API网关 APIG-权限策略和授权项:支持的授权项
支持的授权项
细粒度策略支持的操作与API相对应,授权项列表说明如下:
- 权限:自定义策略中授权项定义的内容即为权限。
- 授权项:自定义策略中支持的Action,在自定义策略中的Action中写入授权项,可以实现授权项对应的权限功能。
- 对应API接口:自定义策略实际调用的API接口。
- 授权范围:自定义策略的授权范围,包括 IAM 项目与企业项目。授权范围如果同时支持IAM项目和企业项目,表示此授权项对应的自定义策略,可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目,不支持企业项目,表示仅能在IAM中给用户组授权并生效,如果在企业管理中授权,则该自定义策略不生效。关于IAM项目与企业项目的区别,详情请参见:IAM项目和企业项目的区别。
API网关服务管理控制操作相关的授权项,明细如下表所示。用户调用如下API时,需要获取对应的权限。权限获取请参考 统一身份认证 服务(IAM)的帮助指导。
权限描述 |
授权项 |
对应的API |
IAM项目(Project) |
企业项目(Enterprise Project) |
---|---|---|---|---|
创建API网关专享版实例 |
apig:instances:create |
POST /v2/{project_id}/apigw/instances |
√ |
√ |
删除API网关专享版实例 |
apig:instances:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id} |
√ |
√ |
更新API网关专享版实例 |
apig:instances:update |
PUT /v2/{project_id}/apigw/instances/{instance_id} |
√ |
√ |
查看API网关专享版实例 |
apig:instances:get |
GET /v2/{project_id}/apigw/instances/{instance_id} |
√ |
√ |
查看API网关专享版实例列表 |
apig:instances:list |
GET /v2/{project_id}/apigw/instances |
√ |
√ |
创建API分组 |
apig:groups:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/api-groups |
√ |
√ |
删除API分组 |
apig:groups:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id} |
√ |
√ |
查看API分组 |
apig:groups:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id} |
√ |
√ |
查看API分组列表 |
apig:groups:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/api-groups |
√ |
√ |
创建分组 域名 |
apig:domains:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains |
√ |
√ |
删除分组域名 |
apig:domains:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id} |
√ |
√ |
分组域名绑定证书 |
apig:domains:bindCertificate |
POST /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate |
√ |
√ |
分组域名解绑证书 |
apig:domains:unbindCertificate |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id} |
√ |
√ |
查看分组域名绑定的证书 |
apig:domains:getCertificate |
GET /v2/{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id} |
√ |
√ |
创建环境变量 |
apig:variables:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/env-variables |
√ |
√ |
删除环境变量 |
apig:variables:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id} |
√ |
√ |
查看环境变量 |
apig:variables:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id} |
√ |
√ |
查看环境变量列表 |
apig:variables:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/env-variables |
√ |
√ |
创建API |
apig:apis:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/apis |
√ |
√ |
删除API |
apig:apis:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/apis/{api_id} |
√ |
√ |
发布API |
apig:apis:publish |
POST /v2/{project_id}/apigw/instances/{instance_id}/apis/action |
√ |
√ |
下线API |
apig:apis:offline |
POST /v2/{project_id}/apigw/instances/{instance_id}/apis/action |
√ |
√ |
调试API |
apig:apis:debug |
POST /v2/{project_id}/apigw/instances/{instance_id}/apis/debug/{api_id} |
√ |
√ |
导入API |
apig:apis:import |
POST /v2/{project_id}/apigw/instances/{instance_id}/openapi/import |
√ |
√ |
导出API |
apig:apis:export |
POST /v2/{project_id}/apigw/instances/{instance_id}/openapi/export |
√ |
√ |
授权API |
apig:apis:grantAppAccess |
POST /v2/{project_id}/apigw/instances/{instance_id}/app-auths |
√ |
√ |
解授权API |
apig:apis:relieveAppAccess |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/app-auths/{app_auth_id} |
√ |
√ |
API绑定签名 |
apig:apis:bindSigns |
POST /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings |
√ |
√ |
API解绑签名 |
apig:apis:unbindSigns |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/{sign_bindings_id} |
√ |
√ |
API绑定访问控制 |
apig:apis:bindAcls |
POST /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings |
√ |
√ |
API解绑访问控制 |
apig:apis:unbindAcls |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/{acl_bindings_id} |
√ |
√ |
API绑定流控 |
apig:apis:bindThrottles |
POST /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings |
√ |
√ |
API解绑流控 |
apig:apis:unbindThrottles |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/{throttle_binding_id} |
√ |
√ |
查看API |
apig:apis:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/apis/{api_id} |
√ |
√ |
查看API列表 |
apig:apis:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/apis |
√ |
√ |
查看API绑定的APP列表 |
apig:apis:listBindedApps |
GET /v2/{project_id}/apigw/instances/{instance_id}/app-auths/binded-apps |
√ |
√ |
查看API绑定的签名列表 |
apig:apis:listBindedSigns |
GET /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-signs |
√ |
√ |
查看API绑定的访问控制列表 |
apig:apis:listBindedAcls |
GET /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-acls |
√ |
√ |
查看API绑定的流控列表 |
apig:apis:listBindedTrottles |
GET /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-throttles |
√ |
√ |
创建环境 |
apig:envs:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/envs |
√ |
√ |
删除环境 |
apig:envs:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/envs/{env_id} |
√ |
√ |
查看环境列表 |
apig:envs:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/envs |
√ |
√ |
创建应用 |
apig:apps:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/apps |
√ |
√ |
删除应用 |
apig:apps:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/apps/{app_id} |
√ |
√ |
查看应用 |
apig:apps:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/apps/{app_id} |
√ |
√ |
查看应用列表 |
apig:apps:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/apps |
√ |
√ |
查看应用绑定的API列表 |
apig:apps:listBindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/app-auths/binded-apis |
√ |
√ |
查看应用未绑定的API列表 |
apig:apps:listUnbindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/app-auths/unbinded-apis |
√ |
√ |
创建签名 |
apig:signs:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/signs |
√ |
√ |
删除签名 |
apig:signs:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/signs/{sign_id} |
√ |
√ |
查看签名列表 |
apig:signs:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/signs |
√ |
√ |
查看签名绑定的API列表 |
apig:signs:listBindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-apis |
√ |
√ |
查看签名未绑定的API列表 |
apig:signs:listUnbindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/sign-bindings/unbinded-apis |
√ |
√ |
创建访问控制 |
apig:acls:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/acls |
√ |
√ |
删除访问控制 |
apig:acls:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/acls/{acl_id} |
√ |
√ |
查看访问控制 |
apig:acls:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/acls/{acl_id} |
√ |
√ |
查看访问控制列表 |
apig:acls:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/acls |
√ |
√ |
查看访问控制绑定的api列表 |
apig:acls:listBindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-apis |
√ |
√ |
查看访问控制未绑定的api列表 |
apig:acls:listUnbindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/acl-bindings/unbinded-apis |
√ |
√ |
创建流量控制 |
apig:throttles:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/throttles |
√ |
√ |
删除流量控制 |
apig:throttles:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id} |
√ |
√ |
查看流量控制 |
apig:throttles:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id} |
√ |
√ |
查看流量控制列表 |
apig:throttles:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/throttles |
√ |
√ |
查看流量控制绑定的API列表 |
apig:throttles:listBindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-apis |
√ |
√ |
查看流量控制未绑定的API列表 |
apig:throttles:listUnbindedApis |
GET /v2/{project_id}/apigw/instances/{instance_id}/throttle-bindings/unbinded-apis |
√ |
√ |
创建特殊流量控制 |
apig:specialThrottles:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials |
√ |
√ |
删除特殊流量控制 |
apig:specialThrottles:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials/{strategy_id} |
√ |
√ |
查看特殊流量控制列表 |
apig:specialThrottles:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials |
√ |
√ |
创建负载通道 |
apig:vpcChannels:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels |
√ |
√ |
删除负载通道 |
apig:vpcChannels:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id} |
√ |
√ |
更新负载通道 |
apig:vpcChannels:update |
PUT /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id} |
√ |
√ |
创建后端实例 |
apig:vpcChannels:addInstance |
POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members |
√ |
√ |
删除后端实例 |
apig:vpcChannels:deleteInstance |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/{member_id} |
√ |
√ |
查看负载通道 |
apig:vpcs:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id} |
√ |
√ |
查看负载通道列表 |
apig:vpcs:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-channels |
√ |
√ |
创建自定义认证 |
apig:authorizers:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/authorizers |
√ |
√ |
删除自定义认证 |
apig:authorizers:delete |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id} |
√ |
√ |
查看自定义认证 |
apig:authorizers:get |
GET /v2/{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id} |
√ |
√ |
查看自定义认证列表 |
apig:authorizers:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/authorizers |
√ |
√ |
查看标签列表 |
apig:tags:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/tags |
√ |
√ |
查看实例特性列表 |
apig:features:list |
GET /v2/{project_id}/apigw/instances/{instance_id}/features |
√ |
√ |
创建实例特性 |
apig:features:create |
POST /v2/{project_id}/apigw/instances/{instance_id}/features |
√ |
√ |
- API网关权限管理_授权使用API网关_APIG权限策略和授权项
- API网关的策略_API网关的插件策略_APIG传统策略
- GaussDB数据库授权_GaussDB授权说明_高斯数据库授权-华为云
- API网关流量控制策略_流量管控_API网关APIG-华为云
- 如何创建用户并授权使用应用运维管理服务_AOM_用户权限_创建用户_权限
- API网关支持http到https自动重定向_开放API_API网关APIG-华为云
- 容器镜像服务SWR授权管理_华为云SWR_容器镜像授权管理
- API网关基本概念_云原生API网关_API网关APIG-华为云
- 什么是API网关_API网关有什么作用_API网关APIG-华为云
- 容器镜像创建用户并授权使用SWR_华为云SWR_容器镜像创建授权