Creates a rule for a permission group.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer automatically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateAccessRule

The operation that you want to perform.

Set the value to CreateAccessRule.

AccessGroupName String Yes classic-test

The name of the permission group.

SourceCidrIp String Yes 192.0.2.0/16

The IP address or CIDR block of the authorized object.

You can specify only one IP address or CIDR block for this parameter.

Note If the permission group resides in the classic network, you can specify only one IP address for this parameter.
RWAccessType String No RDWR

Grants access permissions on the file system to the authorized object.

Valid values:

  • RDWR: the default value, which indicates the read and write permissions.
  • RDONLY: the read-only permissions.
UserAccessType String No no_squash

The access permissions for different types of users in the authorized object.

Valid values:

  • no_squash: allows access from root users to the file system.
  • root_squash: grants root users the least permissions as the nobody user.
  • all_squash: grants all users the least permissions as the nobody user.

The nobody user has the least permissions in Linux and can access only the public content of the file system. This ensures the security of the file system.

Priority Integer No 1

The priority of the rule in the permission group.

The rule with the highest priority takes effect if multiple rules are attached to the authorized object.

Valid values: 1 to 100. The value 1 indicates the highest priority.

FileSystemType String No standard

The type of the file system.

Valid values:

  • standard: the default value, which indicates General-purpose NAS file systems.
  • extreme: Extreme NAS file systems.
Ipv6SourceCidrIp String No 2001:250:6000::***

The IPv6 address or IPv6 CIDR block of the authorized object.

You can specify an IPv6 address or IPv6 CIDR block for this parameter.

Note
  • Only Extreme NAS file systems that reside in the China (Hohhot) region support IPv6.
  • Only permission groups that reside in VPC support IPv6.
  • This parameter is unavailable if you specify the SourceCidrIp parameter.

Response parameters

Parameter Type Example Description
AccessRuleId String 1

The ID of the rule.

RequestId String A323836B-5BC6-45A6-8048-60675C23****

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/? Action=CreateAccessRule
&AccessGroupName=classic-test
&SourceCidrIp=192.0.2.0/16
&<Common request parameters>

Sample success responses

XML format

<CreateAccessRuleResponse>
    <AccessRuleId>1</AccessRuleId>
    <RequestId>A323836B-5BC6-45A6-8048-60675C23****</RequestId>
</CreateAccessRuleResponse>

JSON format

{
  "RequestId": "A323836B-5BC6-45A6-8048-60675C23****",
  "AccessRuleId": "1"
}

Error codes

HttpCode Error code Error message Description
400 InvalidParam.Ipv6SourceCidrIp IPv6 address verification failed. The error message returned because IPv6 address verification has failed.
400 InvalidParam.SourceCidrIp IPv4 address verification failed. The error message returned because IPv4 address verification has failed.
400 InvalidParam.IPv4AndIPv6MutuallyExclusive You cannot configure IPv4 and IPv6 at the same time. The error message returned because IPv4 and IPv6 cannot be specified at the same time.
400 InvalidAccessGroup.NotsupportedIPv6 The access group does not support IPv6. The error message returned because the permission group does not support IPv6.

For a list of error codes, visit the API Error Center.