You can create an IoT Platform-specific custom policy and attach the policy to a Resource Access Management (RAM) user. This policy allows the RAM user to call the corresponding API operation of IoT Platform.

For more information about how to authorize a RAM user, see Custom permissions.

The following table describes the valid values of the Action parameter that must be specified when you create an IoT Platform-specific RAM policy.

Operation Action in a RAM policy Resource in the RAM policy Description
CreateProduct iot:CreateProduct * Creates a product.
UpdateProduct iot:UpdateProduct * Modifies the details of a product.
QueryProduct iot:QueryProduct * Queries the details of a product.
QueryProductList iot:QueryProductList * Queries products.
DeleteProduct iot:DeleteProduct * Deletes a product.
CreateProductTags iot:CreateProductTags * Creates tags for a product.
UpdateProductTags iot:UpdateProductTags * Updates the tags of a product.
DeleteProductTags iot:DeleteProductTags * Deletes the tags of a product.
ListProductTags iot:ListProductTags * Queries product tags.
ListProductByTags iot:ListProductByTags * Queries products by tag.
RegisterDevice iot:RegisterDevice * Registers a device.
QueryDevice iot:QueryDevice * Queries the devices of a specified product.
DeleteDevice iot:DeleteDevice * Deletes a device.
QueryPageByApplyId iot:QueryPageByApplyId * Queries the details of the multiple devices that are registered at the same time.
BatchGetDeviceState iot:BatchGetDeviceState * Queries the status of multiple devices.
BatchRegisterDeviceWithApplyId iot:BatchRegisterDeviceWithApplyId * Registers multiple devices by application ID.
BatchRegisterDevice iot:BatchRegisterDevice * Registers multiple devices. Device names are randomly generated.
QueryBatchRegisterDeviceStatus iot:QueryBatchRegisterDeviceStatus * Queries the status of the multiple devices that are registered at the same time.
BatchCheckDeviceNames iot:BatchCheckDeviceNames * Customizes the names of multiple devices.
QueryDeviceStatistics iot:QueryDeviceStatistics * Queries device statistics.
QueryDeviceEventData iot:QueryDeviceEventData * Queries the historical events of a device.
QueryDeviceServiceData iot:QueryDeviceServiceData * Queries the service records of a device.
SetDeviceProperty iot:SetDeviceProperty * Sets the properties of a device.
SetDevicesProperty iot:SetDevicesProperty * Sets the properties of multiple devices.
InvokeThingService iot:InvokeThingService * Calls the service on a device.
InvokeThingsService iot:InvokeThingsService * Calls a service on multiple devices.
QueryDevicePropertyStatus iot:QueryDevicePropertyStatus * Queries the property snapshot of a device.
QueryDeviceDetail iot:QueryDeviceDetail * Queries the details of a device.
DisableThing iot:DisableThing * Disables a device.
EnableThing iot:EnableThing * Enables a device.
ResetThing iot:ResetThing * Resets a device.
GetThingTopo iot:GetThingTopo * Queries the topological relationships of a device.
RemoveThingTopo iot:RemoveThingTopo * Removes the topological relationships of a device.
NotifyAddThingTopo iot:NotifyAddThingTopo * Adds a topological relationship to IoT Platform.
QueryDevicePropertyData iot:QueryDevicePropertyData * Queries the historical properties of a device.
QueryDevicePropertiesData iot:QueryDevicePropertiesData * Queries the property data of a device.
GetGatewayBySubDevice iot:GetGatewayBySubDevice * Queries the details of a gateway by sub-device.
SaveDeviceProp iot:SaveDeviceProp * Sets tags for a device.
QueryDeviceProp iot:QueryDeviceProp * Queries the tags of a device.
DeleteDeviceProp iot:DeleteDeviceProp * Deletes the tags of a device.
QueryDeviceByTags iot:QueryDeviceByTags * Queries devices by tag.
CreateDeviceGroup iot:CreateDeviceGroup * Creates a device group.
UpdateDeviceGroup iot:UpdateDeviceGroup * Modifies the details of a group.
DeleteDeviceGroup iot:DeleteDeviceGroup * Deletes a device group.
BatchAddDeviceGroupRelations iot:BatchAddDeviceGroupRelations * Adds devices to a device group.
BatchDeleteDeviceGroupRelations iot:BatchDeleteDeviceGroupRelations * Removes a device from a group.
QueryDeviceGroupInfo iot:QueryDeviceGroupInfo * Queries the details of a device group.
QueryDeviceGroupList iot:QueryDeviceGroupList * Queries groups.
SetDeviceGroupTags iot:SetDeviceGroupTags * Adds or updates group tags.
QueryDeviceGroupTagList iot:QueryDeviceGroupTagList * Queries the tags of a device group.
QueryDeviceGroupByDevice iot:QueryDeviceGroupByDevice * Queries the groups to which a device belongs.
QueryDeviceListByDeviceGroup iot:QueryDeviceListByDeviceGroup * Queries devices in a device group.
QuerySuperDeviceGroup iot:QuerySuperDeviceGroup * Queries the details of a parent group by sub-group ID.
QueryDeviceGroupByTags iot:QueryDeviceGroupByTags * Queries groups by tag.
StartRule iot:StartRule * Enables a rule.
StopRule iot:StopRule * Disables a rule.
ListRule iot:ListRule * Queries rules.
GetRule iot:GetRule * Queries the details of a rule.
CreateRule iot:CreateRule * Creates a rule.
UpdateRule iot:UpdateRule * Modifies a rule.
DeleteRule iot:DeleteRule * Deletes a rule.
CreateRuleAction iot:CreateRuleAction * Creates a data forwarding method for a rule.
UpdateRuleAction iot:UpdateRuleAction * Modifies the data forwarding method of a rule.
DeleteRuleAction iot:DeleteRuleAction * Deletes a data forwarding method from a rule.
GetRuleAction iot:GetRuleAction * Queries the details of a data forwarding method.
ListRuleActions iot:ListRuleActions * Queries the data forwarding methods of a rule.
Pub iot:Pub * Publishes a message.
PubBroadcast iot:PubBroadcast * Publishes a message to all devices that subscribe to a topic.
RRpc iot:RRpc * Sends a request to a device and retrieve a response from the device.
CreateProductTopic iot:CreateProductTopic * Creates a topic category for a product.
DeleteProductTopic iot:DeleteProductTopic * Deletes a topic category.
QueryProductTopic iot:QueryProductTopic * Queries the topic categories of a product.
UpdateProductTopic iot:UpdateProductTopic * Modifies a topic category.
CreateTopicRouteTable iot:CreateTopicRouteTable * Creates routing relationships between topics.
DeleteTopicRouteTable iot:DeleteTopicRouteTable * Deletes a routing relationship.
QueryTopicReverseRouteTable iot:QueryTopicReverseRouteTable * Queries the source topics of a destination topic.
QueryTopicRouteTable iot:QueryTopicRouteTable * Queries the destination topics of a source topic.
GetDeviceShadow iot:GetDeviceShadow * Queries the details of a device shadow.
UpdateDeviceShadow iot:UpdateDeviceShadow * Modifies a device shadow.
SetDeviceDesiredProperty iot:SetDeviceDesiredProperty * Sets the desired property values of a device.
QueryDeviceDesiredProperty iot:QueryDeviceDesiredProperty * Queries the desired property values of a device.
BatchUpdateDeviceNickname iot:BatchUpdateDeviceNickname * Modifies the aliases of multiple devices.
QueryDeviceFileList iot:QueryDeviceFileList * Queries the details of all files that are uploaded to IoT Platform from a device.
QueryDeviceFile iot:QueryDeviceFile * Queries the details of a file that is uploaded to IoT Platform from a device.
DeleteDeviceFile iot:DeleteDeviceFile * Deletes a file that is uploaded to IoT Platform from a device.
QueryDeviceCert iot:QueryDeviceCert * Queries the X.509 certificate of a device.
QueryCertUrlByApplyId iot:QueryCertUrlByApplyId * Queries the URL from which you can download the X.509 certificates of registered devices.
BatchAddThingTopo iot:BatchAddThingTopo * Adds topological relationships between multiple sub-devices and a gateway.
QueryDeviceByStatus iot:QueryDeviceByStatus * Queries devices by status.
GenerateOTAUploadURL iot:GenerateOTAUploadURL * Generates the information that is used to upload firmware files to Object Storage Service (OSS).
CreateOTAFirmware iot:CreateOTAFirmware * Creates a firmware file.
DeleteOTAFirmware iot:DeleteOTAFirmware * Deletes a firmware file.
ListOTAFirmware iot:ListOTAFirmware * Queries all firmware files.
QueryOTAFirmware iot:QueryOTAFirmware * Queries the details of a firmware file.
CreateOTAVerifyJob iot:CreateOTAVerifyJob * Creates a firmware verification batch.
CreateOTAStaticUpgradeJob iot:CreateOTAStaticUpgradeJob * Creates a static update batch.
CreateOTADynamicUpgradeJob iot:CreateOTADynamicUpgradeJob * Creates a dynamic update batch.
ListOTAJobByFirmware iot:ListOTAJobByFirmware * Queries the update tasks of a firmware file.
ListOTAJobByDevice iot:ListOTAJobByDevice * Queries all firmware update batches of a device.
QueryOTAJob iot:QueryOTAJob * Queries the details of an update batch.
CancelOTAStrategyByJob iot:CancelOTAStrategyByJob * Cancels an update policy that is associated with a dynamic update batch.
CancelOTATaskByDevice iot:CancelOTATaskByDevice * Cancels the pending device update tasks of a firmware file.
CancelOTATaskByJob iot:CancelOTATaskByJob * Cancels the device update tasks of an update batch.
ListOTATaskByJob iot:ListOTATaskByJob * Queries the update tasks of a device by update batch.
CreateSubscribeRelation iot:CreateSubscribeRelation * Creates a Message Service (MNS) or an AMQP server-side subscription.
UpdateSubscribeRelation iot:UpdateSubscribeRelation * Modifies an MNS or AMQP server-side subscription.
QuerySubscribeRelation iot:QuerySubscribeRelation * Queries MNS or AMQP server-side subscriptions.
DeleteSubscribeRelation iot:DeleteSubscribeRelation * Deletes an MNS or AMQP server-side subscription.
CreateConsumerGroup iotCreateConsumerGroup * Creates a consumer group that is required for an AMQP server-side subscription.
UpdateConsumerGroup iot:UpdateConsumerGroup * Modifies the name of a consumer group.
QueryConsumerGroupByGroupId iot:QueryConsumerGroupByGroupId * Queries the details of a consumer group by consumer group ID.
QueryConsumerGroupList iot:QueryConsumerGroupList * Queries all consumer groups of an account, or performs a fuzzy search by consumer group name.
QueryConsumerGroupStatus iot:QueryConsumerGroupStatus * Queries the status of a consumer group when an AMQP server-side subscription is enabled. The status information includes the online client information, message consumption rate, number of accumulated messages, and latest message consumption time.
ResetConsumerGroupPosition iot:ResetConsumerGroupPosition * Clears the accumulated messages of a consumer group when an AMQP server-side subscription is enabled.
DeleteConsumerGroup iot:DeleteConsumerGroup * Deletes a consumer group.
CreateConsumerGroupSubscribeRelation iot:CreateConsumerGroupSubscribeRelation * Adds a consumer group to an AMQP server-side subscription.
DeleteConsumerGroupSubscribeRelation iot:DeleteConsumerGroupSubscribeRelation * Removes a consumer group from an AMQP server-side subscription.
Configure an AMQP server-side subscription iot:sub * Establishes a connection with IoT Platform by configuring an AMQP server-side subscription.