ALIYUN::CloudSSO::AccessAssignment类型用于为RD账号设置允许访问的用户或用户组,以及对应的访问权限(访问配置)。
语法
{
"Type": "ALIYUN::CloudSSO::AccessAssignment",
"Properties": {
"DirectoryId": String,
"PrincipalId": String,
"TargetType": String,
"PrincipalType": String,
"AccessConfigurationId": String,
"TargetId": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
AccessConfigurationId | String | 是 | 否 | 访问配置ID。 | 无 |
DirectoryId | String | 是 | 否 | 目录ID。 | 无 |
PrincipalId | String | 是 | 否 | 云SSO身份 ID。 | 取值:
|
PrincipalType | String | 是 | 否 | 云SSO身份类型。 | 取值:
|
TargetId | String | 是 | 否 | 部署目标ID。 | 无 |
TargetType | String | 是 | 否 | 任务目标类型。 | 取值:RD-Account,表示任务目标类型为RD账号。 |
返回值
Fn::GetAtt
无
示例
YAML格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AccessConfigurationId:
Description:
en: The ID of the access configuration.
Required: true
Type: String
DirectoryId:
Description:
en: The ID of the directory.
Required: true
Type: String
PrincipalId:
Description:
en: 'The ID of the CloudSSO identity.
- If you set PrincipalType to User, set PrincipalId to the ID of the CloudSSO
user.
- If you set PrincipalType to Group, set PrincipalId to the ID of the CloudSSO
group.'
Required: true
Type: String
PrincipalType:
AllowedValues:
- User
- Group
Description:
en: 'The type of the CloudSSO identity. Valid values: User, Group'
Required: true
Type: String
TargetId:
Description:
en: The ID of the task object.
Required: true
Type: String
TargetType:
AllowedValues:
- RD-Account
Description:
en: The type of the task object. Set the value to RD-Account, which specifies
the accounts in the resource directory.
Required: true
Type: String
Resources:
AccessAssignment:
Properties:
AccessConfigurationId:
Ref: AccessConfigurationId
DirectoryId:
Ref: DirectoryId
PrincipalId:
Ref: PrincipalId
PrincipalType:
Ref: PrincipalType
TargetId:
Ref: TargetId
TargetType:
Ref: TargetType
Type: ALIYUN::CloudSSO::AccessAssignment JSON格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"DirectoryId": {
"Type": "String",
"Description": {
"en": "The ID of the directory."
},
"Required": true
},
"PrincipalId": {
"Type": "String",
"Description": {
"en": "The ID of the CloudSSO identity.\n- If you set PrincipalType to User, set PrincipalId to the ID of the CloudSSO user.\n- If you set PrincipalType to Group, set PrincipalId to the ID of the CloudSSO group."
},
"Required": true
},
"TargetType": {
"Type": "String",
"Description": {
"en": "The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory."
},
"AllowedValues": [
"RD-Account"
],
"Required": true
},
"PrincipalType": {
"Type": "String",
"Description": {
"en": "The type of the CloudSSO identity. Valid values: User, Group"
},
"AllowedValues": [
"User",
"Group"
],
"Required": true
},
"AccessConfigurationId": {
"Type": "String",
"Description": {
"en": "The ID of the access configuration."
},
"Required": true
},
"TargetId": {
"Type": "String",
"Description": {
"en": "The ID of the task object."
},
"Required": true
}
},
"Resources": {
"AccessAssignment": {
"Type": "ALIYUN::CloudSSO::AccessAssignment",
"Properties": {
"DirectoryId": {
"Ref": "DirectoryId"
},
"PrincipalId": {
"Ref": "PrincipalId"
},
"TargetType": {
"Ref": "TargetType"
},
"PrincipalType": {
"Ref": "PrincipalType"
},
"AccessConfigurationId": {
"Ref": "AccessConfigurationId"
},
"TargetId": {
"Ref": "TargetId"
}
}
}
}
}