All Products
Search
Document Center

IoT Platform:Mapping between IoT Platform API operations and RAM policies

Last Updated:May 08, 2023

You can create a custom policy for IoT Platform and attach the policy to a RAM user. This policy grants the RAM user the permissions to call a specified IoT Platform API operation.

For information about how to grant permissions to a RAM user, see Custom permissions.

The following table describes the valid values of the Action element that you must configure when you create a custom Resource Access Management (RAM) policy for IoT Platform.

Important

The following table describes specific API operations that you can specify in RAM policies. The API operations must be specified in the iot:${API operation name} format. ${API operation name} specifies the name of an API operation that you want to specify. For information about the API operations provided by IoT Platform, see List of operations by function.

Operation

Action in a RAM policy

Resource in the RAM policy

Description

CreateProduct

iot:CreateProduct

*

Creates a product.

UpdateProduct

iot:UpdateProduct

*

Modifies the details of a product.

QueryProduct

iot:QueryProduct

*

Queries the details of a product.

QueryProductList

iot:QueryProductList

*

Queries products.

DeleteProduct

iot:DeleteProduct

*

Deletes a product.

CreateProductTags

iot:CreateProductTags

*

Creates product tags.

UpdateProductTags

iot:UpdateProductTags

*

Modifies the tags of a product.

DeleteProductTags

iot:DeleteProductTags

*

Deletes product tags.

ListProductTags

iot:ListProductTags

*

Queries product tags.

ListProductByTags

iot:ListProductByTags

*

Queries products by tag.

RegisterDevice

iot:RegisterDevice

*

Registers a device.

QueryDevice

iot:QueryDevice

*

Queries the devices of a specified product.

DeleteDevice

iot:DeleteDevice

*

Deletes a device.

QueryPageByApplyId

iot:QueryPageByApplyId

*

Queries the details of multiple devices that are registered at the same time.

BatchGetDeviceState

iot:BatchGetDeviceState

*

Queries the statuses of multiple devices.

BatchRegisterDeviceWithApplyId

iot:BatchRegisterDeviceWithApplyId

*

Creates multiple devices by application ID.

BatchRegisterDevice

iot:BatchRegisterDevice

*

Registers multiple devices. Device names are randomly generated.

QueryBatchRegisterDeviceStatus

iot:QueryBatchRegisterDeviceStatus

*

Queries the statuses of multiple devices that are registered at the same time.

BatchCheckDeviceNames

iot:BatchCheckDeviceNames

*

Specifies custom names for multiple devices at a time.

QueryDeviceStatistics

iot:QueryDeviceStatistics

*

Queries device statistics.

QueryDeviceEventData

iot:QueryDeviceEventData

*

Queries the historical events of a device.

QueryDeviceServiceData

iot:QueryDeviceServiceData

*

Queries the service records of a device.

SetDeviceProperty

iot:SetDeviceProperty

*

Configures properties for a device.

SetDevicesProperty

iot:SetDevicesProperty

*

Configures properties for multiple devices.

InvokeThingService

iot:InvokeThingService

*

Calls a service on a device.

InvokeThingsService

iot:InvokeThingsService

*

Calls a service on multiple devices.

QueryDevicePropertyStatus

iot:QueryDevicePropertyStatus

*

Queries the property snapshot of a device.

QueryDeviceDetail

iot:QueryDeviceDetail

*

Queries the details of a device.

DisableThing

iot:DisableThing

*

Disables a device.

EnableThing

iot:EnableThing

*

Enables a device.

ResetThing

iot:ResetThing

*

Resets a device.

GetThingTopo

iot:GetThingTopo

*

Queries the topological relationships of a device.

RemoveThingTopo

iot:RemoveThingTopo

*

Removes the topological relationships of a device.

NotifyAddThingTopo

iot:NotifyAddThingTopo

*

Adds a topological relationship to IoT Platform.

QueryDevicePropertyData

iot:QueryDevicePropertyData

*

Queries the historical properties of a device.

QueryDevicePropertiesData

iot:QueryDevicePropertiesData

*

Queries the property data of a device.

GetGatewayBySubDevice

iot:GetGatewayBySubDevice

*

Queries the information about a gateway device based on sub-device information.

SaveDeviceProp

iot:SaveDeviceProp

*

Specifies tags for a device.

QueryDeviceProp

iot:QueryDeviceProp

*

Queries the tags of a device.

DeleteDeviceProp

iot:DeleteDeviceProp

*

Deletes the tags of a device.

QueryDeviceByTags

iot:QueryDeviceByTags

*

Queries devices by tag.

CreateDeviceGroup

iot:CreateDeviceGroup

*

Creates a device group.

UpdateDeviceGroup

iot:UpdateDeviceGroup

*

Modifies the details of a device group.

DeleteDeviceGroup

iot:DeleteDeviceGroup

*

Deletes a device group.

BatchAddDeviceGroupRelations

iot:BatchAddDeviceGroupRelations

*

Adds devices to a device group.

BatchDeleteDeviceGroupRelations

iot:BatchDeleteDeviceGroupRelations

*

Removes a device from a device group.

QueryDeviceGroupInfo

iot:QueryDeviceGroupInfo

*

Queries the details of a device group.

QueryDeviceGroupList

iot:QueryDeviceGroupList

*

Queries device groups.

SetDeviceGroupTags

iot:SetDeviceGroupTags

*

Creates tags for a device group or updates the tags of a device group.

QueryDeviceGroupTagList

iot:QueryDeviceGroupTagList

*

Queries the tags of a device group.

QueryDeviceGroupByDevice

iot:QueryDeviceGroupByDevice

*

Queries the device groups to which a device belongs.

QueryDeviceListByDeviceGroup

iot:QueryDeviceListByDeviceGroup

*

Queries devices in a device group.

QuerySuperDeviceGroup

iot:QuerySuperDeviceGroup

*

Queries the details of a parent device group by sub-group ID.

QueryDeviceGroupByTags

iot:QueryDeviceGroupByTags

*

Queries device groups by tag.

StartRule

iot:StartRule

*

Enables a rule.

StopRule

iot:StopRule

*

Disables a rule.

ListRule

iot:ListRule

*

Queries rules.

GetRule

iot:GetRule

*

Queries the details of a rule.

CreateRule

iot:CreateRule

*

Creates a rule.

UpdateRule

iot:UpdateRule

*

Modifies a rule.

DeleteRule

iot:DeleteRule

*

Deletes a rule.

CreateRuleAction

iot:CreateRuleAction

*

Creates a data forwarding method for a rule.

UpdateRuleAction

iot:UpdateRuleAction

*

Modifies the data forwarding method of a rule.

DeleteRuleAction

iot:DeleteRuleAction

*

Deletes a data forwarding method from a rule.

GetRuleAction

iot:GetRuleAction

*

Queries the details of a data forwarding method.

ListRuleActions

iot:ListRuleActions

*

Queries the data forwarding methods of a rule.

Pub

iot:Pub

*

Publishes messages.

PubBroadcast

iot:PubBroadcast

*

Publishes a message to all devices that subscribe to a topic.

RRpc

iot:RRpc

*

Sends a request to a device and obtains a response from the device.

CreateProductTopic

iot:CreateProductTopic

*

Creates a topic category for a product.

DeleteProductTopic

iot:DeleteProductTopic

*

Deletes a topic category.

QueryProductTopic

iot:QueryProductTopic

*

Queries the topic categories of a product.

UpdateProductTopic

iot:UpdateProductTopic

*

Modifies a topic category.

CreateTopicRouteTable

iot:CreateTopicRouteTable

*

Creates routing relationships between topics.

DeleteTopicRouteTable

iot:DeleteTopicRouteTable

*

Deletes a routing relationship.

QueryTopicReverseRouteTable

iot:QueryTopicReverseRouteTable

*

Queries the source topics of a destination topic.

QueryTopicRouteTable

iot:QueryTopicRouteTable

*

Queries the destination topics of a source topic.

GetDeviceShadow

iot:GetDeviceShadow

*

Queries the details of a device shadow.

UpdateDeviceShadow

iot:UpdateDeviceShadow

*

Modifies a device shadow.

SetDeviceDesiredProperty

iot:SetDeviceDesiredProperty

*

Specifies desired property values for a device.

QueryDeviceDesiredProperty

iot:QueryDeviceDesiredProperty

*

Queries the property values of a device.

BatchUpdateDeviceNickname

iot:BatchUpdateDeviceNickname

*

Modifies the aliases of multiple devices.

QueryDeviceFileList

iot:QueryDeviceFileList

*

Queries the details of all files that are uploaded to IoT Platform from a device.

QueryDeviceFile

iot:QueryDeviceFile

*

Queries the details of a file that is uploaded to IoT Platform from a device.

DeleteDeviceFile

iot:DeleteDeviceFile

*

Deletes a file that is uploaded to IoT Platform from a device.

QueryDeviceCert

iot:QueryDeviceCert

*

Queries the X.509 certificate of a device.

QueryCertUrlByApplyId

iot:QueryCertUrlByApplyId

*

Queries the URL from which you can download the X.509 certificates of registered devices.

BatchAddThingTopo

iot:BatchAddThingTopo

*

Establishes topological relationships between multiple sub-devices and a gateway device.

QueryDeviceByStatus

iot:QueryDeviceByStatus

*

Queries devices by status.

GenerateOTAUploadURL

iot:GenerateOTAUploadURL

*

Generates the information that is used to upload firmware files to Object Storage Service (OSS).

CreateOTAFirmware

iot:CreateOTAFirmware

*

Creates a firmware file.

DeleteOTAFirmware

iot:DeleteOTAFirmware

*

Deletes a firmware file.

ListOTAFirmware

iot:ListOTAFirmware

*

Queries all firmware files.

QueryOTAFirmware

iot:QueryOTAFirmware

*

Queries the details of a firmware file.

CreateOTAVerifyJob

iot:CreateOTAVerifyJob

*

Creates a firmware verification batch.

CreateOTAStaticUpgradeJob

iot:CreateOTAStaticUpgradeJob

*

Creates a static update batch.

CreateOTADynamicUpgradeJob

iot:CreateOTADynamicUpgradeJob

*

Creates a dynamic update batch.

ListOTAJobByFirmware

iot:ListOTAJobByFirmware

*

Queries the update tasks of a firmware file.

ListOTAJobByDevice

iot:ListOTAJobByDevice

*

Queries all firmware update batches of a device.

QueryOTAJob

iot:QueryOTAJob

*

Queries the details of an update batch.

CancelOTAStrategyByJob

iot:CancelOTAStrategyByJob

*

Cancels an update policy that is associated with a dynamic update batch.

CancelOTATaskByDevice

iot:CancelOTATaskByDevice

*

Cancels the pending device update tasks of a firmware file.

CancelOTATaskByJob

iot:CancelOTATaskByJob

*

Cancels the device update tasks of an update batch.

ListOTATaskByJob

iot:ListOTATaskByJob

*

Queries the update tasks of a device by update batch.

CreateSubscribeRelation

iot:CreateSubscribeRelation

*

Creates a Message Service (MNS) or Advanced Message Queuing Protocol (AMQP) server-side subscription.

UpdateSubscribeRelation

iot:UpdateSubscribeRelation

*

Modifies an MNS or AMQP server-side subscription.

QuerySubscribeRelation

iot:QuerySubscribeRelation

*

Queries the details of an MNS or AMQP server-side subscription.

DeleteSubscribeRelation

iot:DeleteSubscribeRelation

*

Deletes an MNS or AMQP server-side subscription.

CreateConsumerGroup

iotCreateConsumerGroup

*

Creates a consumer group to create an AMQP server-side subscription.

UpdateConsumerGroup

iot:UpdateConsumerGroup

*

Changes the name of a consumer group.

QueryConsumerGroupByGroupId

iot:QueryConsumerGroupByGroupId

*

Queries the details of a consumer group by consumer group ID.

QueryConsumerGroupList

iot:QueryConsumerGroupList

*

Queries all consumer groups of an account or performs a fuzzy search by consumer group name.

QueryConsumerGroupStatus

iot:QueryConsumerGroupStatus

*

Queries the status of a consumer group when an AMQP server-side subscription is enabled. The status information includes the online client information, message consumption rate, number of accumulated messages, and the most recent message consumption time.

ResetConsumerGroupPosition

iot:ResetConsumerGroupPosition

*

Clears the accumulated messages of a consumer group when an AMQP server-side subscription is enabled.

DeleteConsumerGroup

iot:DeleteConsumerGroup

*

Deletes a consumer group.

CreateConsumerGroupSubscribeRelation

iot:CreateConsumerGroupSubscribeRelation

*

Adds a consumer group to an AMQP server-side subscription.

DeleteConsumerGroupSubscribeRelation

iot:DeleteConsumerGroupSubscribeRelation

*

Removes a consumer group from an AMQP subscription.

Configure an AMQP server-side subscription

iot:sub

*

Establishes a connection to IoT Platform by using an AMQP server-side subscription.