple devices by application ID. |
BatchRegisterDevice | iot:BatchRegisterDevice | * | Registers multiple devices. Device names are randomly generated. |
QueryBatchRegisterDeviceStatus | iot:QueryBatchRegisterDeviceStatus | * | Queries the statuses of multiple devices that are registered at the same time. |
BatchCheckDeviceNames | iot:BatchCheckDeviceNames | * | Specifies custom names for multiple devices at a time. |
QueryDeviceStatistics | iot:QueryDeviceStatistics | * | Queries device statistics. |
QueryDeviceEventData | iot:QueryDeviceEventData | * | Queries the historical events of a device. |
QueryDeviceServiceData | iot:QueryDeviceServiceData | * | Queries the service records of a device. |
SetDeviceProperty | iot:SetDeviceProperty | * | Configures properties for a device. |
SetDevicesProperty | iot:SetDevicesProperty | * | Configures properties for multiple devices. |
InvokeThingService | iot:InvokeThingService | * | Calls a service on a device. |
InvokeThingsService | iot:InvokeThingsService | * | Calls a service on multiple devices. |
QueryDevicePropertyStatus | iot:QueryDevicePropertyStatus | * | Queries the property snapshot of a device. |
QueryDeviceDetail | iot:QueryDeviceDetail | * | Queries the details of a device. |
DisableThing | iot:DisableThing | * | Disables a device. |
EnableThing | iot:EnableThing | * | Enables a device. |
ResetThing | iot:ResetThing | * | Resets a device. |
GetThingTopo | iot:GetThingTopo | * | Queries the topological relationships of a device. |
RemoveThingTopo | iot:RemoveThingTopo | * | Removes the topological relationships of a device. |
NotifyAddThingTopo | iot:NotifyAddThingTopo | * | Adds a topological relationship to IoT Platform. |
QueryDevicePropertyData | iot:QueryDevicePropertyData | * | Queries the historical properties of a device. |
QueryDevicePropertiesData | iot:QueryDevicePropertiesData | * | Queries the property data of a device. |
GetGatewayBySubDevice | iot:GetGatewayBySubDevice | * | Queries the information about a gateway device based on sub-device information. |
SaveDeviceProp | iot:SaveDeviceProp | * | Specifies tags for a device. |
QueryDeviceProp | iot:QueryDeviceProp | * | Queries the tags of a device. |
DeleteDeviceProp | iot:DeleteDeviceProp | * | Deletes the tags of a device. |
QueryDeviceByTags | iot:QueryDeviceByTags | * | Queries devices by tag. |
CreateDeviceGroup | iot:CreateDeviceGroup | * | Creates a device group. |
UpdateDeviceGroup | iot:UpdateDeviceGroup | * | Modifies the details of a device group. |
DeleteDeviceGroup | iot:DeleteDeviceGroup | * | Deletes a device group. |
BatchAddDeviceGroupRelations | iot:BatchAddDeviceGroupRelations | * | Adds devices to a device group. |
BatchDeleteDeviceGroupRelations | iot:BatchDeleteDeviceGroupRelations | * | Removes a device from a device group. |
QueryDeviceGroupInfo | iot:QueryDeviceGroupInfo | * | Queries the details of a device group. |
QueryDeviceGroupList | iot:QueryDeviceGroupList | * | Queries device groups. |
SetDeviceGroupTags | iot:SetDeviceGroupTags | * | Creates tags for a device group or updates the tags of a device group. |
QueryDeviceGroupTagList | iot:QueryDeviceGroupTagList | * | Queries the tags of a device group. |
QueryDeviceGroupByDevice | iot:QueryDeviceGroupByDevice | * | Queries the device groups to which a device belongs. |
QueryDeviceListByDeviceGroup | iot:QueryDeviceListByDeviceGroup | * | Queries devices in a device group. |
QuerySuperDeviceGroup | iot:QuerySuperDeviceGroup | * | Queries the details of a parent device group by sub-group ID. |
QueryDeviceGroupByTags | iot:QueryDeviceGroupByTags | * | Queries device groups by tag. |
StartRule | iot:StartRule | * | Enables a rule. |
StopRule | iot:StopRule | * | Disables a rule. |
ListRule | iot:ListRule | * | Queries rules. |
GetRule | iot:GetRule | * | Queries the details of a rule. |
CreateRule | iot:CreateRule | * | Creates a rule. |
UpdateRule | iot:UpdateRule | * | Modifies a rule. |
DeleteRule | iot:DeleteRule | * | Deletes a rule. |
CreateRuleAction | iot:CreateRuleAction | * | Creates a data forwarding method for a rule. |
UpdateRuleAction | iot:UpdateRuleAction | * | Modifies the data forwarding method of a rule. |
DeleteRuleAction | iot:DeleteRuleAction | * | Deletes a data forwarding method from a rule. |
GetRuleAction | iot:GetRuleAction | * | Queries the details of a data forwarding method. |
ListRuleActions | iot:ListRuleActions | * | Queries the data forwarding methods of a rule. |
Pub | iot:Pub | * | Publishes messages. |
PubBroadcast | iot:PubBroadcast | * | Publishes a message to all devices that subscribe to a topic. |
RRpc | iot:RRpc | * | Sends a request to a device and obtains a response from the device. |
CreateProductTopic | iot:CreateProductTopic | * | Creates a topic category for a product. |
DeleteProductTopic | iot:DeleteProductTopic | * | Deletes a topic category. |
QueryProductTopic | iot:QueryProductTopic | * | Queries the topic categories of a product. |
UpdateProductTopic | iot:UpdateProductTopic | * | Modifies a topic category. |
CreateTopicRouteTable | iot:CreateTopicRouteTable | * | Creates routing relationships between topics. |
DeleteTopicRouteTable | iot:DeleteTopicRouteTable | * | Deletes a routing relationship. |
QueryTopicReverseRouteTable | iot:QueryTopicReverseRouteTable | * | Queries the source topics of a destination topic. |
QueryTopicRouteTable | iot:QueryTopicRouteTable | * | Queries the destination topics of a source topic. |
GetDeviceShadow | iot:GetDeviceShadow | * | Queries the details of a device shadow. |
UpdateDeviceShadow | iot:UpdateDeviceShadow | * | Modifies a device shadow. |
SetDeviceDesiredProperty | iot:SetDeviceDesiredProperty | * | Specifies desired property values for a device. |
QueryDeviceDesiredProperty | iot:QueryDeviceDesiredProperty | * | Queries the property values of a device. |
BatchUpdateDeviceNickname | iot:BatchUpdateDeviceNickname | * | Modifies the aliases of multiple devices. |
QueryDeviceFileList | iot:QueryDeviceFileList | * | Queries the details of all files that are uploaded to IoT Platform from a device. |
QueryDeviceFile | iot:QueryDeviceFile | * | Queries the details of a file that is uploaded to IoT Platform from a device. |
DeleteDeviceFile | iot:DeleteDeviceFile | * | Deletes a file that is uploaded to IoT Platform from a device. |
QueryDeviceCert | iot:QueryDeviceCert | * | Queries the X.509 certificate of a device. |
QueryCertUrlByApplyId | iot:QueryCertUrlByApplyId | * | Queries the URL from which you can download the X.509 certificates of registered devices. |
BatchAddThingTopo | iot:BatchAddThingTopo | * | Establishes topological relationships between multiple sub-devices and a gateway device. |
QueryDeviceByStatus | iot:QueryDeviceByStatus | * | Queries devices by status. |
GenerateOTAUploadURL | iot:GenerateOTAUploadURL | * | Generates the information that is used to upload firmware files to Object Storage Service (OSS). |
CreateOTAFirmware | iot:CreateOTAFirmware | * | Creates a firmware file. |
DeleteOTAFirmware | iot:DeleteOTAFirmware | * | Deletes a firmware file. |
ListOTAFirmware | iot:ListOTAFirmware | * | Queries all firmware files. |
QueryOTAFirmware | iot:QueryOTAFirmware | * | Queries the details of a firmware file. |
CreateOTAVerifyJob | iot:CreateOTAVerifyJob | * | Creates a firmware verification batch. |
CreateOTAStaticUpgradeJob | iot:CreateOTAStaticUpgradeJob | * | Creates a static update batch. |
CreateOTADynamicUpgradeJob | iot:CreateOTADynamicUpgradeJob | * | Creates a dynamic update batch. |
ListOTAJobByFirmware | iot:ListOTAJobByFirmware | * | Queries the update tasks of a firmware file. |
ListOTAJobByDevice | iot:ListOTAJobByDevice | * | Queries all firmware update batches of a device. |
QueryOTAJob | iot:QueryOTAJob | * | Queries the details of an update batch. |
CancelOTAStrategyByJob | iot:CancelOTAStrategyByJob | * | Cancels an update policy that is associated with a dynamic update batch. |
CancelOTATaskByDevice | iot:CancelOTATaskByDevice | * | Cancels the pending device update tasks of a firmware file. |
CancelOTATaskByJob | iot:CancelOTATaskByJob | * | Cancels the device update tasks of an update batch. |
ListOTATaskByJob | iot:ListOTATaskByJob | * | Queries the update tasks of a device by update batch. |
CreateSubscribeRelation | iot:CreateSubscribeRelation | * | Creates a Message Service (MNS) or Advanced Message Queuing Protocol (AMQP) server-side subscription. |
UpdateSubscribeRelation | iot:UpdateSubscribeRelation | * | Modifies an MNS or AMQP server-side subscription. |
QuerySubscribeRelation | iot:QuerySubscribeRelation | * | Queries the details of an MNS or AMQP server-side subscription. |
DeleteSubscribeRelation | iot:DeleteSubscribeRelation | * | Deletes an MNS or AMQP server-side subscription. |
CreateConsumerGroup | iotCreateConsumerGroup | * | Creates a consumer group to create an AMQP server-side subscription. |
UpdateConsumerGroup | iot:UpdateConsumerGroup | * | Changes the name of a consumer group. |
QueryConsumerGroupByGroupId | iot:QueryConsumerGroupByGroupId | * | Queries the details of a consumer group by consumer group ID. |
QueryConsumerGroupList | iot:QueryConsumerGroupList | * | Queries all consumer groups of an account or performs a fuzzy search by consumer group name. |
QueryConsumerGroupStatus | iot:QueryConsumerGroupStatus | * | Queries the status of a consumer group when an AMQP server-side subscription is enabled. The status information includes the online client information, message consumption rate, number of accumulated messages, and the most recent message consumption time. |
ResetConsumerGroupPosition | iot:ResetConsumerGroupPosition | * | Clears the accumulated messages of a consumer group when an AMQP server-side subscription is enabled. |
DeleteConsumerGroup | iot:DeleteConsumerGroup | * | Deletes a consumer group. |
CreateConsumerGroupSubscribeRelation | iot:CreateConsumerGroupSubscribeRelation | * | Adds a consumer group to an AMQP server-side subscription. |
DeleteConsumerGroupSubscribeRelation | iot:DeleteConsumerGroupSubscribeRelation | * | Removes a consumer group from an AMQP subscription. |
Configure an AMQP server-side subscription | iot:sub | * | Establishes a connection to IoT Platform by using an AMQP server-side subscription. |