Modifies a policy.

Description

When you modify a policy, you can add or delete security group rules. You can use the parameters related to AuthorizeSecurityPolicyRule to add security group rules and the parameters related to RevokeSecurityPolicyRule to delete existing security group rules.

Note You can call the DescribePolicyGroups operation to query the existing security group rules of a policy.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ModifyPolicyGroup

The operation that you want to perform. Set the value to ModifyPolicyGroup.

AuthorizeAccessPolicyRule.N.CidrIp String Yes 10.0.XX.XX/8

The CIDR block that the client can access.

PolicyGroupId String Yes pg-gx2x1dhsmthe9****

The ID of the policy.

RegionId String Yes cn-hangzhou

The ID of the region.

Name String No testPolicyGroupName

The name of the policy.

Clipboard String No off

The permissions on clipboards. Valid values:

  • read: specifies one-way transfer. You can copy data from your computer to cloud desktops, but cannot copy data from cloud desktops to your computer.
  • readwrite: specifies two-way transfer. You can copy data between your computer and cloud desktops.
  • off: specifies that the two-way transfer is disabled. You cannot copy data between your computer and cloud desktops.
LocalDrive String No off

The permissions on local disk mapping. Valid values:

  • read: read-only permissions. Local disks are mapped to cloud desktops. You can only read (copy) local files but cannot modify them.
  • readwrite: read and write permissions. Local disks are mapped to cloud desktops. You can read (copy) and modify local files.
  • off: no permissions. Local disks are not mapped to cloud desktops.
UsbRedirect String No off

Specifies whether to enable USB redirection. Valid values:

  • on: enables USB redirection.
  • off: disables USB redirection.
VisualQuality String No off

Specify whether to enable the policy of image display quality. Valid values:

  • on: enables the policy of image display quality.
  • off: disables the policy of image display quality.

Default value: off.

Html5Access String No off

Specifies whether to allow the access from HTM5 clients to a cloud desktop. Valid values:

  • on: allows the access.
  • off: denies the access.

Default value: off.

Note We recommend that you use the ClientType-related parameters to control the EDS client type for cloud desktop logon.
Html5FileTransfer String No off

The file transfer policy for HTML5 clients. Valid values:

  • off: Files cannot be uploaded from or downloaded to HTML5 clients.
  • upload: Files can be uploaded from HTML5 clients.
  • download: Files can be downloaded to HTML5 clients.
  • all: Files can be uploaded from and downloaded to HTML5 clients.

Default value: off.

Watermark String No off

Specifies whether to enable watermarking. Valid values:

  • on: enables watermarking.
  • off: disables watermarking.
WatermarkType String No EndUserId

The type of the watermark. You can specify multiple watermark types at a time. Separate watermark types with commas (,). Valid values:

  • EndUserId: the username
  • HostName: the last 15 characters of the cloud desktop ID
WatermarkTransparency String No LIGHT

The transparency of the watermark. The valid values include:

  • LIGHT
  • MIDDLE
  • DARK
PreemptLogin String No off

Specifies whether to allow user preemption. Default value: off. You cannot change the value.

DomainList String No [black:],example.com

The domain blacklist or whitelist. Wildcard domains are supported. Separate domain names with commas (,). Valid values:

  • [black:],example1.com,example2.com: the domain name blacklist.
  • [white:],example1.com,example2.com: the domain name whitelist.
PrinterRedirection String No off

Specifies whether to enable printer redirection. Valid values:

  • off: disables printer redirection.
  • on: enables printer redirection.
PreemptLoginUser.N RepeatList No Alice

User N that is allowed to log on to a cloud desktop that another user is logged on.

Note To improve user experience and ensure data security, multiple regular users are not allowed to log on to the same cloud desktop.
AuthorizeSecurityPolicyRule.N.Type String No inflow

The direction of security group rule N. Valid values:

  • inflow: inbound
  • outflow: outbound
AuthorizeSecurityPolicyRule.N.Policy String No accept

The authorization policy of security group rule N. Valid values:

  • accept: specifies the Allow policy that allows all access requests.
  • drop: specifies the Deny policy that denies all access requests. If no messages of access denied are returned, the requests time out or failed.
AuthorizeSecurityPolicyRule.N.PortRange String No 22/22

The port range of security group rule N. The value of the port range is determined by the protocol type specified by the AuthorizeSecurityPolicyRule.N.IpProtocol parameter.

  • When the AuthorizeSecurityPolicyRule.N.IpProtocol parameter is set to tcp or udp, the port range is 1 to 65535. Separate the start port number and the end port number with a forward slash (/). Example: 1/200.
  • When AuthorizeSecurityPolicyRule.N.IpProtocol is set to icmp, set the value to -1/-1.
  • When AuthorizeSecurityPolicyRule.N.IpProtocol is set to gre, set the value to -1/-1.
  • When AuthorizeSecurityPolicyRule.N.IpProtocol is set to all, set the value to -1/-1.

For more information about the common ports of typical applications, see Common ports.

AuthorizeSecurityPolicyRule.N.Description String No test

The description of security group rule N.

AuthorizeSecurityPolicyRule.N.IpProtocol String No tcp

The protocol type of security group rule N. Valid values:

  • tcp: TCP
  • udp: UDP
  • icmp: ICMP (IPv4)
  • gre: GRE
  • all: all protocols
AuthorizeSecurityPolicyRule.N.Priority String No 1

The priority of security group rule N. A smaller value indicates a higher priority.

Valid values: 1 to 60.

Default value: 1.

AuthorizeSecurityPolicyRule.N.CidrIp String No 10.0.XX.XX/8

The object to which the security group rule applies. The value is an IPv4 CIDR block.

RevokeSecurityPolicyRule.N.Type String No outflow

The direction of security group rule N that you want to delete.

RevokeSecurityPolicyRule.N.Policy String No accept

The authorization policy of security group rule N that you want to delete.

RevokeSecurityPolicyRule.N.PortRange String No 22/22

The port range of security group rule N that you want to delete.

RevokeSecurityPolicyRule.N.Description String No test

The description of security group rule N that you want to delete

RevokeSecurityPolicyRule.N.IpProtocol String No tcp

The protocol type of security group rule N that you want to delete.

RevokeSecurityPolicyRule.N.Priority String No 1

The priority of security group rule N that you want to delete.

RevokeSecurityPolicyRule.N.CidrIp String No 192.168.XX.XX/8

The IPv4 CIDR block of security group rule N that you want to delete.

AuthorizeAccessPolicyRule.N.Description String No test

The description of the client IP address whitelist.

RevokeAccessPolicyRule.N.Description String No test

The description of the client IP address whitelist that you want to delete.

RevokeAccessPolicyRule.N.CidrIp String No 10.0.XX.XX/8

The IPv4 CIDR block that can be accessed from the client.

ClientType.N.ClientType String No ON

Specifies whether a specific client type is allowed to log on to the cloud desktop. Valid values:

  • ON: allowed
  • OFF: denied
ClientType.N.Status String No windows

The client of type N that is allowed to log on to the cloud desktop. Valid values:

  • windows: the Windows client
  • linux: the Alibaba Cloud device
  • macos: the macOS client
  • ios: the iOS client
  • android: the Android client
  • html5: the web client

Response parameters

Parameter Type Example Description
RequestId String 1CBAFFAB-B697-4049-A9B1-67E1FC5F****

The ID of the request.

Examples

Sample requests

https://ecd.cn-hangzhou.aliyuncs.com/?Action=ModifyPolicyGroup
&PolicyGroupId=pg-gx2x1dhsmthe9****
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format

<ModifyPolicyGroupResponse>
  <RequestId>1CBAFFAB-B697-4049-A9B1-67E1FC5F****</RequestId>
</ModifyPolicyGroupResponse>

JSON format

{
    "ModifyPolicyGroupResponse": {
        "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****"
    }
}