Creates a custom access control policy.

Usage notes

This topic provides an example on how to call the API operation to create a custom access control policy named ExampleControlPolicy. This access control policy is used to prohibit modifications to the ResourceDirectoryAccountAccessRole role and the permissions of the role.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateControlPolicy

The operation that you want to perform. Set the value to CreateControlPolicy.

PolicyName String Yes ExampleControlPolicy

The name of the access control policy.

The name must be 1 to 128 characters in length. The name can contain letters, digits, and hyphens (-) and must start with a letter.

Description String No ExampleControlPolicy

The description of the access control policy.

The description must be 1 to 1,024 characters in length. The description can contain letters, digits, underscores (_), and hyphens (-) and must start with a letter.

EffectScope String Yes RAM

The effective scope of the access control policy.

The value RAM indicates that the access control policy takes effect only for RAM users and RAM roles.

PolicyDocument String Yes null

The document of the access control policy.

The document can be a maximum of 4,096 characters in length.

For more information about the languages of access control policies, see Languages of access control policies.

For more information about the examples of access control policies, see Examples of custom access control policies.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
ControlPolicy Object

The details of the access control policy.

UpdateDate String 2021-03-18T09:24:19Z

The time when the access control policy was updated.

Description String ExampleControlPolicy

The description of the access control policy.

EffectScope String RAM

The effective scope of the access control policy.

The value RAM indicates that the access control policy takes effect only for RAM users and RAM roles.

AttachmentCount String 0

The number of times that the access control policy is referenced.

PolicyName String ExampleControlPolicy

The name of the access control policy.

PolicyId String cp-jExXAqIYkwHN****

The ID of the access control policy.

CreateDate String 2021-03-18T09:24:19Z

The time when the access control policy was created.

PolicyType String Custom

The type of the access control policy. Valid values:

  • System: system access control policy
  • Custom: custom access control policy
RequestId String 776B05B3-A0B0-464B-A191-F4E1119A94B2

The ID of the request.

Examples

Sample requests

https://resourcemanager.aliyuncs.com/?Action=CreateControlPolicy
&EffectScope=RAM
&PolicyDocument={"Version":"1","Statement":[{"Effect":"Deny","Action":["ram:UpdateRole","ram:DeleteRole","ram:AttachPolicyToRole","ram:DetachPolicyFromRole"],"Resource":"acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"}]}
&PolicyName=ExampleControlPolicy
&Description=ExampleControlPolicy
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<?xml version="1.0" encoding="UTF-8" ?>
<CreateControlPolicyResponse>
	<ControlPolicy>
		<PolicyType>Custom</PolicyType>
		<UpdateDate>2021-03-18T09:24:19Z</UpdateDate>
		<Description>ExampleControlPolicy</Description>
		<AttachmentCount>0</AttachmentCount>
		<PolicyName>ExampleControlPolicy</PolicyName>
		<CreateDate>2021-03-18T09:24:19Z</CreateDate>
		<PolicyId>cp-jExXAqIYkwHN****</PolicyId>
		<EffectScope>RAM</EffectScope>
	</ControlPolicy>
	<RequestId>776B05B3-A0B0-464B-A191-F4E1119A94B2</RequestId>
</CreateControlPolicyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "ControlPolicy" : {
    "PolicyType" : "Custom",
    "UpdateDate" : "2021-03-18T09:24:19Z",
    "Description" : "ExampleControlPolicy",
    "AttachmentCount" : 0,
    "PolicyName" : "ExampleControlPolicy",
    "CreateDate" : "2021-03-18T09:24:19Z",
    "PolicyId" : "cp-jExXAqIYkwHN****",
    "EffectScope" : "RAM"
  },
  "RequestId" : "776B05B3-A0B0-464B-A191-F4E1119A94B2"
}

Error codes

For a list of error codes, visit the API Error Center.