CreatePolicyGroup - WUYING Workspace - Alibaba Cloud Documentation Center

Creates a policy.

Operation description

A policy is a set of security rules that are used to control security configurations when end users use cloud desktops. A policy contains basic features, such as USB redirection and watermarking, and other features, such as security group control. For more information, see Policy overview.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
ecd:CreatePolicyGroup	WRITE	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region.	cn-hangzhou
Clipboard	string	No	The permissions on the clipboard. Valid values: read: specifies one-way transfer You can copy data from your local computer to the cloud desktop, but cannot copy data from the cloud desktop to your local computer. readwrite: specifies two-way transfer You can copy data between your local computer and the cloud desktop. off: disables both one-way and two-way transfer You cannot copy data between your local computer and the cloud desktop. This value is the default value.	off
LocalDrive	string	No	The permissions on local disk mapping. Valid values: read: read-only The disks on your local computer are mapped to the cloud desktop. You can only read (copy) files on the local computer. readwrite: read and write The disks on your local computer are mapped to the cloud desktop. You can read (copy) and modify files on your local computer. off: The disks on your local computer are not mapped to the cloud desktop. This value is the default value.	off
UsbRedirect	string	No	Specifies whether to enable USB redirection. Valid values: off: USB redirection is disabled. This value is the default value. on: USB redirection is enabled.	off
VisualQuality	string	No	The policy for image display quality. Valid values: high low lossless medium: adaptive. This value is the default value.	medium
Html5Access	string	No	The policy for HTML5 client access. Note We recommend that you use the ClientType parameter to manage the type of Alibaba Cloud Workspace clients for desktop connection. Valid values: off: HTML5 client access is disabled. This value is the default value. on: HTML5 client access is enabled.	off
Html5FileTransfer	string	No	The file transfer policy for HTML5 clients. Valid values: all: Files can be uploaded and downloaded between your computer and HTML5 clients. download: Files on HTML5 clients can be downloaded to your computer. upload: Files on your computer can be uploaded to HTML5 clients. off: File transfer between HTML5 clients and your computer is disabled. This value is the default value.	off
Watermark	string	No	Specifies whether to enable watermarking. Valid values: off: Watermarking is disabled. This value is the default value. on: Watermarking is enabled.	off
Name	string	No	The name of the policy.	testPolicyGroupName
WatermarkType	string	No	The type of the watermark. You can specify multiple types of watermarks at the same time. Separate multiple watermark types with commas (,). Valid values: EndUserId: The ID of the end user is displayed. HostName: The rightmost 15 characters of the cloud desktop ID are displayed.	EndUserId
WatermarkTransparency	string	No	The transparency of the watermark. Valid values: LIGHT DARK MIDDLE	LIGHT
PreemptLogin	string	No	Specifies whether to allow user preemption. Note To improve user experience and ensure data security, multiple end users cannot connect to the same cloud desktop at the same time. The default value of this parameter is `off`, and the value cannot be changed.	off
DomainList	string	No	Access control for domain names. The wildcard character (*) is supported for domain names. Separate multiple domain names with commas (,). Valid values: off on	off
PrinterRedirection	string	No	The policy for printer redirection. Valid values: off: Printer redirection is disabled. on: Printer redirection is enabled.	on
PreemptLoginUser	array	No	The names of the users that are allowed to connect to the same cloud desktop at the same time. You can specify up to five usernames. Note To improve user experience and ensure data security, we recommend that you disable the user preemption feature.
	string	No	The name of the end user that is allowed to connect to a cloud desktop to which another end user is connected.	Alice
AuthorizeSecurityPolicyRule	object []	No	The security group rules.
Type	string	No	The direction of the security group rule. Valid values: outflow: outbound inflow: inbound	inflow
Policy	string	No	The authorization policy of the security group rule. Valid values: drop: denies all access requests If no denied messages are returned, the requests timed out or failed. accept: accepts all access requests This value is the default value.	accept
PortRange	string	No	The port range of the security group rule. The value range of this parameter varies based on the value of the IpProtocol parameter. If you set the IpProtocol parameter to TCP or UDP, the value range is 1 to 65535. Separate the start port number and the end port number with a forward slash (/). Example: 1/200. If you set the IpProtocol parameter to ICMP, the start port number and the end port number are -1/-1. If you set the IpProtocol parameter to GRE, the start port number and the end port number are -1/-1. If you set the IpProtocol parameter to ALL, the start port number and the end port number are -1/-1. For more information about the common ports of applications, see Common ports.	22/22
Description	string	No	The description of the security group rule.	test
IpProtocol	string	No	The protocol type of the security group rule. Valid values: TCP UDP ALL: all protocols GRE ICMP: ICMP (IPv4)	tcp
Priority	string	No	The priority of the security group rule. A smaller value specifies a higher priority. Valid values: 1 to 60. Default value: 1.	1
CidrIp	string	No	The IPv4 CIDR block of the security group rule.	47.100.XX.XX/16
AuthorizeAccessPolicyRule	object []	No	The client IP address whitelists. Only the client IP addresses in whitelists can access the cloud desktop.
Description	string	No	The description of the client IP address whitelist.	North China Branch
CidrIp	string	No	The IPv4 CIDR block that you want to access from the client. The value is an IPv4 CIDR block.	47.100.XX.XX/16
ClientType	object []	No	The logon methods. You can use this parameter to determine which clients can be used to connect to the cloud desktop.
Status	string	No	Specifies whether a specific client type can be used to connect to the cloud desktop. Note By default, if you do not specify the ClientType parameter, all types of clients can be used to connect to cloud desktops. Valid values: OFF: Clients of the specified type cannot be used to connect to cloud desktops. ON: Clients of the specified type can be used to connect to cloud desktops.	ON
ClientType	string	No	The type of the client. Note By default, if you do not specify the ClientType parameter, all types of clients can be used to connect to cloud desktops. Valid values: html5: web clients android: Android clients linux: Alibaba Cloud Workspace clients ios: iOS clients windows: Windows clients macos: macOS clients	windows
GpuAcceleration	string	No	Specifies whether to enable the image display quality feature for the Graphics cloud desktop. If you have high requirements for desktop performance and user experience, we recommend that you enable this feature. For example, you can enable this feature in professional design scenarios. Valid values: off on	off
UsbSupplyRedirectRule	object []	No	The USB redirection rules.
VendorId	string	No	The ID of the vendor. For more information, see Valid USB Vendor IDs (VIDs).	04**
ProductId	string	No	The ID of the service.	08**
Description	string	No	The description of the rule.	Test rule
UsbRedirectType	long	No	The type of USB redirection. Valid values: 1: allows USB redirection 2: forbids USB redirection	1
DeviceClass	string	No	The class of the device. If you set the `usbRuleType` parameter to 1, you must specify this parameter. For more information, see Defined Class Codes.	0Eh
DeviceSubclass	string	No	The subclass of the device. If you set the `usbRuleType` parameter to 1, you must specify this parameter. For more information, see Defined Class Codes.	xxh
UsbRuleType	long	No	The type of the USB redirection rule. Valid values: 1: by device class 2: by device vendor	1
DomainResolveRuleType	string	No	The type of the domain name resolution policy. Valid values: OFF ON	OFF
DomainResolveRule	object []	No	The details of the domain name resolution policy.
Domain	string	No	The domain name.	*.baidu.com
Policy	string	No	Specifies whether to allow the policy. Valid values: allow block	allow
Description	string	No	The description of the policy.	system policy
Recording	string	No	Specifies whether to enable screen recording. Valid values: ALLTIME: All operations that are performed by end users on cloud desktops are recorded. The recording starts immediately when end users connect to cloud desktops and ends when the end users disconnect from the cloud desktops. PERIOD: The operations that are performed by end users on cloud desktops during a specified period of time are recorded. You must set the start time and end time for the recording period. OFF: Screen recording is disabled.	OFF
RecordingStartTime	string	No	The time when screen recording starts. Specify the value in the HH:MM:SS format. The value of this parameter is valid only if you set the Recording parameter to PERIOD.	08:00:00
RecordingEndTime	string	No	The time when the screen recording stops. Specify the value in the HH:MM:SS format. The value of this parameter is valid only if you set the Recording parameter to PERIOD.	08:59:00
RecordingFps	long	No	The frame rate of screen recording. Valid values: 2 5 10 15	2
RecordingExpires	long	No	The duration in which the screen recording is valid. Unit: days.	15
CameraRedirect	string	No	Specifies whether to enable the webcam redirection feature. Valid values: off: Webcam redirection is disabled. on: Webcam redirection is enabled. This value is the default value.	on
NetRedirect	string	No	Specifies whether to enable the network redirection feature. Note This feature is in invitational preview and is not available to the public. Valid values: off (default): The network redirection feature is disabled. on: The network redirection feature is enabled.	off
AppContentProtection	string	No	Specifies whether to enable the anti-screenshot feature. Valid values: off: Anti-screenshot is disabled. This value is the default value. on: Anti-screenshot is enabled.	off
RecordContent	string	No	Specifies whether to enable the custom screen recording feature. Valid values: off: Custom screen recording is disabled. This value is the default value. on: Custom screen recording is enabled.	OFF
RecordContentExpires	long	No	The duration in which the custom screen recording is valid. Default value: 30. Unit: days.	30
RemoteCoordinate	string	No	The permission to control the keyboard and the mouse during remote assistance. Valid values: optionalControl: By default, this feature is disabled. You can enable it by applying permissions. fullControl: The permission is granted. disableControl: The permission is revoked.	fullControl
RecordingDuration	integer	No	The duration from the time when the screen recording starts to the time when the screen recording stops. If you specify the Recording parameter, you must also specify the RecordingDuration parameter. When the specified duration ends, a recording file is generated.	15
Scope	string	No	The effective scope of the policy. Valid values: GLOBAL: The policy takes effect globally. IP: The policy takes effect for specified IP addresses.	GLOBAL
ScopeValue	array	No	The effective CIDR block ranges. If you set the Scope parameter to IP, you must specify this parameter.
	string	No	The effective CIDR block range.	47.100.XX.XX/24
RecordingAudio	string	No	Specifies whether to record audio data during the screen recording. Valid values: on: records audio and video data off: records only video data	on
InternetCommunicationProtocol	string	No	The protocol that you want to use for network communication. Valid values: -TCP: Only TCP is allowed. -BOTH: Automatic switch between TCP and UDP is allowed. Default value: TCP.	both
VideoRedirect	string	No	Specifies whether to enable the multimedia redirection feature. Valid values: on: Multimedia redirection is enabled. off: Multimedia redirection is disabled.	on
WatermarkTransparencyValue	integer	No	The transparency of the watermark. A larger value specifies that the watermark is less transparent. Valid values: 10 to 100.	10
WatermarkColor	integer	No	The font color of the watermark. Valid values: 0 to 16777215.	0
WatermarkDegree	double	No	The inclination angle of the watermark. Valid values: -10 to -30.	-10
WatermarkFontSize	integer	No	The font size of the watermark. Valid values: 10 to 20.	10
WatermarkFontStyle	string	No	The font style of the watermark. Valid values: plain bold	plain
WatermarkRowAmount	integer	No	The number of watermark rows. This parameter is now invalid.	5
EndUserApplyAdminCoordinate	string	No	Specifies whether to allow end users to seek assistance from the administrator. Valid values: ON OFF	ON
EndUserGroupCoordinate	string	No	The switch for collaboration between end users. Valid values: ON OFF	ON
WatermarkSecurity	string	No	The security priority for invisible watermarks. Valid values: on and off.	on
AdminAccess	string	No	Specifies whether users have the administrator permissions after they connect to cloud desktops. Note This parameter is in invitational preview and not available to the public.	deny
WatermarkAntiCam	string	No	The anti-screen photo feature. Valid values: on and off.	off
WatermarkPower	string	No	The invisible watermark enhancement feature. Valid values: low, medium, and high.	medium
RecordingUserNotify	string	No	Specifies whether the feature to send screen recording notifications to clients is enabled. Valid values: on and off.	off
RecordingUserNotifyMessage	string	No	The notification content sent to clients when screen recording is enabled. By default, you do not need to specify this parameter.	Your desktop is being recorded.

Response parameters

Parameter	Type	Description	Example
	object	The data returned.
PolicyGroupId	string	The ID of the policy.	pg-gx2x1dhsmthe9****
RequestId	string	The ID of the request.	1CBAFFAB-B697-4049-A9B1-67E1FC5F****

Examples

Sample success responses

JSONformat

{
  "PolicyGroupId": "pg-gx2x1dhsmthe9****",
  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2024-01-26