All Products
Search
Document Center

File Storage NAS:ModifyAccessRule

Last Updated:Dec 11, 2024

Modifies a rule in a permission group.

Operation description

The rules in the default permission group (DEFAULT_VPC_GROUP_NAME) cannot be modified.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
nas:ModifyAccessRuleupdate
*AccessGroup
acs:nas:{#regionId}:{#accountId}:accessgroup/{#accessgroupName}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
AccessGroupNamestringYes

The name of the permission group.

vpc-test
AccessRuleIdstringYes

The rule ID.

1
SourceCidrIpstringYes

The IP address or CIDR block of the authorized object.

You must set this parameter to an IP address or CIDR block.

192.0.**.**
RWAccessTypestringNo

The access permissions of the authorized object on the file system.

Valid values:

  • RDWR (default): the read and write permissions
  • RDONLY: the read-only permissions
RDWR
UserAccessTypestringNo

The access permissions for different types of users in the authorized object.

Valid values:

  • no_squash: allows access from root users to the file system.
  • root_squash: grants root users the least permissions as the nobody user.
  • all_squash: grants all users the least permissions as the nobody user.

The nobody user has the least permissions in Linux and can access only the public content of the file system. This ensures the security of the file system.

all_squash
PriorityintegerNo

The priority of the rule.

Valid values: 1 to 100.

Default value: 1, which indicates the highest priority.

1
FileSystemTypestringNo

The type of the file system.

Valid values:

  • standard (default): General-purpose NAS file system
  • extreme: Extreme NAS file system
standard
Ipv6SourceCidrIpstringNo

The IPv6 address or CIDR block of the authorized object.

You must set this parameter to an IPv6 IP address or CIDR block.

Note
  • Only Extreme NAS file systems that reside in the China (Hohhot) region support IPv6.
  • Only permission groups that reside in virtual private clouds (VPCs) support IPv6.
  • This parameter is unavailable if you specify the SourceCidrIp parameter.
  • fe80::3d4a:80fd:f05d:****

    Response parameters

    ParameterTypeDescriptionExample
    object
    RequestIdstring

    The request ID.

    6299428C-3861-435D-AE54-9B330A00****

    Examples

    Sample success responses

    JSONformat

    {
      "RequestId": "6299428C-3861-435D-AE54-9B330A00****"
    }

    Error codes

    HTTP status codeError codeError messageDescription
    400InvalidParam.Ipv6SourceCidrIpIPv6 address verification failed.IPv6 address verification failed.
    400InvalidParam.SourceCidrIpIPv4 address verification failed.IPv4 address verification failed.
    400InvalidParam.IPv4AndIPv6MutuallyExclusiveYou cannot configure IPv4 and IPv6 at the same time.You cannot configure IPv4 and IPv6 at the same time.
    400InvalidAccessGroup.NotsupportedIPv6The access group does not support IPv6.The access group does not support IPv6.

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2024-09-05API Description Update. The Error code has changedView Change Details