DescribePolicyGroups - WUYING Workspace - Alibaba Cloud Documentation Center

Queries the information about one or more policies.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
ecd:DescribePolicyGroups	LIST	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID. You can call the DescribeRegions operation to query the most recent region list.	cn-hangzhou
MaxResults	integer	No	The number of entries per page. Valid values: 1 to 100 Default value: 10	10
NextToken	string	No	The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request. You must specify the token that is obtained from the previous query as the value of NextToken.	caeba0bbb2be03f84eb48b699f0a4883
PolicyGroupId	array	No	The policy IDs. You can specify one or more policy IDs.
	string	No	The policy ID.	system-all-enabled-policy
Scope	string	No	The effective scope of the policy. Valid values: GLOBAL: The policy takes effect globally. IP: The policy takes effect based on the IP address. ALL: The policy takes effect without limits. Default value: GLOBAL.	ALL

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
NextToken	string	A pagination token. It can be used in the next request to retrieve a new page of results. If NextToken is empty, no next page exists.	caeba0bbb2be03f84eb48b699f0a****
RequestId	string	The request ID.	473469C7-AA6F-4DC5-B3DB-A3DC0DE3****
DescribePolicyGroups	object []	The details of the policies.
PolicyStatus	string	The policy status. Valid values: AVAILABLE CREATING	AVAILABLE
Html5Access	string	Indicates whether the access policy on HTML5 clients is allowed. Valid values: off (default) on	off
WatermarkType	string	The watermark type. Valid values: HostName,EndUserId: The watermark is displayed in the following format: Rightmost 15 characters of the cloud desktop ID,Username. EndUserId: The username is displayed. EndUserId,HostName: The watermark is displayed in the following format: Username,Rightmost 15 characters of the cloud desktop ID. HostName: The rightmost 15 characters of the cloud desktop ID are displayed.	EndUserId
PreemptLogin	string	Indicates whether user preemption is allowed. The value is fixed to `off`, which indicates that user preemption is not allowed.	off
WatermarkCustomText	string	This parameter is unavailable for public use.	test
Clipboard	string	The permissions on the clipboard. Valid values: read: One-way transfer is allowed. readwrite: Two-way transfer is allowed. off: Two-way transfer is not allowed.	readwrite
DomainList	string	Indicates whether the access control for domain names is enabled. The domain names can contain wildcard characters (*). Multiple domain names are separated by commas (,). Valid values: off on	off
PolicyGroupId	string	The policy ID.	pg-gx2x1dhsmthe9****
PrinterRedirection	string	Indicates whether the printer redirection feature is enabled. Valid values: off on	on
WatermarkTransparency	string	The watermark transparency. Valid values: LIGHT DARK MIDDLE	LIGHT
Html5FileTransfer	string	The file transfer policy for HTML5 clients. Valid values: all: Files can be uploaded and downloaded between your local computer and HTML5 clients. download: Files on HTML5 clients can be downloaded to your local computer. upload: Files on your local computer can be uploaded to HTML5 clients. off (default): File transfer between HTML5 clients and your computer is disabled.	off
UsbRedirect	string	Indicates whether the USB redirection feature is enabled. Valid values: off on	on
PolicyGroupType	string	The policy type. Valid values: SYSTEM CUSTOM	SYSTEM
Watermark	string	Indicates whether the watermarking feature is enabled. Valid values: off on	on
VisualQuality	string	The image display quality. Valid values: high: high-definition (HD) low: fluent medium (default): adaptive lossless: no quality loss	medium
EdsCount	integer	The number of cloud desktops that are associated with the policy. This parameter is returned only for custom policies.	1
Name	string	The policy name.	testPolicyGroupName
LocalDrive	string	The permissions on local disk mapping. Valid values: read: read-only readwrite: read and write off: no permissions	readwrite
AuthorizeSecurityPolicyRules	object []	The security group rules.
Type	string	The direction of the security group rule. Valid values: outflow: outbound inflow: inbound	inflow
Policy	string	The authorization of the security group rule. Valid values: drop: denies all access requests. accept: accepts all access requests.	accept
Description	string	The description of the security group rule.	test
PortRange	string	The port range of the security group rule.	22/22
IpProtocol	string	The protocol type of the security group rule. Valid values: tcp: Transmission Control Protocol (TCP) udp: User Datagram Protocol (UDP) all: all protocols gre: Generic Routing Encapsulation (GRE) icmp: Internet Control Message Protocol (ICMP) for IPv4	tcp
Priority	string	The priority of the security group rule. A smaller value indicates a higher priority.	1
CidrIp	string	The object to which the security group rule applies. The value is an IPv4 CIDR block.	47.100.XX.XX/16
AuthorizeAccessPolicyRules	object []	The client CIDR blocks in a whitelist.
Description	string	The remarks on the CIDR block that is allowed to access the client.	test
CidrIp	string	The CIDR block that is allowed to access the client. The value is an IPv4 CIDR block.	47.100.XX.XX/16
ClientTypes	object []	The logon methods.
Status	string	Indicates whether a specific type of client is allowed to connect to the cloud desktop. Valid values: OFF ON	ON
ClientType	string	The client type. Valid values: html5: web client linux: WUYING hardware terminal android: Android client windows: Windows client ios: iOS client macos: macOS client	windows
PreemptLoginUsers	array	The names of the users that are allowed to connect to the cloud desktop to which another user is logged on.
	string	The name of the user that is allowed to connect to the cloud desktop to which another user is logged on.	Alice
GpuAcceleration	string	Indicates whether the image quality feature is enabled for Graphics cloud desktops. If you have high requirements for desktop performance and user experience, we recommend that you enable this feature. For example, you can enable this feature in professional graphic design scenarios. Valid values: off on	off
UsbSupplyRedirectRule	object []	The USB redirection rule.
VendorId	string	The vendor ID (VID). For more information, see Valid USB VIDs.	04**
ProductId	string	The product ID.	08**
Description	string	The rule description.	Test
UsbRedirectType	long	Indicates whether USB redirection is allowed. Valid values: 1: allowed 2: not allowed	1
DeviceClass	string	The device class. This parameter is required when `usbRuleType` is set to 1. For more information, see Defined Class Codes.	0Eh
DeviceSubclass	string	The subclass of the device. This parameter is required when `usbRuleType` is set to 1. For more information, see Defined Class Codes.	xxh
UsbRuleType	long	The type of the USB redirection rule. Valid values: 1: by device class 2: by device vendor	1
DomainResolveRuleType	string	Indicates whether the switch for domain name resolution is turned on. Valid values: off on	on
DomainResolveRule	object []	The rule of domain name resolution.
Domain	string	The domain name.	*.com
Policy	string	Indicates whether the domain name resolution is allowed. Valid values: allow block	allow
Description	string	The rule description.	Test
NetRedirectRule	object []	The network redirection rule. Note This parameter is in invitational preview and not available to the public.
Domain	string	The rule content.	*.com
RuleType	string	The rule type. Valid values: prc: process domain: domain name	domain
Policy	string	Indicates whether the rule is allowed. Valid values: allow block	allow
Recording	string	Indicates whether the screen recording feature is enabled. Valid values: ALLTIME: All operations that are performed by end users on cloud desktops are recorded. The recording starts immediately when end users connect to cloud desktops and ends after the end users disconnect from the cloud desktops. PERIOD: The operations that are performed by end users on cloud desktops during a specified period of time are recorded. You must specify the start time and the end time of the recording. OFF: The screen recording feature is disabled.	OFF
RecordingStartTime	string	The time when the screen recording was started. The value is in the HH:MM:SS format. The value takes effect only when Recording is set to PERIOD.	08:00:00
RecordingEndTime	string	The time when the screen recording ended. The value is in the HH:MM:SS format. The value takes effect only when Recording is set to PERIOD.	08:59:00
RecordingFps	long	The frame rate of screen recording. Unit: fps. Valid values: 2 5 10 15	5
RecordingExpires	long	The period in which the screen recording audit is valid. Valid values: 15 to 180. Unit: day.	15
CameraRedirect	string	Indicates whether the webcam redirection feature is enabled. Valid values: off on (default)	on
NetRedirect	string	Indicates whether the network redirection feature is enabled. Valid values: on off Default value: off. Note This parameter is in invitational preview and not available to the public.	off
AppContentProtection	string	Indicates whether the anti-screenshot feature is enabled. Valid values: on off Default value: off.	off
RecordContent	string	Indicates whether the custom screen recording feature is enabled. Valid values: on off Default value: off.	off
RecordContentExpires	long	The period when the custom screen recording can be retained before expiration. Default value: 30 days.	30
RemoteCoordinate	string	The permissions on the keyboard and mouse to control the cloud desktop during remote assistance. Valid values: fullControl: The keyboard and mouse are fully controlled. optionalControl: By default, you do not have the permissions on the keyboard or mouse to control the cloud desktop during remote assistance. You can apply for the permissions. disableControl: The keyboard and mouse are not controlled.	fullControl
RecordingDuration	integer	This parameter is used with the Recording parameter to generate a screen recording file after you specify the duration of screen recording.	10
Scope	string	The effective scope of the policy. Valid values: GLOBAL: The policy takes effect globally. IP: The policy takes effect based on IP addresses.	GLOBAL
ScopeValue	array	This parameter is required when Scope is set to IP. This parameter takes effect when Scope is set to IP.
	string	The CIDR block on which the policy takes effect.	47.100.XX.XX/24
RecordingAudio	string	Indicates whether to record audio or video data that is generated on the cloud desktop during screen recording. Valid values: on: records audio and video data. off: records only video data.	on
InternetCommunicationProtocol	string	The protocol that is used for network communication. Valid values: TCP: Only TCP can be used. BOTH: TCP or UDP can be used. The system switches between TCP and UDP based on the actual network condition. Default value: TCP.	BOTH
VideoRedirect	string	Indicates whether the multimedia redirection feature is enabled. Valid values: on and off.	off
WatermarkTransparencyValue	integer	The watermark transparency. A greater value indicates that the watermark is less transparent. Valid values: 10 to 100.	10
WatermarkColor	integer	The font color in red, green, and blue (RGB) of the watermark. Valid values: 0 to 16777215.	0
WatermarkFontSize	integer	The font size of the watermark. Valid values: 10 to 20.	10
WatermarkFontStyle	string	The font style of the watermark. Valid values: plain bold	plain
WatermarkDegree	double	The slope of the watermark. Valid values: -10 to -30.	-10
WatermarkRowAmount	integer	The number of watermark rows. This parameter is now invalid.	5
EndUserApplyAdminCoordinate	string	Indicates whether the switch for end users to ask for assistance from the administrator is turned on. Valid values: on and off.	on
EndUserGroupCoordinate	string	Indicates whether the switch for stream collaboration between end users is turned on. Valid values: on and off.	on
CpuProtectedMode	string	Indicates whether the switch for CPU protection mode is turned on. Valid values: on and off.	on
CpuRateLimit	integer	The overall CPU utilization. Valid values: 70 to 90.	70
CpuSampleDuration	integer	The overall CPU sampling duration. Valid values: 10 to 60.	10
CpuSingleRateLimit	integer	The usage of a single CPU. Valid values: 70 to 100.	70
CpuDownGradeDuration	integer	The CPU underclocking duration. Valid values: 30 to 120.	30
CpuProcessors	array	The process whitelist that is not restricted by the CPU usage limit.
	string	The process name.	chrome.exe
MemoryProtectedMode	string	Indicates whether the switch for memory protection mode is turned on. Valid values: on and off.	on
MemoryRateLimit	integer	The overall memory usage. Valid values: 70 to 90.	70
MemorySampleDuration	integer	The overall sampling duration of memory statistics. Valid values: 30 to 60.	30
MemorySingleRateLimit	integer	The memory usage of a single process. Valid values: 30 to 60.	30
MemoryDownGradeDuration	integer	The duration required for underclocking memory by a single process. Valid values: 30 to 120.	30
MemoryProcessors	array	The whitelist of processes that are not restricted by the memory usage limit.
	string	The process name.	notepad.exe
WatermarkSecurity	string	Indicates whether the security priority for invisible watermarks is enabled. Valid values: on and off.	on
WatermarkAntiCam	string	Indicates whether the anti-screen photo feature is enabled for invisible watermarks. Valid values: on and off.	off
WatermarkPower	string	The invisible watermark enhancement feature. Valid values: low, medium, and high.	medium
RecordingUserNotify	string	Indicates whether the client notification of screen recording is enabled. Valid values: on and off.	off
RecordingUserNotifyMessage	string	The notification content of screen recording. By default, this parameter is left empty.	Your desktop is being recorded
AdminAccess	string	Indicates whether users have the administrator permissions after they connect to cloud desktops. Note This parameter is in invitational preview and not available to the public.	deny

Examples

Sample success responses

JSONformat

{
  "NextToken": "caeba0bbb2be03f84eb48b699f0a****",
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3****",
  "DescribePolicyGroups": [
    {
      "PolicyStatus": "AVAILABLE",
      "Html5Access": "off",
      "WatermarkType": "EndUserId",
      "PreemptLogin": "off",
      "WatermarkCustomText": "test",
      "Clipboard": "readwrite",
      "DomainList": "off",
      "PolicyGroupId": "pg-gx2x1dhsmthe9****",
      "PrinterRedirection": "on",
      "WatermarkTransparency": "LIGHT",
      "Html5FileTransfer": "off",
      "UsbRedirect": "on",
      "PolicyGroupType": "SYSTEM",
      "Watermark": "on",
      "VisualQuality": "medium",
      "EdsCount": 1,
      "Name": "testPolicyGroupName",
      "LocalDrive": "readwrite",
      "AuthorizeSecurityPolicyRules": [
        {
          "Type": "inflow",
          "Policy": "accept",
          "Description": "test",
          "PortRange": "22/22",
          "IpProtocol": "tcp",
          "Priority": "1",
          "CidrIp": "47.100.XX.XX/16"
        }
      ],
      "AuthorizeAccessPolicyRules": [
        {
          "Description": "test",
          "CidrIp": "47.100.XX.XX/16"
        }
      ],
      "ClientTypes": [
        {
          "Status": "ON",
          "ClientType": "windows"
        }
      ],
      "PreemptLoginUsers": [
        "Alice"
      ],
      "GpuAcceleration": "off",
      "UsbSupplyRedirectRule": [
        {
          "VendorId": "04**",
          "ProductId": "08**",
          "Description": "Test\n",
          "UsbRedirectType": 1,
          "DeviceClass": "0Eh",
          "DeviceSubclass": "xxh",
          "UsbRuleType": 1
        }
      ],
      "DomainResolveRuleType": "on",
      "DomainResolveRule": [
        {
          "Domain": "*.com",
          "Policy": "allow",
          "Description": "Test\n"
        }
      ],
      "NetRedirectRule": [
        {
          "Domain": "*.com",
          "RuleType": "domain",
          "Policy": "allow"
        }
      ],
      "Recording": "OFF",
      "RecordingStartTime": "08:00:00",
      "RecordingEndTime": "08:59:00",
      "RecordingFps": 5,
      "RecordingExpires": 15,
      "CameraRedirect": "on",
      "NetRedirect": "off",
      "AppContentProtection": "off",
      "RecordContent": "off",
      "RecordContentExpires": 30,
      "RemoteCoordinate": "fullControl",
      "RecordingDuration": 10,
      "Scope": "GLOBAL",
      "ScopeValue": [
        "47.100.XX.XX/24"
      ],
      "RecordingAudio": "on",
      "InternetCommunicationProtocol": "BOTH",
      "VideoRedirect": "off",
      "WatermarkTransparencyValue": 10,
      "WatermarkColor": 0,
      "WatermarkFontSize": 10,
      "WatermarkFontStyle": "plain",
      "WatermarkDegree": -10,
      "WatermarkRowAmount": 5,
      "EndUserApplyAdminCoordinate": "on",
      "EndUserGroupCoordinate": "on",
      "CpuProtectedMode": "on",
      "CpuRateLimit": 70,
      "CpuSampleDuration": 10,
      "CpuSingleRateLimit": 70,
      "CpuDownGradeDuration": 30,
      "CpuProcessors": [
        "chrome.exe"
      ],
      "MemoryProtectedMode": "on",
      "MemoryRateLimit": 70,
      "MemorySampleDuration": 30,
      "MemorySingleRateLimit": 30,
      "MemoryDownGradeDuration": 30,
      "MemoryProcessors": [
        "notepad.exe"
      ],
      "WatermarkSecurity": "on",
      "WatermarkAntiCam": "off",
      "WatermarkPower": "medium",
      "RecordingUserNotify": "off",
      "RecordingUserNotifyMessage": "Your desktop is being recorded\n",
      "AdminAccess": "deny"
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2024-01-26