CreateCenterPolicy - Elastic Desktop Service - Alibaba Cloud Documentation Center

Creates a center policy.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
ecd:CreateCenterPolicy	none	All Resources ``	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID. Set the value to cn-shanghai.	cn-shanghai
ResourceType	string	Yes	The resource type. Valid values: app: cloud applications. desktop: cloud computers.	desktop
BusinessType	integer	Yes	The business type. Valid values: 1: public cloud 8: commercial edition.	1
Clipboard	string	No	The read/write permissions on the clipboard. Valid values: read: specifies one-way transfer You can copy files only from on-premises devices to cloud computers. readwrite: specifies two-way transfer. You can copy files between on-premises devices and cloud computers. write: specifies one-way transfer. You can only copy files from cloud computers to on-premises devices. off (default): disables all transfers, both one-way and two-way. Files cannot be copied directly between on-premises devices and cloud computers.	off
LocalDrive	string	No	The read/write permissions on the on-premises drive. Valid values: read: read-only. Cloud computers support on-premises disk mapping, but only for reading (copying) files—not modifying them. readwrite: read and write. Cloud computers support on-premises disk mapping, allowing you to read (copy) and write (modify) on-premises files. off (default): none. Cloud computers don't support on-premises disk mapping.	off
UsbRedirect	string	No	Specifies whether to enable USB redirection. Valid values: off (default): doesn't enable USB redirection. on: enables USB redirection.	off
PrinterRedirect	string	No	The printer redirection policy. This parameter only applies if DeviceRedirects does not include a printer redirection policy. Valid values: deviceRedirect (default):enables device redirection. usbRedirect: enables USB redirection. off: disables any type of redirection.	off
VisualQuality	string	No	The image display quality. Valid values: high: high-definition (HD). low: smoothness. lossless: no quality loss. medium (default): scenario-specific adaptation.	low
GpuAcceleration	string	No	Specifies whether to enable image quality control. This feature is highly recommended for professional design scenarios where computer performance and user experience are critical. Valid values: off: doesn't enable image quality control. on: enables image quality control.	off
Html5FileTransfer	string	No	The file transfer feature on the web client. Valid values: all: File upload and download are supported. download: Only file download is supported. upload: Only file upload is supported. off (default): File upload and download are not supported.	off
Watermark	string	No	The watermark policy. Valid values: blind: displays invisible watermarks. off (default): displays no watermark. on: displays visible watermarks.	off
Name	string	Yes	The policy name.	testPolicyGroupName
WatermarkType	string	No	The watermark type. You can specify up to three types. Separate multiple values with commas (,). Note If you provide `custom` as the value for this parameter, you must configure `WatermarkCustomText` to specify custom text. Valid values: EndUserId: the username. Custom: the custom text. DesktopIp: the IP address of the cloud computer. ClientIp: the IP address of the client. HostName: the rightmost 15 digits of the cloud computer ID. ClientTime: the current time displayed on the cloud computer.	EndUserId,HostName,ClientTime
WatermarkCustomText	string	No	If you set `WatermarkType` to `custom`, you must also specify `WatermarkCustomText`.	test
WatermarkTransparencyValue	integer	No	The watermark opacity. A higher value makes the watermark more opaque. Valid values: 10 to 100.	10
WatermarkSecurity	string	No	Specifies whether to enable security priority for invisible watermarks. Valid values: off: disables security priority for invisible watermarks. on: enables security priority for invisible watermarks.	on
CameraRedirect	string	No	The on-premises camera redirection policy. This parameter only applies if DeviceRedirects does not include an on-premises camera redirection policy. Valid values: deviceRedirect: enables device redirection. off: disables device redirection.	off
NetRedirect	string	No	The network redirection policy. Note This parameter is in private preview and only available to specific users. Valid values: all: enables network redirection globally. off (default): disables network redirection. on: enables the whitelist mode.	off
AppContentProtection	string	No	The anti-screenshot policy. Valid values: off (default): disables anti-screenshot. on: enables anti-screenshot.	off
RemoteCoordinate	string	No	The keyboard and mouse control permissions during remote assistance. Valid values: optionalControl: By default, keyboard and mouse control is disabled during remote assistance. You can request permissions as needed. fullControl: Keyboard and mouse control is enabled during remote assistance. disableControl: Keyboard and mouse control is disabled during remote assistance.	fullControl
InternetCommunicationProtocol	string	No	The protocol for network communication. Valid values: tcp: TCP is used when UDP/AST is restricted. rtc: AST is used for high-frequency audio and video streaming. auto: UTO is used to enable automatic switch between AST and UDP modes based on desktop content. both: UDP is used for office and HD graphic design use.	both
VideoRedirect	string	No	The multimedia redirection policy. Valid values: off: disables multimedia redirection. on: enables multimedia redirection.	on
WatermarkColor	integer	No	The font color of the watermark. Valid values: 0 to 16777215.	0
WatermarkDegree	double	No	The watermark rotation. Valid values: -10 to -30.	-10
WatermarkFontSize	integer	No	The font size of the watermark. Valid values: 10 to 20.	10
WatermarkFontStyle	string	No	The font style of the watermark. Valid values: plain bold	plain
WatermarkRowAmount	integer	No	The number of watermark rows. Valid values: 3 to 10.	3
WatermarkColumnAmount	integer	No	The number of watermark columns. Valid values: 3 to 10.	3
CpuProtectedMode	string	No	The CPU spike protection policy. Valid values: off: disables CPU spike protection. on: enables CPU spike protection.	off
CpuRateLimit	integer	No	The overall CPU usage. Valid values: 70 to 90. Unit: percentage (%).	70
CpuSampleDuration	integer	No	The overall CPU sampling duration. Valid values: 10 to 60. Unit: seconds.	60
CpuSingleRateLimit	integer	No	The single-CPU usage. Valid values: 70 to 100. Unit: %.	70
CpuDownGradeDuration	integer	No	The CPU underclocking duration. Valid values: 30 to 120. Unit: seconds.	30
MemoryProtectedMode	string	No	The memory spike protection policy. Valid values: off: disables memory spike protection. on: enables memory spike protection.	off
MemoryRateLimit	integer	No	The overall memory usage. Valid values: 70 to 90. Unit: %.	70
MemorySampleDuration	integer	No	The overall memory sampling duration. Valid values: 30 to 60. Unit: seconds.	40
MemorySingleRateLimit	integer	No	The memory usage per process. Valid values: 30 to 60. Unit: %.	40
MemoryDownGradeDuration	integer	No	The memory underclocking duration per process. Valid values: 30 to 120. Unit: seconds.	40
EndUserApplyAdminCoordinate	string	No	Specifies whether to enable end users to request administrator help. Valid values: off: disables end users to request administrator help. on: enables end users to request administrator help.	off
EndUserGroupCoordinate	string	No	Specifies whether to allow end users in the same office network to share cloud computers. Valid values: off: doesn't allow end users in the same office network to share cloud computers. on: allows end users in the same office network to share cloud computers.	off
Scope	string	No	The effective scope of the policy. Valid values: IP: The policy applies to specific IP addresses. GLOBAL: The policy applies globally.	GLOBAL
Recording	string	No	The screen recording policy. Valid values: period: Screen recording occurs at set intervals. session: Screen recording is limited to sessions only. off: Screen recording is disabled. alltime: Screen recording is always enabled.	off
RecordingAudio	string	No	Specifies whether to record audio files generated on cloud computers. Valid values: off: doesn't record audio files generated on cloud computers. on: records audio files generated on cloud computers.	on
RecordingStartTime	string	No	The screen recording's start time in HH:MM:SS format. The value is meaningful only if `Recording` is set to `PERIOD`.	08:00:00
RecordingEndTime	string	No	The screen recording's end time in HH:MM:SS format. The value is meaningful only if `Recording` is set to `PERIOD`.	08:59:00
RecordingFps	string	No	The frame rate of screen recording. Unit: fps.	2
RecordingDuration	integer	No	The frame rate of screen recording. Screen recordings are split based on the specified duration and uploaded to Object Storage Service (OSS) buckets. If a file reaches 300 MB, the system prioritizes rolling updates for that file. Valid values: 10 to 60	10
RecordingExpires	integer	No	The retention period of the screen recording file. Valid values: 1 to 180. Unit: days.	15
RecordingUserNotify	string	No	Specifies whether to notify end users when screen recording is enabled. Valid values: off: doesn't notify end users when screen recording is enabled. on: notifies end users when screen recording is enabled.	off
RecordingUserNotifyMessage	string	No	The notification sent to end users when screen recording is enabled.
AdminAccess	string	No	Specifies whether to grant the admin permissions to end users. Note This parameter is in private preview and only available to specific users. Valid values: allow: forcibly grants admin permissions. deny: forcibly rejects granting admin permissions. inherited: inherits the admin permissions from the user dimension.	deny
EnableSessionRateLimiting	string	No	Specifies whether to enforce the peak bandwidth limit for sessions. Valid values: off: doesn't enforce the peak bandwidth limit for sessions. on: enforces the peak bandwidth limit for sessions.	off
SessionMaxRateKbps	integer	No	The bandwidth peak allowed for sessions. Unit: Kbit/s. Valid values: 2000 to 100000.	2000
DisplayMode	string	No	The display mode. Valid values: clientCustom: suitable for user-defined scenarios. adminOffice: suitable for daily office scenarios. adminDesign: suitable for design and 3D application scenarios. adminCustom: suitable for admin-customized scenarios.	clientCustom
StreamingMode	string	No	The streaming mode. Valid values: intelligent smooth	smooth
ColorEnhancement	string	No	Specifies whether to enable color enhancement for design and 3D applications. Valid values: off: doesn't enable color enhancement for design and 3D applications. on: enables color enhancement for design and 3D applications.	off
SmoothEnhancement	string	No	Specifies whether to enable smoothness enhancement for daily office use. Valid values: off: doesn't enable smoothness enhancement for daily office use. on: enables smoothness enhancement for daily office use.	off
QualityEnhancement	string	No	Specifies whether to enable image quality enhancement for design and 3D applications. Valid values: off: doesn't enable image quality enhancement for design and 3D applications. on: enables image quality enhancement for design and 3D applications.	off
VideoEncPolicy	string	No	The video encoding policy. Valid values: qualityFirst: prioritizes image quality. bandwidthFirst: prioritizes bandwidth.	qualityFirst
TargetFps	integer	No	The target frame rate. Valid values: 10 to 60.	30
VideoEncMinQP	integer	No	The minimum quantizer parameter (QP) for video files. A lower QP means better video quality. Valid values: 0 to 51.	30
VideoEncMaxQP	integer	No	The maximum QP for video files. Higher QP values result in lower video quality. Valid values: 0 to 51.	30
VideoEncAvgKbps	integer	No	The average bitrate for video encoding. Unit: Kbit/s. Valid values: 1000 to 50000.	2000
VideoEncPeakKbps	integer	No	The peak bitrate for video encoding. Unit: Kbit/s. Valid values: 1000 to 50000.	2000
MaxReconnectTime	integer	No	The maximum duration to retry reconnecting to cloud computers after an unexpected disconnection (non-human causes). Valid values: 30 to 7200. Unit: seconds.	120
WyAssistant	string	No	Specifies whether to display the Xiaoying AI Assistant option in the DesktopAssistant menu when end users connect to cloud computers via desktop clients (Windows and macOS). Note This feature applies to only desktop clients of version 7.7.0 or later. Valid values: off: doesn't display the Xiaoying AI Assistant option in the DesktopAssistant menu. on: displays the Xiaoying AI Assistant option in the DesktopAssistant menu.	on
CpuProcessors	array	No	The CPU processors.
	string	No	The CPU processor.	notepad.exe
MemoryProcessors	array	No	The memory processors.
	string	No	The memory processor.	chrome.exe
DomainResolveRule	array<object>	No	The domain resolution policies.
	object	No	The domain resolution policy.
Domain	string	No	The domain name.	*.example.com
Policy	string	No	Specifies whether to allow the domain resolution policy to take effect. Valid values: allow block	allow
Description	string	No	The policy description.
NetRedirectRule	array<object>	No	The network redirection policy. Note This parameter is in private preview and only available to specific users.
	object	No	The network redirection policy. Note This parameter is in invitational preview and not available to the public.
Domain	string	No	The domain name.	*.taobao.com
RuleType	string	No	The rule type. Valid values: prc: process. domain: domain name.	domain
Policy	string	No	The redirection policy.	allow
ScopeValue	array	No	The effective scopes. This parameter is required when `Scope` is set to `IP`. If `Scope` is set to `IP`, this parameter doesn't take effect.
	string	No	The effective scope specified by a CIDR block.	47.100.XX.XX/24
ClientType	array<object>	No	The types of Alibaba Cloud Workspace clients that end users can use to connect to cloud computers.
	object	No	The type of the Alibaba Cloud Workspace client that end users can use to connect to cloud computers.
Status	string	No	Specifies whether end users can use the specified type of Alibaba Cloud Workspace client to connect to cloud computers. Note If you don't specify `ClientType`, any client can be used to connect to cloud computers. Valid values: off: End users cannot use the specified type of Alibaba Cloud Workspace client to connect to cloud computers. on: End users can use the specified type of Alibaba Cloud Workspace client to connect to cloud computers.	off
ClientType	string	No	The type of the Alibaba Cloud Workspace client that end users can use to connect to cloud computers. Valid values: html5: the web client. android: the Android client. ios: the iOS client. windows: the Windows client. macos: the macOS client.	windows
UsbSupplyRedirectRule	array<object>	No	The USB redirection rules.
	object	No	The USB redirection rule.
VendorId	string	No	The vendor ID (VID). For more information, see Valid USB Vendor IDs (VIDs).	04**
UsbRuleType	string	No	The type of the USB redirection rule. Valid values: 2: enables USB redirection based on products.	2
Description	string	No	The rule description.
UsbRedirectType	string	No	Specifies whether to allow USB redirection. Valid values: 1: allows USB redirection. 2: forbids USB redirection.	1
ProductId	string	No	The product ID (PID).	08**
AuthorizeSecurityPolicyRule	array<object>	No	The security group rule.
	object	No	The security group rule.
Type	string	No	The direction of the security group rule. Valid values: outflow: outbound. inflow: inbound.	inflow
Policy	string	No	The authorization policy of the security group rule. Valid values: drop: denies all access requests. If no ''access denied'' messages are returned, the requests either timed out or failed. accept (default): accepts all requests.	accept
PortRange	string	No	The port range of the security group rule. The value range of this parameter varies based on the value of IpProtocol. If IpProtocol is set to TCP or UDP, the port range is 1 to 65535. Separate the start port number and the end port number with a forward slash (/). Example: 1/200. If IpProtocol is set to ICMP, set the value to -1/-1. If IpProtocol is set to GRE, set the value to -1/-1. If IpProtocol is set to ALL, set the value to -1/-1. For more information about the common ports, see Common ports.	22/22
Description	string	No	The description of the security group rule.	test
IpProtocol	string	No	The protocol type of the security group rule. Valid values: TCP: the Transmission Control Protocol (TCP) protocol. UDP: the User Datagram Protocol (UDP) protocol. ALL: any type of protocol. GRE: the Generic Routing Encapsulation (GRE) protocol. ICMP: the Internet Control Message Protocol (ICMP) for (IPv4).	TCP
Priority	string	No	The priority of the security group rule. A smaller value specifies a higher priority. Valid values: 1 to 60. Default value: 1.	1
CidrIp	string	No	The object of the security group rule. Specify an IPv4 CIDR block.	10.0.XX.XX/8
AuthorizeAccessPolicyRule	array<object>	No	The client IP address whitelists that you want to add. Once an IP address whitelist is configured, end users can only access cloud computers from the IP addresses listed in it.
	object	No	The client IP address whitelist that you want to add.
Description	string	No	The description of the client IP address whitelist.	test
CidrIp	string	No	The client CIDR block from which end users can connect to cloud computers. Specify an IPv4 CIDR block.	47.100.XX.XX/16
DeviceRedirects	array<object>	No	The device redirection rules.
	object	No	The device redirection rule.
RedirectType	string	No	The redirection type. Valid values: deviceRedirect: enables device redirection. usbRedirect: enables USB redirection. off: disables any type of redirection.	usbRedirect
DeviceType	string	No	The peripheral type. Valid values: printer scanner serialport camera adb	camera
DeviceRules	array<object>	No	The custom peripheral rules.
	object	No	The custom peripheral rule.
DeviceName	string	No	The device name.	sandisk
RedirectType	string	No	The redirection type. Valid values: deviceRedirect: device redirection. usbRedirect: USB redirection. off: redirection disabled.	usbRedirect
DeviceType	string	No	The peripheral type. Valid values: usbKey: UKeys. other: other peripheral devices. graphicsTablet: graphics tablets. cardReader: card readers. printer: printers. scanner: scanners. storage: storage devices. camera: cameras. networkInterfaceCard: NIC devices. Enumeration Value: usbKey: U key. other: . graphicsTablet: . cardReader: . printer: . scanner: . storage: . camera: . networkInterfaceCard: .	storage
OptCommand	string	No	The link optimization command.	2:0
DevicePid	string	No	The product ID (PID).	0x55b1
DeviceVid	string	No	The vendor ID (VID). For more information, see Valid USB VIDs.	0x0781
WatermarkAntiCam	string	No	Specifies whether to enable anti-screen capture for invisible watermarks. Valid values: off: disables anti-screen capture for invisible watermarks. on: enables anti-screen capture for invisible watermarks.	off
WatermarkPower	string	No	The enhancement level for invisible watermarks. Valid values: high low medium	medium
DomainResolveRuleType	string	No	Specifies whether to enforce the domain resolution policy. Valid values: off: disables the domain resolution policy. on: enables the domain resolution policy.	off
StatusMonitor	string	No	Specifies whether to display the metric status entry in the DesktopAssistant menu. Valid values: off: doesn't display the metric status entry in the DesktopAssistant menu. on: displays the metric status entry in the DesktopAssistant menu.	off
MobileRestart	string	No	Specifies whether to display the Restart button in the DesktopAssistant menu when end users connect to cloud computers from Android clients. Note This feature applies to only mobile clients of version 7.4.0 or later. Valid values: off: doesn't display the Restart button in the DesktopAssistant menu. on: displays the Restart button in the DesktopAssistant menu.	off
MobileShutdown	string	No	Specifies whether to display the Stop button in the DesktopAssistant menu when end users connect to cloud computers from Android clients. Note This feature applies to only mobile clients of version 7.4.0 or later. Valid values: off: doesn't display the Stop button in the DesktopAssistant menu. on: displays the Stop button in the DesktopAssistant menu.	off
ResolutionModel	string	No	The resolution type. Valid values: adaptive: adaptive resolution. customer: fixed resolution.	adaptive
ResolutionWidth	integer	No	The resolution width. Unit: pixel. Valid values for cloud applications: 500 to 50000. Valid values for cloud computers: 480 to 4096.	720
ResolutionHeight	integer	No	The resolution height. Unit: pixel. Valid values for cloud applications: 500 to 50000. Valid values for cloud computers: 480 to 4096.	1280
Taskbar	string	No	Specifies whether to display the application taskbar. Note This parameter applies only to cloud application policies. Valid values: off: doesn't display the application taskbar. on: displays the application taskbar.	off
NoOperationDisconnect	string	No	Specifies whether to enforce a disconnection upon inactivity. Note This parameter applies only to cloud application policies. Valid values: off: doesn't enforce a disconnection upon inactivity. on: enforces a disconnection upon inactivity.	off
NoOperationDisconnectTime	integer	No	The duration of disconnection after inactivity. Valid values: 120 to 7200. Unit: seconds. Note This parameter applies only to cloud application policies.	120
DisconnectKeepSession	string	No	Specifies whether to retain the session upon disconnection. Note This parameter applies only to cloud application policies. Valid values: customTime: retains the session for a specified time period. persistent: retains the session permanently.	customTime
DisconnectKeepSessionTime	integer	No	The retention period of the session after disconnection. Valid values: 30 to 7200. Unit: seconds. Note This parameter applies only to cloud application policies.	30
RecordEvents	array	No	The events that trigger screen recording.
	string	No	The event that triggers screen recording. Valid values: transferWithLocal: clipboard and file transfer events. userInput: user input events. usbRedirect: USB connection and disconnection events.	transferWithLocal
RecordEventFilePaths	array	No	The absolute paths to screen recording files.
	string	No	The absolute path to the screen recording file.	C://test.txt
RecordEventRegisters	array	No	The absolute paths to screen recording registries.
	string	No	The absolute path to the screen recording registry.
RecordEventDuration	integer	No	The duration of screen recording after the specified event is detected. Unit: minutes. Valid values: 10 to 60.	10
ResetDesktop	string	No	The computer reset setting.	off
DeviceConnectHint	string	No	Specifies whether to display the peripheral connection prompt.	off
FileMigrate	string	No	Specifies whether to enable file transfer.	off
WuyingKeeper	string	No	Specifies whether to enable Cloud Computer Manager.	off

Response parameters

Parameter	Type	Description	Example
	object
PolicyGroupId	string	The cloud computer policy ID.	pg-gx2x1dhsmthe9****
RequestId	string	The request ID.	1CBAFFAB-B697-4049-A9B1-67E1FC5F****

Examples

Sample success responses

JSONformat

{
  "PolicyGroupId": "pg-gx2x1dhsmthe9****",
  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2025-10-27	The request parameters of the API has changed	View Change Details