DescribeACLAttribute - Smart Access Gateway - Alibaba Cloud Documentation Center

The DescribeACLAttribute operation queries the details of a specified access control list (ACL).

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

smartag:DescribeACLAttribute

get

*Acl

acs:smartag:{#regionId}:{#accountId}:acl/{#AclId}

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region where the access control list (ACL) is deployed.	cn-hangzhou
AclId	string	Yes	The ID of the ACL.	acl-ohlexqptfhyaq****
PageSize	integer	No	The number of access control rules to return on each page. Valid values: 1 to 50. Default value: 10.	10
PageNumber	integer	No	The page number. Default value: 1.	1
Direction	string	No	The direction in which the access control rule is applied. Valid values: in: inbound. This value indicates traffic from an external network to the local branch where the Smart Access Gateway (SAG) instance is deployed. out: outbound. This value indicates traffic from the local branch where the SAG instance is deployed to an external network.	out
Order	string	No	The order ID.	1255444444
Name	string	No	The name of the ACL. The name must be 2 to 100 characters in length, start with a letter or a Chinese character, and can contain digits, periods (.), underscores (_), and hyphens (-). Note This parameter supports fuzzy search.	doctest

Response elements

Element	Type	Description	Example
	object
TotalCount	integer	The total number of access control rules in the ACL.	3
PageSize	integer	The number of entries returned per page.	10
RequestId	string	The request ID.	8F62CE77-FBA2-4F8D-AED9-0A02814EDA69
PageNumber	integer	The page number.	1
Acrs	object
Acr	array<object>	The details about the access control rules in the ACL.
	object
Direction	string	The direction in which the access control rule is applied. in: inbound. This value indicates traffic from an external network to the local branch where the SAG instance is deployed. out: outbound. This value indicates traffic from the local branch where the SAG instance is deployed to an external network.	out
Type	string	The type of the access control rule: LAN: private network. This value indicates that the access control rule is used to control traffic to private IP addresses. WAN: public network. This value indicates that the access control rule is used to control traffic to public IP addresses.	WAN
DpiSignatureIds	object
DpiSignatureId	array
	string	A list of application IDs that match the access control rule. You can call the ListDpiSignatures operation to query application IDs and their corresponding application information.	1
IpProtocol	string	The protocol used by the access control rule. For information about the protocol types supported by the access control feature, see the console. The protocol is not case-sensitive.	UDP
Priority	integer	The priority of the access control rule. A smaller value indicates a higher priority. Valid values: 1 to 100.	70
AclId	string	The ID of the ACL.	acl-7louazbja80bmg****
Policy	string	The authorization policy of the access control rule: accept: allows access. drop: denies access.	drop
Description	string	The description of the access control rule. The description must be 1 to 512 characters in length. This parameter is not returned by default. You can call the ModifyACLRule operation to set this parameter. After the parameter is set, the query returns this parameter.	ACLRule
GmtCreate	integer	The timestamp when the access control rule was created. The timestamp is in the Long format. If two access control rules have the same priority, the one with the earlier timestamp takes precedence.	1580821597000
DestCidr	string	The destination CIDR block. The destination CIDR block must be in the CIDR format. Example: 192.168.10.0/24.	0.0.0.0/0
DestPortRange	string	The destination port range. Valid values: -1 or 1 to 65535. Specify the port range in a format such as 1/200 or 80/80. -1/-1 indicates that the port is not restricted.	10000/20000
Name	string	The name of the ACL. The name must be 2 to 100 characters in length, start with a letter or a Chinese character, and can contain digits, periods (.), underscores (_), and hyphens (-).	doctest
AcrId	string	The ID of the access control rule.	acr-gxzxj5w9qqdf1c****
SourceCidr	string	The source CIDR block. The source CIDR block must be in the CIDR format. Example: 192.168.1.0/24.	0.0.0.0/0
SourcePortRange	string	The source port range. Valid values: -1 or 1 to 65535. Specify the port range in a format such as 1/200 or 80/80. -1/-1 indicates that the port is not restricted.	30000/40000
DpiGroupIds	object
DpiGroupId	array
	string	A list of application group IDs that match the access control rule. You can call the ListDpiGroups operation to query application group IDs and the applications that they contain.	20
AclType	string	The type of SAG instance that can be associated with the ACL. Valid values: acl-hardware: SAG hardware instance. acl-software: SAG App instance.	acl-hardware

Examples

Success response

JSON format

{
  "TotalCount": 3,
  "PageSize": 10,
  "RequestId": "8F62CE77-FBA2-4F8D-AED9-0A02814EDA69",
  "PageNumber": 1,
  "Acrs": {
    "Acr": [
      {
        "Direction": "out",
        "Type": "WAN",
        "DpiSignatureIds": {
          "DpiSignatureId": [
            "1"
          ]
        },
        "IpProtocol": "UDP",
        "Priority": 70,
        "AclId": "acl-7louazbja80bmg****",
        "Policy": "drop",
        "Description": "ACLRule",
        "GmtCreate": 1580821597000,
        "DestCidr": "0.0.0.0/0",
        "DestPortRange": "10000/20000",
        "Name": "doctest",
        "AcrId": "acr-gxzxj5w9qqdf1c****",
        "SourceCidr": "0.0.0.0/0",
        "SourcePortRange": "30000/40000",
        "DpiGroupIds": {
          "DpiGroupId": [
            "20"
          ]
        },
        "AclType": "acl-hardware"
      }
    ]
  }
}

Error codes

HTTP status code	Error code	Error message	Description
403	Forbidden	User not authorized to operate on the specified resource.	You do not have permissions to manage the specified resource.
403	MissingParameter	The input parameter is missing, please check your input.	Missing parameters. Check whether all required parameters are set.
403	InvalidParameter	The specified parameter is invalid.	Invalid parameters.
403	InvalidId.ACL	The specified ACL ID is invalid.	The specified ACL group ID is invalid.
403	InternalError	An internal server error occurred.	An internal server error occurred.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.