Attaches an access control policy.

Usage notes

After you attach an access control policy, the operations performed on resources by using members are limited by the policy. Make sure that the attached policy meets your expectations. Otherwise, your business may be affected.

By default, the system access control policy FullAliyunAccess is attached to each folder and member.

The access control policy that is attached to a folder also applies to all its subfolders and all members in the subfolders.

A maximum of 10 access control policies can be attached to a folder or member.

This topic provides an example on how to call the API operation to attach the custom access control policy cp-jExXAqIYkwHN**** to the folder fd-ZDNPiT****.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes AttachControlPolicy

The operation that you want to perform. Set the value to AttachControlPolicy.

PolicyId String Yes cp-jExXAqIYkwHN****

The ID of the access control policy.

TargetId String Yes fd-ZDNPiT****

The ID of the object to which you want to attach the access control policy. Access control policies can be attached to the following objects:

  • Root folder
  • Subfolders of the Root folder
  • Members

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
RequestId String 95060F1D-6990-4645-8920-A81D1BBFE992

The ID of the request.


Sample requests
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK

<?xml version="1.0" encoding="UTF-8" ?>

JSON format

HTTP/1.1 200 OK

  "RequestId" : "95060F1D-6990-4645-8920-A81D1BBFE992"

Error codes

HTTP status code Error code Error message Description
404 EntityNotExists.Target The specified target does not exist in the resource directory. The error message returned because the specified object does not exist in the resource directory.

For a list of error codes, visit the API Error Center.