CreatePolicyGroup - Elastic Desktop Service - Alibaba Cloud Documentation Center

Creates a cloud computer policy.

Operation description

A cloud computer policy is a collection of rules to manage cloud computers in performance and security. For example, you can create a basic policy that involves the disk mapping, USB redirection, watermarking features and rules such as DNS rules. For more information, see Policy overview.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
ecd:CreatePolicyGroup	create	All Resources ``	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID. You can call the DescribeRegions operation to query the regions supported by Elastic Desktop Service (EDS).	cn-hangzhou
Clipboard	string	No	The permissions on the clipboard. Valid values: read: specifies one-way transfer. You can copy files only from local devices to cloud computers. readwrite: specifies two-way transfer. You can copy files between local devices and cloud computers. write: specifies one-way transfer. You can only copy files from cloud computers to local devices. off (default): disables both one-way and two-way transfer. Files cannot be copied between local devices and cloud computers.	off
LocalDrive	string	No	The permissions on local disk mapping. Valid values: read: read-only. Local disk mapping is available on cloud computers. However, you can only read (copy) local files but cannot modify the files. readwrite: read and write. Local disk mapping is available on cloud computers. You can read (copy) and write (modify) local files. off (default): disabled. Local disk mapping is unavailable on cloud computers.	off
UsbRedirect	string	No	Specifies whether to enable USB redirection. Valid values: off: USB redirection is disabled. This value is the default value. on: USB redirection is enabled.	off
VisualQuality	string	No	The policy for image display quality. Valid values: high low lossless medium: adaptive. This value is the default value.	medium
Html5Access	string	No	Specifies whether to allow web client access. Note We recommend that you use the ClientType-related parameters to control the Alibaba Cloud Workspace client type for cloud computer logon.`` Valid values: off (default) on	off
Html5FileTransfer	string	No	The file transfer feature on the web client. Valid values: all: Files can be uploaded and downloaded between local computers and the web client. download: Files on the web client can be downloaded to local computers. upload: Files on local computers can be uploaded to the web client. off (default): Files cannot be transferred between the web client and local computers.	off
Watermark	string	No	The watermarking feature. Valid values: blind: Invisible watermarks are applied. off (default): The watermarking feature is disabled. on: Visible watermarks are applied.	off
Name	string	No	The name of the policy.	testPolicyGroupName
WatermarkType	string	No	The watermark content. You can select up to three items as the watermark content. Separate multiple items with commas (,). Note If you set this parameter to `Custom`, specify `WatermarkCustomText` Valid values: EndUserId: the username. Custom: the custom text. DesktopIp: the IP address of the cloud computer. ClientIp: the IP address of the Alibaba Cloud Workspace client. HostName: the rightmost 15 digits of the cloud computer ID. ClientTime: the current time displayed on the cloud computer.	EndUserId
WatermarkTransparency	string	No	The transparency of the watermark. Valid values: LIGHT DARK MIDDLE	LIGHT
PreemptLogin	string	No	The cloud computer preemption feature. Note To ensure user experience and data security, when a cloud computer is used by an end user, other end users cannot connect to the cloud computer. By default, this parameter is set to `off`, which cannot be modified. Valid values: off (default): Multiple end users cannot connect to the same cloud computer at the same time.	off
DomainList	string	No	Specifies whether the access control for domain names is enabled. Domain names support wildcards (*). Separate multiple domain names with commas (,). Valid values: off on	off
PrinterRedirection	string	No	The policy for printer redirection. Valid values: off: Printer redirection is disabled. on: Printer redirection is enabled.	on
PreemptLoginUser	array	No	The usernames that are allowed to connect to the cloud computer in use. You can specify up to five usernames. Note To ensure user experience and data security, other end users cannot connect to the cloud computer that is used by an end user.
	string	No	The username that can preempt to connect to the cloud computer in use.	Alice
AuthorizeSecurityPolicyRule	array<object>	No	The security group rules.
	object	No	The security group rule.
Type	string	No	The direction of the security group rule. Valid values: outflow: outbound. inflow: inbound.	inflow
Policy	string	No	The authorization of the security group rule. Valid values: drop: denies all access requests. If no messages of access denied are returned, the requests timed out or failed. accept (default): accepts all requests.	accept
PortRange	string	No	The port range of the security group rule. The value range of this parameter varies based on the value of the IpProtocol parameter. If the IpProtocol parameter is set to TCP or UDP, the port range is 1 to 65535. Separate the start port number and the end port number with a forward slash (/). Example: 1/200. If the IpProtocol parameter is set to ICMP, set the value to -1/-1. If the IpProtocol parameter is set to GRE, set the value to -1/-1. If the IpProtocol parameter is set to ALL, set the value to -1/-1. For more information about the common ports applied in EDS, see Common ports.	22/22
Description	string	No	The description of the security group rule.	test
IpProtocol	string	No	The protocol type of the security group rule. Valid values: TCP: the Transmission Control Protocol (TCP) protocol. UDP: the User Datagram Protocol (UDP) protocol. ALL: all protocols. GRE: the Generic Routing Encapsulation (GRE) protocol. ICMP: the Internet Control Message Protocol (ICMP) for IPv4.	tcp
Priority	string	No	The priority of the security group rule. A smaller value indicates a higher priority. Valid values: 1 to 60. Default value: 1.	1
CidrIp	string	No	The object to which the security group rule applies. The value is an IPv4 CIDR block.	47.100.XX.XX/16
AuthorizeAccessPolicyRule	array<object>	No	The client IP address whitelist. After you configure the whitelist, end users can access cloud computers only from the IP addresses in the whitelist.
	object	No	The client IP address that you want to add to the whitelist.
Description	string	No	The description of the client IP address whitelist.	North China Branch
CidrIp	string	No	The client CIDR block from which end users can connect to cloud computers. The value is an IPv4 CIDR block.	47.100.XX.XX/16
ClientType	array<object>	No	The logon method control rules to limit the type of the Alibaba Cloud Workspace client used by end users to connect to cloud computers.
	object	No	The logon method control rule.
Status	string	No	Specifies whether to allow end users to use a specific type of the client to connect to cloud computers. Note If you do not specify the `ClientType` parameter, all types of the client are allowed by default. Valid values: OFF ON	ON
ClientType	string	No	The type of the Alibaba Cloud Workspace client. Note If you do not specify the `ClientType` parameter, all types of the client are allowed by default. Valid values: html5: web client android: Android client ios: iOS client windows: Windows client macos: macOS client	windows
GpuAcceleration	string	No	Specifies whether to enable the Image Quality Control feature. If you have high requirements on the performance and user experience in scenarios such as professional design, we recommend that you enable this feature. Valid values: off on	off
UsbSupplyRedirectRule	array<object>	No	The USB redirection rules.
	object	No	The USB redirection rule.
VendorId	string	No	The ID of the vendor. For more information, see Valid USB Vendor IDs (VIDs).	04**
ProductId	string	No	The ID of the service.	08**
Description	string	No	The description of the rule.	Test rule
UsbRedirectType	long	No	The type of USB redirection. Valid values: 1: allows USB redirection 2: forbids USB redirection	1
DeviceClass	string	No	The class of the device. If you set the `usbRuleType` parameter to 1, you must specify this parameter. For more information, see Defined Class Codes.	0Eh
DeviceSubclass	string	No	The subclass of the device. If you set the `usbRuleType` parameter to 1, you must specify this parameter. For more information, see Defined Class Codes.	xxh
UsbRuleType	long	No	The type of the USB redirection rule. Valid values: 1: by device class 2: by device vendor	1
DomainResolveRuleType	string	No	The type of the domain name resolution policy. Valid values: OFF ON	OFF
DomainResolveRule	array<object>	No	The details of the domain name resolution rule.
	object	No	The domain name resolution rule.
Domain	string	No	The domain name.	*.baidu.com
Policy	string	No	Specifies whether to allow the domain name resolution rule. Valid values: allow: allows the rule. block: denies the rule.	allow
Description	string	No	The description of domain name resolution rule.	system policy
Recording	string	No	Specifies whether to enable the screen recording feature. Valid values: byaction_cmd_ft: enables the operation-triggered screen recording upon command execution and file transfer. ALLTIME: enables the whole-process screen recording. That is, the recording starts when cloud computers are connected and ends when the cloud computers are disconnected. session: enables the screen recording for session lifecycle listening. PERIOD: enables the interval-based screen recording. You must specify an interval between the start time and end time of this type of recording. byaction_commands: enables the operation-triggered screen recording upon command execution. OFF: disables the screen recording feature. byaction_file_transfer: enables the operation-triggered screen recording upon file transfer.	OFF
RecordingStartTime	string	No	The time when the screen recording starts. The value is in the HH:MM:SS format. The value is meaningful only when you set the `Recording` parameter to `PERIOD`.	08:00:00
RecordingEndTime	string	No	The time when the screen recording ends. The value is in the HH:MM:SS format. The value is meaningful only when you set the `Recording` parameter to `PERIOD`.	08:59:00
RecordingFps	long	No	The frame rate of screen recording. Unit: fps. Valid values: 2 5 10 15	2
RecordingExpires	long	No	The retention period of the screen recording file. Valid values: 1 to 180. Unit: days.	15
CameraRedirect	string	No	Specifies whether to enable the webcam redirection feature. Valid values: off: Webcam redirection is disabled. on: Webcam redirection is enabled. This value is the default value.	on
NetRedirect	string	No	Specifies whether to enable the network redirection feature. Note This feature is in invitational preview and is not available to the public. Valid values: off (default): The network redirection feature is disabled. on: The network redirection feature is enabled.	off
AppContentProtection	string	No	Specifies whether to enable the anti-screenshot feature. Valid values: off: Anti-screenshot is disabled. This value is the default value. on: Anti-screenshot is enabled.	off
RecordContent	string	No	Specifies whether to enable the custom screen recording feature. Valid values: off: Custom screen recording is disabled. This value is the default value. on: Custom screen recording is enabled.	OFF
RecordContentExpires	long	No	The duration in which the custom screen recording is valid. Default value: 30. Unit: days.	30
RemoteCoordinate	string	No	The permission to control the keyboard and the mouse during remote assistance. Valid values: optionalControl: By default, this feature is disabled. You can enable it by applying permissions. fullControl: The permission is granted. disableControl: The permission is revoked.	fullControl
RecordingDuration	integer	No	The file length of the screen recording. Unit: minutes. Screen recording files are split based on the specified file length and uploaded to Object Storage Service (OSS) buckets. When a screen recording file reaches 300 MB in size, the system preferentially performs rolling update for the file. Valid values: 10 20 30 60	15
Scope	string	No	The effective scope of the policy. Valid values: IP: The policy takes effect based on the IP address. GLOBAL: The policy takes effect globally.	GLOBAL
ScopeValue	array	No	This parameter is required when the `Scope` parameter is set to `IP`.````
	string	No	The effective scope specified by a CIDR block.	47.100.XX.XX/24
RecordingAudio	string	No	Specifies whether to record audio files generated from cloud computers. Valid values: off: records only video files. on: records video and audio files.	on
InternetCommunicationProtocol	string	No	The protocol for network communication. Valid values: TCP (default): TCP BOTH: TCP and UDP	both
VideoRedirect	string	No	Specifies whether to enable the multimedia redirection switch. Valid values: off on	on
WatermarkTransparencyValue	integer	No	The watermark opacity. A larger value indicates more opaque watermarks. Valid values: 10 to 100.	10
WatermarkColor	integer	No	The font color in red, green, and blue (RGB) of the watermark. Valid values: 0 to 16777215.	0
WatermarkDegree	double	No	The watermark rotation. Valid values: -10 to -30.	-10
WatermarkFontSize	integer	No	The watermark font size. Valid values: 10 to 20.	10
WatermarkFontStyle	string	No	The watermark font style. Valid values: plain bold	plain
WatermarkRowAmount	integer	No	The number of watermark rows. Note This parameter is not available for public use.	5
EndUserApplyAdminCoordinate	string	No	Specifies whether to turn on the Contact Administrator for Help switch. Valid values: OFF ON	ON
EndUserGroupCoordinate	string	No	Specifies whether to turn on the User Stream Collaboration switch. Valid values: OFF ON	ON
WatermarkSecurity	string	No	Specifies whether to enable the security priority feature for invisible watermarks. Valid values: off on	on
AdminAccess	string	No	Specifies whether end users have the administrator permissions. Note This parameter is in invitational preview for specific users and not available to the public.	deny
WatermarkAntiCam	string	No	Specifies whether to enable the anti-screen photo feature for invisible watermarks. Valid values: off on	off
WatermarkPower	string	No	The watermark enhancement feature. Valid values: high low medium	medium
RecordingUserNotify	string	No	Specifies whether to enable the screen recording notification feature after end users log on to the Alibaba Cloud Workspace client. Valid values: off on	off
RecordingUserNotifyMessage	string	No	The notification content of screen recording. By default, this parameter is left empty.	Your desktop is being recorded.
MaxReconnectTime	integer	No	The maximum retry period for reconnecting to cloud computers when the cloud computers are disconnected due to none-human reasons. Valid values: 30 to 7200. Unit: seconds.	120
DeviceRedirects	array<object>	No	The device redirection rules.
	object	No	The device redirection rule.
DeviceType	string	No	The peripheral type. Valid values: printer scanner camera adb: the Android Debug Bridge (ADB) device.	camera
RedirectType	string	No	The redirection type. Valid values: deviceRedirect: device redirection usbRedirect: USB redirection off: redirection disabled	deviceRedirect
DeviceRules	array<object>	No	The custom peripheral rules.
	object	No	The custom peripheral rule.
DeviceType	string	No	The peripheral type. Valid values: usbKey other graphicsTablet printer cardReader scanner storage camera adb networkInterfaceCard: the NIC device. Enumeration Value: usbKey: UKey. other: . graphicsTablet: . printer: . cardReader: . scanner: . storage: . camera: . adb: . networkInterfaceCard: .	storage
DeviceName	string	No	The device name.	sandisk
DeviceVid	string	No	The vendor ID (VID). For more information, see Valid USB VIDs.	0x0781
DevicePid	string	No	The product ID.	0x55b1
RedirectType	string	No	The redirection type. Valid values: deviceRedirect: device redirection usbRedirect: USB redirection off: redirection disabled	usbRedirect
OptCommand	string	No	The link optimization command.	2:0
WyAssistant	string	No	Specifies whether to provide the AI Assistant function in the DesktopAssistant when the cloud computer is accessed from the Alibaba Cloud Workspace desktop clients (including the Windows client and the macOS client). Note Desktop clients of V7.7 and higher versions required. Valid values: off: the AI Aisstant function is not provided. on: the AI Aisstant function is provided.	on

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
PolicyGroupId	string	The cloud computer policy ID.	pg-gx2x1dhsmthe9****
RequestId	string	The ID of the request.	1CBAFFAB-B697-4049-A9B1-67E1FC5F****

Examples

Sample success responses

JSONformat

{
  "PolicyGroupId": "pg-gx2x1dhsmthe9****",
  "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2025-02-14	The internal configuration of the API is changed, but the call is not affected	View Change Details
2024-08-15	The internal configuration of the API is changed, but the call is not affected	View Change Details
2024-08-05	The request parameters of the API has changed	View Change Details
2024-07-19	The request parameters of the API has changed	View Change Details
2024-07-01	The request parameters of the API has changed	View Change Details
2024-01-26	The request parameters of the API has changed	View Change Details
2024-01-05	The request parameters of the API has changed	View Change Details
2023-09-20	The request parameters of the API has changed	View Change Details
2023-07-31	The request parameters of the API has changed	View Change Details
2022-11-04	The request parameters of the API has changed	View Change Details
2022-10-08	The request parameters of the API has changed	View Change Details
2022-01-11	The request parameters of the API has changed	View Change Details
2021-11-30	The request parameters of the API has changed	View Change Details