All Products
Search

This Product

    Key Management Service:UpdatePolicy

    Document Center

    Key Management Service:UpdatePolicy

    Last Updated:Oct 11, 2023

    Updates a permission policy.

    • You can update the role-based access control (RBAC) permissions, accessible resources, access control rules, and description of a permission policy. You cannot update the name or scope of a permission policy.
    • Updating a permission policy affects all application access points (AAPs) that are bound to the permission policy. Exercise caution when you perform this operation.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

    Request parameters

    Parameter

    Type

    Required

    Example

    Description
    Action String Yes UpdatePolicy

    The operation that you want to perform. Set the value to UpdatePolicy.

    Name String Yes policy_test

    The name of the permission policy that you want to update.

    Permissions String No ["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]

    The operations that are supported by the updated policy. Valid values:

    • RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.
    • RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.

    You can select both.

    Resources String No ["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]

    The key and secret that are allowed to access after the update.

    • Key: Enter a key in the key/${KeyId} format. To allow access to all keys of a KMS instance, enter key/*.
    • Secret: Enter a secret in the secret/${SecretName} format. To allow access to all secrets of a KMS instance, enter secret/*.
    AccessControlRules String No {"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}

    The access control rule.

    Note For more information about how to query created access control rules, see ListNetworkRules.
    Description String No policy description

    The description.

    Response parameters

    Parameter

    Type

    Example

    Description
    RequestId String f455324b-e229-4066-9f58-9c1cf3fe83a8

    The ID of the request, which is used to locate and troubleshoot issues.

    Examples

    Sample requests

    http(s)://[Endpoint]/?Action=UpdatePolicy
&Name=policy_test
&Permissions=["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]
&Resources=["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]
&AccessControlRules={"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}
&Description=policy  description
&Common request parameters

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<UpdatePolicyResponse>
    <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a8</RequestId>
</UpdatePolicyResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "f455324b-e229-4066-9f58-9c1cf3fe83a8"
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 InvalidParameter The specified parameter is not valid. The specified parameter is invalid.
    404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records. The specified AccessKey ID does not exist.

    For a list of error codes, see Service error codes.