All Products
Search
Document Center

Key Management Service:UpdatePolicy

Last Updated:Oct 11, 2023

Updates a permission policy.

  • You can update the role-based access control (RBAC) permissions, accessible resources, access control rules, and description of a permission policy. You cannot update the name or scope of a permission policy.
  • Updating a permission policy affects all application access points (AAPs) that are bound to the permission policy. Exercise caution when you perform this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action String Yes UpdatePolicy

The operation that you want to perform. Set the value to UpdatePolicy.

Name String Yes policy_test

The name of the permission policy that you want to update.

Permissions String No ["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]

The operations that are supported by the updated policy. Valid values:

  • RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.
  • RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.

You can select both.

Resources String No ["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]

The key and secret that are allowed to access after the update.

  • Key: Enter a key in the key/${KeyId} format. To allow access to all keys of a KMS instance, enter key/*.
  • Secret: Enter a secret in the secret/${SecretName} format. To allow access to all secrets of a KMS instance, enter secret/*.
AccessControlRules String No {"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}

The access control rule.

Note For more information about how to query created access control rules, see ListNetworkRules.
Description String No policy description

The description.

Response parameters

Parameter

Type

Example

Description

RequestId String f455324b-e229-4066-9f58-9c1cf3fe83a8

The ID of the request, which is used to locate and troubleshoot issues.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdatePolicy
&Name=policy_test
&Permissions=["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]
&Resources=["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]
&AccessControlRules={"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}
&Description=policy  description
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdatePolicyResponse>
    <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a8</RequestId>
</UpdatePolicyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "f455324b-e229-4066-9f58-9c1cf3fe83a8"
}

Error codes

HTTP status code

Error code

Error message

Description

400 InvalidParameter The specified parameter is not valid. The specified parameter is invalid.
404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records. The specified AccessKey ID does not exist.

For a list of error codes, see Service error codes.