DescribePolicy - Key Management Service - Alibaba Cloud Documentation Center

Queries the details of a permission policy.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Name	string	Yes	The name of the permission policy that you want to query.	policy_test

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The request ID.	f455324b-e229-4066-9f58-9c1cf3fe83a9
Arn	string	The Alibaba Cloud Resource Name (ARN) of the permission policy.	acs:kms:cn-hangzhou:119285303511****:policy/policy_test
Name	string	The name of the permission policy.	policy_test
Description	string	The description.	policy description
KmsInstance	string	The scope of the permission policy.	kst-hzz634e67d126u9p9****
Permissions	array	A list of operations that can be performed.
permission	string	The operations that can be performed.	["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]
Resources	array	A list of keys and secrets that are allowed to access.
resource	string	The keys and secrets that are allowed to access.	["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]
AccessControlRules	string	The network access rule that is associated with the permission policy.	{"NetworkRules":["kst-hzz62ee817bvyyr5x**.efkd","kst-hzz62ee817bvyyr5x**.eyyp"]}

Examples

Sample success responses

JSONformat

{
  "RequestId": "f455324b-e229-4066-9f58-9c1cf3fe83a9",
  "Arn": "acs:kms:cn-hangzhou:119285303511****:policy/policy_test",
  "Name": "policy_test",
  "Description": "policy  description",
  "KmsInstance": "kst-hzz634e67d126u9p9****",
  "Permissions": [
    [
      "RbacPermission/Template/CryptoServiceKeyUser",
      "RbacPermission/Template/CryptoServiceSecretUser"
    ]
  ],
  "Resources": [
    [
      "secret/acs/ram/user/ram-secret",
      "secret/acs/ram/user/acr-master",
      "key/key-hzz63d9c8d3dfv8cv****"
    ]
  ],
  "AccessControlRules": {
    "NetworkRules": [
      "kst-hzz62ee817bvyyr5x****.efkd",
      "kst-hzz62ee817bvyyr5x****.eyyp"
    ]
  }
}

Error codes

For a list of error codes, visit the Service error codes.