All Products
Search
Document Center

File Storage NAS:CreateAccessRule

Last Updated:Dec 11, 2024

Creates a rule for a permission group.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
nas:CreateAccessRulecreate
*AccessGroup
acs:nas:{#regionId}:{#accountId}:accessgroup/{#accessgroupName}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
AccessGroupNamestringYes

The name of the permission group.

vpc-test
SourceCidrIpstringNo

The IP address or CIDR block of the authorized object.

You must set this parameter to an IP address or CIDR block.

Note If the permission group resides in the classic network, you must set this parameter to an IP address.
192.0.2.0/16
RWAccessTypestringNo

The access permissions of the authorized object on the file system.

Valid values:

  • RDWR (default): the read and write permissions
  • RDONLY: the read-only permissions
RDWR
UserAccessTypestringNo

The access permissions for different types of users in the authorized object.

Valid values:

  • no_squash (default): grants root users the permissions to access the file system.
  • root_squash: grants root users the least permissions as the nobody user.
  • all_squash: grants all users the least permissions as the nobody user.

The nobody user has the least permissions in Linux and can access only the public content of the file system. This ensures the security of the file system.

no_squash
PriorityintegerNo

The priority of the rule.

The rule with the highest priority takes effect if multiple rules are attached to the authorized object.

Valid values: 1 to 100. The value 1 indicates the highest priority.

1
FileSystemTypestringNo

The type of the file system.

Valid values:

  • standard (default): General-purpose NAS file system
  • extreme: Extreme NAS file system
standard
Ipv6SourceCidrIpstringNo

The IPv6 address or CIDR block of the authorized object.

You must set this parameter to an IPv6 address or CIDR block.

Note
  • Only Extreme NAS file systems that reside in the Chinese mainland support IPv6. If you specify this parameter, you must enable IPv6 for the file system.
  • Only permission groups that reside in virtual private clouds (VPCs) support IPv6.
  • You cannot specify an IPv4 address and an IPv6 address at the same time.
  • 2001:250:6000::***

    Response parameters

    ParameterTypeDescriptionExample
    object
    RequestIdstring

    The request ID.

    A323836B-5BC6-45A6-8048-60675C23****
    AccessRuleIdstring

    The rule ID.

    1

    Examples

    Sample success responses

    JSONformat

    {
      "RequestId": "A323836B-5BC6-45A6-8048-60675C23****",
      "AccessRuleId": "1"
    }

    Error codes

    HTTP status codeError codeError messageDescription
    400InvalidParam.Ipv6SourceCidrIpIPv6 address verification failed.IPv6 address verification failed.
    400InvalidParam.SourceCidrIpIPv4 address verification failed.IPv4 address verification failed.
    400InvalidParam.IPv4AndIPv6MutuallyExclusiveYou cannot configure IPv4 and IPv6 at the same time.You cannot configure IPv4 and IPv6 at the same time.
    400InvalidAccessGroup.NotsupportedIPv6The access group does not support IPv6.The access group does not support IPv6.

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2024-09-05API Description Update. The Error code has changedView Change Details