All Products
Search

This Product

    Key Management Service:UpdatePolicy

    Document Center

    Key Management Service:UpdatePolicy

    Last Updated:Jul 29, 2025

    Updates a permission policy.

    Operation description

    • You can update the role-based access control (RBAC) permissions, accessible resources, access control rules, and description of a permission policy. You cannot update the name or scope of a permission policy.
    • Updating a permission policy affects all application access points (AAPs) that are bound to the permission policy. Exercise caution when you perform this operation.

    Debugging

    You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

    Authorization information

    There is currently no authorization information disclosed in the API.

    Request parameters

    ParameterTypeRequiredDescriptionExample
    NamestringYes

    The name of the permission policy that you want to update.

    		policy_test
    PermissionsstringNo

    The operations that are supported by the updated policy. Valid values:

    • RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.
    • RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.

    You can select both.

    		["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]
    ResourcesstringNo

    The key and secret that are allowed to access after the update.

    • Key: Enter a key in the key/${KeyId} format. To allow access to all keys of a KMS instance, enter key/*.
    • Secret: Enter a secret in the secret/${SecretName} format. To allow access to all secrets of a KMS instance, enter secret/*.
    		["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]
    AccessControlRulesstringNo

    The access control rule.

    Note For more information about how to query created access control rules, see ListNetworkRules .
    		{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}
    DescriptionstringNo

    The description.

    		policy description

    Response parameters

    ParameterTypeDescriptionExample
    object
    RequestIdstring

    The ID of the request, which is used to locate and troubleshoot issues.

    		f455324b-e229-4066-9f58-9c1cf3fe83a8

    Examples

    Sample success responses

    JSONformat

    {
  "RequestId": "f455324b-e229-4066-9f58-9c1cf3fe83a8"
}

    Error codes

    HTTP status codeError codeError messageDescription
    400InvalidParameterThe specified parameter is not valid.An invalid value is specified for the parameter.
    404InvalidAccessKeyId.NotFoundThe Access Key ID provided does not exist in our records.-

    For a list of error codes, visit the Service error codes.