子账号通过Domain API访问主账号资源时需要遵循鉴权规则。本文为您介绍Domain API鉴权的规则。
当子账号通过Domain API访问主账号的Domain资源时,Domain后台会向RAM进行权限检查,以确保资源拥有者已向调用者授予了相关资源的相关权限。
根据涉及到的资源及API的语义,每个Domain API会相应地确定需要检查哪些资源的权限。下表具体介绍了各API的鉴权规则。
说明 $accountid表示账号ID,您可以登录您的阿里云账号查看账号ID。
API | 鉴权Action | 鉴权Resource |
---|---|---|
SaveSingleTaskForUpdatingContactInfo | domain:DomainInfoModification | acs:domain:*:$accountid:domain/$domainName |
SaveBatchTaskForUpdatingContactInfo | acs:domain:*:$accountid:domain/$domainName | |
TransferInReenterTransferAuthorizationCode | domain:DomainTransferInOperation | acs:domain:*:$accountid:domain/$domainName |
TransferInRefetchWhoisEmail | acs:domain:*:$accountid:domain/$domainName | |
TransferInResendMailToken | acs:domain:*:$accountid:domain/$domainName | |
SaveSingleTaskForCancelingTransferIn | acs:domain:*:$accountid:domain/$domainName | |
SaveSingleTaskForCancelingTransferOut | domain:DomainTransferOutOperation | acs:domain:*:$accountid:domain/$domainName |
SaveSingleTaskForQueryingTransferAuthorizationCode | acs:domain:*:$accountid:domain/$domainName | |
SaveSingleTaskForModifyingDnsHost | domain:DnsHostModification | acs:domain:*:$accountid:domain/$domainName |
SaveSingleTaskForCreatingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
SaveSingleTaskForSynchronizingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
SaveSingleTaskForDeletingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
SaveBatchTaskForModifyingDomainDns | domain:DnsModification | acs:domain:*:$accountid:domain/$domainName |
SaveSingleTaskForTransferProhibitionLock | domain:SecuritySetting | acs:domain:*:$accountid:domain/$domainName |
SaveBatchTaskForTransferProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
SaveSingleTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
SaveBatchTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName |
API | 鉴权Action | 鉴权Resource |
---|---|---|
QueryDomainList | domain:QueryCommonInfo | acs:domain:*:$accountid:* |
QueryDomainByInstanceId | acs:domain:*:$accountid:* | |
QueryContactInfo | acs:domain:*:$accountid:* | |
VerifyContactField | acs:domain:*:$accountid:* | |
QueryTaskList | domain:QueryDomainTask | acs:domain:*:$accountid:* |
QueryTaskInfoHistory | acs:domain:*:$accountid:* | |
QueryTaskDetailList | acs:domain:*:$accountid:* | |
QueryTaskDetailHistory | acs:domain:*:$accountid:* | |
PollTaskResult | acs:domain:*:$accountid:* | |
QueryChangeLogList | domain:QueryChangeLog | acs:domain:*:$accountid:* |
QueryTransferInByInstanceId | domain:QueryDomainTransferIn | acs:domain:*:$accountid:* |
QueryTransferInList | acs:domain:*:$accountid:* | |
CheckTransferInFeasibility | acs:domain:*:$accountid:* | |
TransferInCheckMailToken | domain:TransferInCheckMailToken | acs:domain:*:$accountid:* |
QueryTransferOutInfo | domain:QueryDomainTransferOut | acs:domain:*:$accountid:* |
QueryDnsHost | domain:QueryDnsHost | acs:domain:*:$accountid:* |
QueryRegistrantProfiles | domain:QueryRegistrantProfile | acs:domain:*:$accountid:* |
ListEmailVerification | domain:QueryEmailVerification | acs:domain:*:$accountid:* |
AcknowledgeTaskResult | domain:AcknowledgeTaskResult | acs:domain:*:$accountid:* |
SaveRegistrantProfile | domain:RegistrantProfileOperation | acs:domain:*:$accountid:* |
DeleteRegistrantProfile | acs:domain:*:$accountid:* | |
DeleteEmailVerification | domain:EmailVerificationOperation | acs:domain:*:$accountid:* |
VerifyEmail | acs:domain:*:$accountid:* | |
ResendEmailVerification | acs:domain:*:$accountid:* | |
SubmitEmailVerification | acs:domain:*:$accountid:* |
API | 鉴权Action | 鉴权Resource |
---|---|---|
* | domain:* | acs:domain:*:$accountid:* |