子帳號通過Domain API訪問主帳號資源時需要遵循鑒權規則。本文為您介紹Domain API鑒權的規則。
當子帳號通過Domain API訪問主帳號的Domain資源時,Domain後台會向RAM進行許可權檢查,以確保資源擁有者已向調用者授予了相關資源的相關許可權。
根據涉及到的資源及API的語義,每個Domain API會相應地確定需要檢查哪些資源的許可權。下表具體介紹了各API的鑒權規則。
說明 $accountid表示帳號ID,您可以登入您的阿里雲帳號查看帳號ID。
| API | 鑒權Action | 鑒權Resource |
| SaveSingleTaskForUpdatingContactInfo | domain:DomainInfoModification | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForUpdatingContactInfoByNewContact | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForUpdatingContactInfoByRegistrantProfileId | acs:domain:*:$accountid:domain/$domainName | |
| SaveTaskForUpdatingRegistrantInfoByRegistrantProfileID | acs:domain:*:$accountid:domain/$domainName | |
| SaveTaskForUpdatingRegistrantInfoByIdentityCredential | acs:domain:*:$accountid:domain/$domainName | |
| SaveTaskForSubmittingDomainRealNameVerificationByRegistrantProfileID | domain:RealNameVerificationOperation | acs:domain:*:$accountid:domain/$domainName |
| CancelDomainVerification | acs:domain:*:$accountid:domain/$domainName | |
| SaveTaskForSubmittingDomainRealNameVerificationByIdentityCredential | acs:domain:*:$accountid:domain/$domainName | |
| TransferInReenterTransferAuthorizationCode | domain:DomainTransferInOperation | acs:domain:*:$accountid:domain/$domainName |
| TransferInRefetchWhoisEmail | acs:domain:*:$accountid:domain/$domainName | |
| TransferInResendMailToken | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferIn | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferOut | domain:DomainTransferOutOperation | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForQueryingTransferAuthorizationCode | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForModifyingDnsHost | domain:DnsHostModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForCreatingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForSynchronizingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForDeletingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForModifyingDomainDns | domain:DnsModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForTransferProhibitionLock | domain:SecuritySetting | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForTransferProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCreatingOrderRenew | domain:CreateOrderRenew | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForCreatingOrderRenew | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCreatingOrderRedeem | domain:CreateOrderRedeem | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForCreatingOrderRedeem | acs:domain:*:$accountid:domain/$domainName |
| API | 鑒權Action | 鑒權Resource |
| SaveSingleTaskForUpdatingContactInfo | domain:DomainInfoModification | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForUpdatingContactInfo | acs:domain:*:$accountid:domain/$domainName | |
| TransferInReenterTransferAuthorizationCode | domain:DomainTransferInOperation | acs:domain:*:$accountid:domain/$domainName |
| TransferInRefetchWhoisEmail | acs:domain:*:$accountid:domain/$domainName | |
| TransferInResendMailToken | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferIn | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferOut | domain:DomainTransferOutOperation | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForQueryingTransferAuthorizationCode | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForModifyingDnsHost | domain:DnsHostModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForCreatingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForSynchronizingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForDeletingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForModifyingDomainDns | domain:DnsModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForTransferProhibitionLock | domain:SecuritySetting | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForTransferProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName |
| API | 鑒權Action | 鑒權Resource |
| QueryDomainList | domain:QueryCommonInfo | acs:domain:*:$accountid:* |
| QueryDomainByInstanceId | acs:domain:*:$accountid:* | |
| QueryContactInfo | acs:domain:*:$accountid:* | |
| QueryDomainSuffix | acs:domain:*:$accountid:* | |
| QueryAdvancedDomainList | acs:domain:*:$accountid:* | |
| VerifyContactField | acs:domain:*:$accountid:* | |
| QueryTaskList | domain:QueryDomainTask | acs:domain:*:$accountid:* |
| QueryTaskInfoHistory | acs:domain:*:$accountid:* | |
| QueryTaskDetailList | acs:domain:*:$accountid:* | |
| QueryTaskDetailHistory | acs:domain:*:$accountid:* | |
| PollTaskResult | acs:domain:*:$accountid:* | |
| QueryChangeLogList | domain:QueryChangeLog | acs:domain:*:$accountid:* |
| QueryTransferInByInstanceId | domain:QueryDomainTransferIn | acs:domain:*:$accountid:* |
| QueryTransferInList | acs:domain:*:$accountid:* | |
| CheckTransferInFeasibility | acs:domain:*:$accountid:* | |
| TransferInCheckMailToken | domain:TransferInCheckMailToken | acs:domain:*:$accountid:* |
| QueryTransferOutInfo | domain:QueryDomainTransferOut | acs:domain:*:$accountid:* |
| QueryDnsHost | domain:QueryDnsHost | acs:domain:*:$accountid:* |
| QueryFailReasonForRegistrantProfileRealNameVerification | domain:QueryRegistrantProfile | acs:domain:*:$accountid:* |
| QueryRegistrantProfileRealNameVerificationInfo | acs:domain:*:$accountid:* | |
| 查詢當前帳號下的網域名稱資訊模板 | acs:domain:*:$accountid:* | |
| QueryDomainGroupList | domain:QueryDomainGroup | acs:domain:*:$accountid:* |
| QueryFailReasonForDomainRealNameVerification | domain:QueryRealNameVerification | acs:domain:*:$accountid:* |
| QueryDomainRealNameVerificationInfo | acs:domain:*:$accountid:* | |
| ListEmailVerification | domain:QueryEmailVerification | acs:domain:*:$accountid:* |
| QueryEmailVerification | acs:domain:*:$accountid:* | |
| AcknowledgeTaskResult | domain:AcknowledgeTaskResult | acs:domain:*:$accountid:* |
| SaveRegistrantProfile | domain:RegistrantProfileOperation | acs:domain:*:$accountid:* |
| DeleteRegistrantProfile | acs:domain:*:$accountid:* | |
| RegistrantProfileRealNameVerification | acs:domain:*:$accountid:* | |
| DeleteDomainGroup | domain:DomainGroupOperation | acs:domain:*:$accountid:* |
| SaveDomainGroup | acs:domain:*:$accountid:* | |
| UpdateDomainToDomainGroup | acs:domain:*:$accountid:* | |
| DeleteEmailVerification | domain:EmailVerificationOperation | acs:domain:*:$accountid:* |
| VerifyEmail | acs:domain:*:$accountid:* | |
| ResendEmailVerification | acs:domain:*:$accountid:* | |
| SubmitEmailVerification | acs:domain:*:$accountid:* | |
| SaveBatchDomainRemark | domain:DomainInfoModification | acs:domain:*:$accountid:* |
| SaveSingleTaskForCreatingOrderActivate | domain:CreateOrderActivate | acs:domain:*:$accountid:* |
| SaveBatchTaskForCreatingOrderActivate | acs:domain:*:$accountid:* | |
| SaveSingleTaskForCreatingOrderTransfer | domain:CreateOrderTransfer | acs:domain:*:$accountid:* |
| SaveBatchTaskForCreatingOrderTransfer | acs:domain:*:$accountid:* |
| API | 鑒權Action | 鑒權Resource |
| QueryDomainList | domain:QueryCommonInfo | acs:domain:*:$accountid:* |
| QueryDomainByInstanceId | acs:domain:*:$accountid:* | |
| QueryContactInfo | acs:domain:*:$accountid:* | |
| VerifyContactField | acs:domain:*:$accountid:* | |
| QueryTaskList | domain:QueryDomainTask | acs:domain:*:$accountid:* |
| QueryTaskInfoHistory | acs:domain:*:$accountid:* | |
| QueryTaskDetailList | acs:domain:*:$accountid:* | |
| QueryTaskDetailHistory | acs:domain:*:$accountid:* | |
| PollTaskResult | acs:domain:*:$accountid:* | |
| QueryChangeLogList | domain:QueryChangeLog | acs:domain:*:$accountid:* |
| QueryTransferInByInstanceId | domain:QueryDomainTransferIn | acs:domain:*:$accountid:* |
| QueryTransferInList | acs:domain:*:$accountid:* | |
| CheckTransferInFeasibility | acs:domain:*:$accountid:* | |
| TransferInCheckMailToken | domain:TransferInCheckMailToken | acs:domain:*:$accountid:* |
| QueryTransferOutInfo | domain:QueryDomainTransferOut | acs:domain:*:$accountid:* |
| QueryDnsHost | domain:QueryDnsHost | acs:domain:*:$accountid:* |
| QueryRegistrantProfiles | domain:QueryRegistrantProfile | acs:domain:*:$accountid:* |
| ListEmailVerification | domain:QueryEmailVerification | acs:domain:*:$accountid:* |
| AcknowledgeTaskResult | domain:AcknowledgeTaskResult | acs:domain:*:$accountid:* |
| SaveRegistrantProfile | domain:RegistrantProfileOperation | acs:domain:*:$accountid:* |
| DeleteRegistrantProfile | acs:domain:*:$accountid:* | |
| DeleteEmailVerification | domain:EmailVerificationOperation | acs:domain:*:$accountid:* |
| VerifyEmail | acs:domain:*:$accountid:* | |
| ResendEmailVerification | acs:domain:*:$accountid:* | |
| SubmitEmailVerification | acs:domain:*:$accountid:* |
| API | 鑒權Action | 鑒權Resource |
| * | domain:* | acs:domain:*:$accountid:* |
| API | 鑒權Action | 鑒權Resource |
| * | domain:* | acs:domain:*:$accountid:* |