You can create a custom policy and attach the custom policy to a Resource Access Management (RAM) user. This policy allows the RAM user to call the required API operations.

For more information about how to authorize a RAM user, see Customize permissions.

The following table describes the API operations of IoT Platform and the valid values of the Action parameter. To authorize a RAM user to call the required API operations, you can specify the related values for the Action parameter.

IoT API Action Resource Description
CreateProduct iot:CreateProduct * Creates a product.
UpdateProduct iot:UpdateProduct * Modifies the details of a product.
QueryProduct iot:QueryProduct * Queries product details.
QueryProductList iot:QueryProductList * Queries products.
DeleteProduct iot:DeleteProduct * Deletes a product.
CreateProductTags iot:CreateProductTags * Creates product tags.
UpdateProductTags iot:UpdateProductTags * Updates product tags.
DeleteProductTags iot:DeleteProductTags * Deletes product tags.
ListProductTags iot:ListProductTags * Queries product tags.
ListProductByTags iot:ListProductByTags * Queries products by tag.
RegisterDevice iot:RegisterDevice * Creates a device.
QueryDevice iot:QueryDevice * Queries the devices of a specified product.
DeleteDevice iot:DeleteDevice * Deletes a device.
QueryPageByApplyId iot:QueryPageByApplyId * Queries the details of batch-created devices.
BatchGetDeviceState iot:BatchGetDeviceState * Queries the statuses of devices.
BatchRegisterDeviceWithApplyId iot:BatchRegisterDeviceWithApplyId * Creates multiple devices by ApplyId.
BatchRegisterDevice iot:BatchRegisterDevice * Creates multiple devices. Device names are randomly generated.
QueryBatchRegisterDeviceStatus iot:QueryBatchRegisterDeviceStatus * Queries the statuses and results of batch-created devices.
BatchCheckDeviceNames iot:BatchCheckDeviceNames * Names devices in batches.
QueryDeviceStatistics iot:QueryDeviceStatistics * Queries device statistics.
QueryDeviceEventData iot:QueryDeviceEventData * Queries the historical events of a device.
QueryDeviceServiceData iot:QueryDeviceServiceData * Queries the service records of a device.
SetDeviceProperty iot:SetDeviceProperty * Sets device properties.
SetDevicesProperty iot:SetDevicesProperty * Sets device properties in batches.
InvokeThingService iot:InvokeThingService * Invokes a service on a device.
InvokeThingsService iot:InvokeThingsService * Invokes a service on multiple devices.
QueryDevicePropertyStatus iot:QueryDevicePropertyStatus * Queries the property snapshot of a device.
QueryDeviceDetail iot:QueryDeviceDetail * Queries the details of a device.
DisableThing iot:DisableThing * Disables a device.
EnableThing iot:EnableThing * Enables a device.
ResetThing iot:ResetThing * Resets a device.
GetThingTopo iot:GetThingTopo * Queries the topological relationships of a device.
RemoveThingTopo iot:RemoveThingTopo * Removes the topological relationships of a device.
NotifyAddThingTopo iot:NotifyAddThingTopo * Instructs a gateway to add a topological relationship.
QueryDevicePropertyData iot:QueryDevicePropertyData * Queries the historical data of device properties.
QueryDevicePropertiesData iot:QueryDevicePropertiesData * Queries the reported property data of a device.
GetGatewayBySubDevice iot:GetGatewayBySubDevice * Queries the details of a gateway based on the details of an attached sub-device.
SaveDeviceProp iot:SaveDeviceProp * Specifies tags for a device.
QueryDeviceProp iot:QueryDeviceProp * Queries the tags of a device.
DeleteDeviceProp iot:DeleteDeviceProp * Deletes device tags.
QueryDeviceByTags iot:QueryDeviceByTags * Queries devices by tag.
CreateDeviceGroup iot:CreateDeviceGroup * Creates a group.
UpdateDeviceGroup iot:UpdateDeviceGroup * Modifies the details of a group.
DeleteDeviceGroup iot:DeleteDeviceGroup * Deletes a group.
BatchAddDeviceGroupRelations iot:BatchAddDeviceGroupRelations * Adds a device to a group.
BatchDeleteDeviceGroupRelations iot:BatchDeleteDeviceGroupRelations * Removes a device from a group.
QueryDeviceGroupInfo iot:QueryDeviceGroupInfo * Queries the details of a group.
QueryDeviceGroupList iot:QueryDeviceGroupList * Queries groups.
SetDeviceGroupTags iot:SetDeviceGroupTags * Adds or updates group tags.
QueryDeviceGroupTagList iot:QueryDeviceGroupTagList * Queries group tags.
QueryDeviceGroupByDevice iot:QueryDeviceGroupByDevice * Queries the details of groups to which a device belongs.
QueryDeviceListByDeviceGroup iot:QueryDeviceListByDeviceGroup * Queries all devices in a group.
QuerySuperDeviceGroup iot:QuerySuperDeviceGroup * Queries the details of parent groups by sub-group ID.
QueryDeviceGroupByTags iot:QueryDeviceGroupByTags * Queries groups by tag.
StartRule iot:StartRule * Enables a rule.
StopRule iot:StopRule * Disables a rule.
ListRule iot:ListRule * Queries rules.
GetRule iot:GetRule * Queries the details of a rule.
CreateRule iot:CreateRule * Creates a rule.
UpdateRule iot:UpdateRule * Modifies a rule.
DeleteRule iot:DeleteRule * Deletes a rule.
CreateRuleAction iot:CreateRuleAction * Creates a data forwarding method for a rule.
UpdateRuleAction iot:UpdateRuleAction * Modifies a data forwarding method for a rule.
DeleteRuleAction iot:DeleteRuleAction * Deletes a data forwarding method from a rule.
GetRuleAction iot:GetRuleAction * Queries the details of a data forwarding method.
ListRuleActions iot:ListRuleActions * Queries the data forwarding methods of a rule.
Pub iot:Pub * Publishes a message.
PubBroadcast iot:PubBroadcast * Publishes a message to all devices that subscribe to a broadcast topic.
RRpc iot:RRpc * Sends a request to a device and retrieve a response from the device.
CreateProductTopic iot:CreateProductTopic * Creates a topic category for a product.
DeleteProductTopic iot:DeleteProductTopic * Deletes a topic category from a product.
QueryProductTopic iot:QueryProductTopic * Queries the topic categories of a product.
UpdateProductTopic iot:UpdateProductTopic * Modifies a topic category for a product.
CreateTopicRouteTable iot:CreateTopicRouteTable * Creates routing relationships between topics.
DeleteTopicRouteTable iot:DeleteTopicRouteTable * Deletes a routing relationship.
QueryTopicReverseRouteTable iot:QueryTopicReverseRouteTable * Queries the source topics of a destination topic.
QueryTopicRouteTable iot:QueryTopicRouteTable * Queries the destination topics of a source topic.
GetDeviceShadow iot:GetDeviceShadow * Queries the details of a device shadow.
UpdateDeviceShadow iot:UpdateDeviceShadow * Modifies a device shadow.
SetDeviceDesiredProperty iot:SetDeviceDesiredProperty * Specifies the required property values for a device.
QueryDeviceDesiredProperty iot:QueryDeviceDesiredProperty * Queries the properties values of a device.
BatchUpdateDeviceNickname iot:BatchUpdateDeviceNickname * Modifies the aliases of multiple devices.
QueryDeviceFileList iot:QueryDeviceFileList * Queries the details of all files that are uploaded to IoT Platform from a device.
QueryDeviceFile iot:QueryDeviceFile * Queries the details of a file that is uploaded to IoT Platform from a device.
DeleteDeviceFile iot:DeleteDeviceFile * Deletes a file that is uploaded to IoT Platform from a device.
QueryDeviceCert iot:QueryDeviceCert * Queries the X.509 certificate of a device.
QueryCertUrlByApplyId iot:QueryCertUrlByApplyId * Queries the URL from which you can download the X.509 certificates of batch-created devices.
BatchAddThingTopo iot:BatchAddThingTopo * Adds multiple sub-devices to a gateway.
QueryDeviceByStatus iot:QueryDeviceByStatus * Queries devices by status.
GenerateOTAUploadURL iot:GenerateOTAUploadURL * Generates the information that is used to upload firmware files to Object Storage Service (OSS).
CreateOTAFirmware iot:CreateOTAFirmware * Creates a firmware update.
DeleteOTAFirmware iot:DeleteOTAFirmware * Deletes a firmware update.
ListOTAFirmware iot:ListOTAFirmware * Queries firmware updates.
QueryOTAFirmware iot:QueryOTAFirmware * Queries the details of a firmware update.
CreateOTAVerifyJob iot:CreateOTAVerifyJob * Creates a firmware verification task.
CreateOTAStaticUpgradeJob iot:CreateOTAStaticUpgradeJob * Creates a static update task.
CreateOTADynamicUpgradeJob iot:CreateOTADynamicUpgradeJob * Creates a dynamic update task.
ListOTAJobByFirmware iot:ListOTAJobByFirmware * Queries all update tasks of a firmware update.
ListOTAJobByDevice iot:ListOTAJobByDevice * Queries all firmware update tasks of a device.
QueryOTAJob iot:QueryOTAJob * Queries the details of an update task.
CancelOTAStrategyByJob iot:CancelOTAStrategyByJob * Cancels a dynamic update policy that is related to a dynamic update task.
CancelOTATaskByDevice iot:CancelOTATaskByDevice * Cancels update tasks for devices that are in the pending update state.
CancelOTATaskByJob iot:CancelOTATaskByJob * Cancels update tasks.
ListOTATaskByJob iot:ListOTATaskByJob * Queries update tasks.
CreateSubscribeRelation iot:CreateSubscribeRelation * Creates a Message Service (MNS) or Advanced Message Queuing Protocol (AMQP) server-side subscription.
UpdateSubscribeRelation iot:UpdateSubscribeRelation * Modifies an MNS or AMQP server-side subscription.
QuerySubscribeRelation iot:QuerySubscribeRelation * Queries the details of an MNS or AMQP server-side subscription.
DeleteSubscribeRelation iot:DeleteSubscribeRelation * Deletes an MNS or AMQP server-side subscription.
CreateConsumerGroup iotCreateConsumerGroup * Creates a consumer group that is required by an AMQP server-side subscription.
UpdateConsumerGroup iot:UpdateConsumerGroup * Modifies the name of a consumer group.
QueryConsumerGroupByGroupId iot:QueryConsumerGroupByGroupId * Queries the details of a consumer group based on the consumer group ID.
QueryConsumerGroupList iot:QueryConsumerGroupList * Queries all consumer groups of an account, or perform a fuzzy search based on a consumer group name.
QueryConsumerGroupStatus iot:QueryConsumerGroupStatus * Queries the status of a consumer group of an AMQP server-side subscription. The status information includes the online client information, message consumption rate, number of accumulated messages, and last message consumption time.
ResetConsumerGroupPosition iot:ResetConsumerGroupPosition * Clears the accumulated messages of a consumer group of an AMQP server-side subscription.
DeleteConsumerGroup iot:DeleteConsumerGroup * Deletes a consumer group.
CreateConsumerGroupSubscribeRelation iot:CreateConsumerGroupSubscribeRelation * Adds a consumer group to an AMQP subscription.
DeleteConsumerGroupSubscribeRelation iot:DeleteConsumerGroupSubscribeRelation * Removes a consumer group from multiple consumer groups of an AMQP subscription.