Creates a policy.

Description

A policy is a set of security rules that are used to control security configurations when regular users use cloud desktops. A policy consists of basic policies, such as USB redirection and watermarking, and security group rules. For more information, see Policy overview.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreatePolicyGroup

The operation that you want to perform. Set the value to CreatePolicyGroup.

RegionId String Yes cn-hangzhou

The ID of the region.

Clipboard String No off

The permissions on clipboards. Valid values:

  • read: specifies a one-way transfer. You can copy data from your computer to cloud desktops, but cannot copy data from cloud desktops to your computer.
  • readwrite: specifies a two-way transfer. You can copy data between your computer and cloud desktops.
  • off: specifies that a two-way transfer is disabled. You cannot copy data between your computer and cloud desktops.

Default value: off.

LocalDrive String No off

The permissions on local disk mapping. Valid values:

  • read: read-only. The local disks on your computer are mapped to cloud desktops. You can only read (copy) local files, but cannot modify them.
  • readwrite: read and write. The local disks on your computer are mapped to cloud desktops. You can read (copy) and modify local files.
  • off: disabled. Disks on your computer are not mapped to cloud desktops.

Default value: off.

UsbRedirect String No off

Specifies whether to enable USB redirection. Valid values:

  • on: enables USB redirection.
  • off: disables USB redirection.

Default value: off.

VisualQuality String No medium

The policy of image display quality. Valid values:

  • low
  • medium
  • high
  • lossless

Default value: medium.

Html5Access String No hide

The access policy for HTML5 clients. Valid values:

  • on: allows access from HTML5 clients.
  • off: denies access from HTML5 clients.

Default value: off.

Note We recommend that you use the ClientType-related parameters to control the EDS client type for cloud desktop logon.
Html5FileTransfer String No off

The file transfer policy for HTML5 clients. Valid values:

  • off: Files on your computer cannot be transferred from HTML5 clients.
  • upload: Files on your computer can be uploaded to HTML5 clients.
  • download: Files on HTML5 clients can be downloaded to your computer.
  • all: Files can be uploaded and downloaded between your computer and HTML5 clients.

Default value: off.

Watermark String No off

Specifies whether to enable watermarking. Valid values:

  • on: enables watermarking.
  • off: disables watermarking.

Default value: off.

Name String No testPolicyGroupName

The name of the policy.

WatermarkType String No EndUserId

The type of the watermark. You can specify multiple watermark types at a time. Separate the watermark types with commas (,). Valid values:

  • EndUserId: The username is displayed.
  • HostName: The last 15 characters of the cloud desktop ID are displayed.
WatermarkTransparency String No LIGHT

The transparency of the watermark. Valid values:

  • LIGHT
  • MIDDLE
  • DARK

Default value: LIGHT.

PreemptLogin String No on

Specifies whether to allow user preemption.

Note To improve user experience and ensure data security, multiple regular users are not allowed to log on to the same cloud desktop. By default, this feature is disabled and the value cannot be modified.
DomainList String No [black:],example.com

The domain blacklist or whitelist. Wildcard domains are supported. Separate domain names with commas (,). Valid values:

  • [black:],example1.com,example2.com: the domain name blacklist. The cloud desktop cannot access the domain names specified in the blacklist.
  • [white:],example1.com,example2.com: the domain name whitelist. The cloud desktop can access only the domain names specified in the whitelist.
PrinterRedirection String No on

The policy of the printer redirection. Valid values:

  • off: disables printer redirection.
  • on: enables printer redirection.
PreemptLoginUser.N RepeatList No Alice

The user N that is allowed to log on to a cloud desktop that another user is logged on. The value is the username that you specify. You can specify up to five usernames.

Note To improve user experience and ensure data security, multiple regular users are not allowed to log on to the same cloud desktop.
AuthorizeSecurityPolicyRule.N.Type String No inflow

The direction of security group rule N. Valid values:

  • inflow: inbound
  • outflow: outbound
AuthorizeSecurityPolicyRule.N.Policy String No accept

The authorization policy of security group rule N. Valid values:

  • accept: specifies the Allow policy that allows all access requests.
  • drop: specifies the Deny policy that denies all access requests. If no messages of access denied are returned, the requests timed out or failed.

Default value: accept.

AuthorizeSecurityPolicyRule.N.PortRange String No 22/22

The port range of security group rule N. The value of the port range is determined by the protocol type specified by the AuthorizeSecurityPolicyRule.N.IpProtocol parameter.

  • If the AuthorizeSecurityPolicyRule.N.IpProtocol parameter is set to tcp or udp, the port range is 1 to 65535. Separate the start port and the end port with a forward slash (/). Example: 1/200.
  • If the AuthorizeSecurityPolicyRule.N.IpProtocol parameter is set to icmp, set the value to -1/-1.
  • If the AuthorizeSecurityPolicyRule.N.IpProtocol parameter is set to gre, set the value to -1/-1.
  • If the AuthorizeSecurityPolicyRule.N.IpProtocol parameter is set to all, set the value to -1/-1.

For more information about the common ports of typical applications, see Common ports.

AuthorizeSecurityPolicyRule.N.Description String No test

The description of security group rule N.

AuthorizeSecurityPolicyRule.N.IpProtocol String No tcp

The protocol type of security group rule N. Valid values:

  • tcp: the TCP protocol
  • udp: the UDP protocol
  • icmp: the ICMP (IPv4) protocol
  • gre: the GRE protocol
  • all: all protocols
AuthorizeSecurityPolicyRule.N.Priority String No 1

The priority of security group rule N. A smaller value indicates a higher priority.

Valid values: 1 to 60.

Default value: 1.

AuthorizeSecurityPolicyRule.N.CidrIp String No 10.0.XX.XX/8

The object to which security group rule N applies. The value is an IPv4 CIDR block.

AuthorizeAccessPolicyRule.N.Description String No test

The description of the client IP address whitelist.

AuthorizeAccessPolicyRule.N.CidrIp String No 10.0.XX.XX/8

The IPv4 CIDR block that can be accessed from the client.

ClientType.N.Status String No ON

Specifies whether client type N is allowed to log on to the cloud desktop. Valid values:

  • ON: allowed
  • OFF: denied
Note By default, if you do not set the ClientType-related parameters, all types of clients are allowed to log on to cloud desktops.
ClientType.N.ClientType String No windows

The client type N that is allowed to log on to cloud desktops. Valid values:

  • windows: the Windows client
  • linux: the Alibaba Cloud cloud client
  • macos: the macOS client
  • ios: the iOS client
  • android: the Android client
  • html5: the web client
Note By default, if you do not set the ClientType-related parameters, all types of clients are allowed to log on to cloud desktops.

Response parameters

Parameter Type Example Description
PolicyGroupId String pg-gx2x1dhsmthe9****

The ID of the policy.

RequestId String 1CBAFFAB-B697-4049-A9B1-67E1FC5F****

The ID of the request.

Examples

Sample requests

https://ecd.cn-hangzhou.aliyuncs.com/?Action=CreatePolicyGroup
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format

<CreatePolicyGroupResponse>
  <RequestId>1CBAFFAB-B697-4049-A9B1-67E1FC5F****</RequestId>
  <PolicyGroupId>pg-gx2x1dhsmthe9****</PolicyGroupId>
</CreatePolicyGroupResponse>

JSON format

{
    "CreatePolicyGroupResponse": {
        "RequestId": "1CBAFFAB-B697-4049-A9B1-67E1FC5F****",
        "PolicyGroupId": "pg-gx2x1dhsmthe9****"
    }
}