All Products
Search

This Product

    Key Management Service:DescribePolicy

    Document Center

    Key Management Service:DescribePolicy

    Last Updated:Mar 24, 2026

    Retrieves the details of a permission policy.

    Operation description

    For more information about the access policy required by a RAM user or RAM role to call this API, see Resource Access Management.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    No authorization for this operation. If you encounter issues with this operation, contact technical support.

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    Name

    string

    Yes

    The name of the permission policy that you want to query.

    policy_test

    Response elements

    Element

    Type

    Description

    Example

    object

    RequestId

    string

    The request ID.

    f455324b-e229-4066-9f58-9c1cf3fe83a9
    Arn

    string

    The Alibaba Cloud Resource Name (ARN) of the permission policy.

    acs:kms:cn-hangzhou:119285303511****:policy/policy_test
    Name

    string

    The name of the permission policy.

    policy_test
    Description

    string

    The description.

    policy description
    KmsInstance

    string

    The scope of the permission policy.

    kst-hzz634e67d126u9p9****
    Permissions

    array

    A list of operations that can be performed.

    ["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]

    string

    The operations that can be performed.

    ["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]
    Resources

    array

    A list of keys and secrets that are allowed to access.

    ["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]

    string

    The keys and secrets that are allowed to access.

    ["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]
    AccessControlRules

    string

    The network access rule that is associated with the permission policy.

    {"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}

    Examples

    Success response

    JSON format

    {
  "RequestId": "f455324b-e229-4066-9f58-9c1cf3fe83a9",
  "Arn": "acs:kms:cn-hangzhou:119285303511****:policy/policy_test",
  "Name": "policy_test",
  "Description": "policy  description",
  "KmsInstance": "kst-hzz634e67d126u9p9****",
  "Permissions": [
    "[\"RbacPermission/Template/CryptoServiceKeyUser\", \"RbacPermission/Template/CryptoServiceSecretUser\"]"
  ],
  "Resources": [
    "[\"secret/acs/ram/user/ram-secret\", \"secret/acs/ram/user/acr-master\", \"key/key-hzz63d9c8d3dfv8cv****\"]"
  ],
  "AccessControlRules": "{\"NetworkRules\":[\"kst-hzz62ee817bvyyr5x****.efkd\",\"kst-hzz62ee817bvyyr5x****.eyyp\"]}"
}

    Error codes

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.