Creates a policy.

Description

A policy is a set of security rules that are used to control security configurations when regular users use cloud desktops. A policy consists of a basic policy, such as USB redirection, watermarking, and clipboard usage, and security group rules.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreatePolicyGroup

The operation that you want to perform. Set the value to CreatePolicyGroup.

RegionId String Yes cn-hangzhou

The ID of the region.

Clipboard String No off

The permissions on clipboards. Valid values:

  • read: read-only. You can copy data only from the local PC to the cloud desktop.
  • readwrite: read and write. You can copy data between the local PC and the cloud desktop.
  • off: disabled. You cannot copy data between the local PC and the cloud desktop.

Default value: off.

LocalDrive String No off

The permissions on local disk mapping. Valid values:

  • read: read-only. Local disks are mapped to the cloud desktop. You can only read (copy) local files, but cannot modify them.
  • readwrite: read and write. Local disks are mapped to the cloud desktop. You can read (copy) local files and modify them.
  • off: disabled. Local disks are not mapped to the cloud desktop.

Default value: off.

UsbRedirect String No off

Specifies whether to enable USB redirection. Valid values:

  • on: enabled
  • off: disabled

Default value: off.

VisualQuality String No medium

The policy of image display quality. Valid values:

  • low: Image resolution is set to the lowest value.
  • medium: Image resolution is automatically adjusted based on network conditions.
  • high: Image resolution is set to high definition (HD).
  • lossless: Image resolution is set to lossless.

Default value: medium.

Html5Access String No off

The access policy for HTML5 clients. Valid values:

  • on: Access from HTML5 clients is allowed.
  • off: Access from HTML5 clients is denied.

Default value: off.

Html5FileTransfer String No off

The file transfer policy for HTML5 clients. Valid values:

  • off: Files cannot be uploaded to or downloaded from HTML5 clients.
  • upload: Files can be uploaded from HTML5 clients.
  • download: Files can be downloaded to HTML5 clients.
  • all: Files can be uploaded to and downloaded from HTML5 clients.

Default value: off.

Watermark String No off

Specifies whether to enable watermarking. Valid values:

  • on: enabled
  • off: disabled

Default value: off.

Name String No testPolicyGroupName

The name of the policy.

WatermarkType String No EndUserId

The type of the watermark. You can specify multiple watermark types at a time. Separate the watermark types with commas (,). Valid values:

  • EndUserId: The username is displayed.
  • HostName: The rightmost 15 characters of the cloud desktop ID are displayed.
WatermarkTransparency String No LIGHT

The transparency of the watermark. Valid values:

  • LIGHT
  • MIDDLE
  • DARK

Default value: LIGHT.

PreemptLogin String No on

Specifies whether to allow user preemption. Valid values:

  • on: User preemption is allowed.
  • off: User preemption is not allowed.
PreemptLoginUser.N RepeatList No Alice

The list of users who are allowed to preemptively log on to a cloud desktop.

The value is the username you specified. You can specify up to five usernames.

DomainList String No [black:],example.com

The blacklist or whitelist of domain names. Domain names support the asterisk (*) wildcards. Separate multiple domain names with commas (,). Valid values:

  • [black:],example1.com,example2.com: the domain name blacklist. The cloud desktop cannot access the domain names specified in the blacklist.
  • [white:],example1.com,example2.com: the domain name whitelist. The cloud desktop can access only the domain names specified in the whitelist.
AuthorizeSecurityPolicyRule.N.Type String No inflow

The direction of the security group rule. Valid values:

  • inflow: inbound
  • outflow: outbound
AuthorizeSecurityPolicyRule.N.IpProtocol String No tcp

The protocol type of the security group rule. Valid values:

  • tcp: the TCP protocol
  • udp: the UDP protocol
  • icmp: the ICMP (IPv4) protocol
  • gre: the GRE protocol
  • all: all protocols
AuthorizeSecurityPolicyRule.N.PortRange String No 22/22

The port range of the security group rule. The value range of the port is determined by the value of the IpProtocol parameter:

  • When the IpProtocol parameter is set to tcp or udp, the port range is 1 to 65535. Separate the start port and the end port with a forward slash (/). Example: 1/200.
  • Set the value to -1/-1 when the IpProtocol parameter is set to icmp.
  • Set the value to -1/-1 when the IpProtocol parameter is set to gre.
  • Set the value to -1/-1 when the IpProtocol parameter is set to all.

For more information about common ports of typical applications, see Common ports.

AuthorizeSecurityPolicyRule.N.CidrIp String No 10.0.XX.XX/8

The object to which the security group rule applies. IPv4 CIDR blocks are returned.

AuthorizeSecurityPolicyRule.N.Policy String No accept

The authorization policy of the security group rule. Valid values:

  • accept: the Allow policy. All access requests are allowed.
  • drop: the Deny policy. All access requests are denied. If no deny message is returned, the initiator request times out or the connection cannot be established.

Default value: accept.

AuthorizeSecurityPolicyRule.N.Priority String No 1

The priority of the security group rule. A smaller value indicates a higher priority.

Valid values: 1 to 60.

Default value: 1.

AuthorizeSecurityPolicyRule.N.Description String No test

The description of the security group rule.

AuthorizeAccessPolicyRule.N.CidrIp String No 10.0.XX.XX/8

The IPv4 CIDR block that can be accessed from the client.

AuthorizeAccessPolicyRule.N.Description String No test

The description of the IP address whitelist that the client can access.

PrinterRedirection String No on

The policy of the printer redirection feature. Valid values:

  • off: disabled
  • on: enabled

Response parameters

Parameter Type Example Description
PolicyGroupId String pg-gx2x1dhsmthe9****

The ID of the policy.

RequestId String 1CBAFFAB-B697-4049-A9B1-67E1FC5F****

The ID of the request.

Samples

Sample requests

https://ecd.cn-hangzhou.aliyuncs.com/?Action=CreatePolicyGroup
&RegionId=cn-hangzhou
&<Common request parameters>|

Sample success responses

XML format

<CreatePolicyGroupResponse>
  <RequestId>1CBAFFAB-B697-4049-A9B1-67E1FC5F****</RequestId>
  <PolicyGroupId>pg-gx2x1dhsmthe9****</PolicyGroupId>
</CreatePolicyGroupResponse>

JSON format

{
    "CreatePolicyGroupResponse": {
        "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****",
        "PolicyGroupId": "pg-gx2x1dhsmthe9****"
    }
}