子账号通过Domain API访问主账号资源时需要遵循鉴权规则。本文为您介绍Domain API鉴权的规则。
当子账号通过Domain API访问主账号的Domain资源时,Domain后台会向RAM进行权限检查,以确保资源拥有者已向调用者授予了相关资源的相关权限。
根据涉及到的资源及API的语义,每个Domain API会相应地确定需要检查哪些资源的权限。下表具体介绍了各API的鉴权规则。
说明 $accountid表示账号ID,您可以登录您的阿里云账号查看账号ID。
| API | 鉴权Action | 鉴权Resource |
|---|---|---|
| SaveSingleTaskForUpdatingContactInfo | domain:DomainInfoModification | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForUpdatingContactInfo | acs:domain:*:$accountid:domain/$domainName | |
| TransferInReenterTransferAuthorizationCode | domain:DomainTransferInOperation | acs:domain:*:$accountid:domain/$domainName |
| TransferInRefetchWhoisEmail | acs:domain:*:$accountid:domain/$domainName | |
| TransferInResendMailToken | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferIn | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferOut | domain:DomainTransferOutOperation | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForQueryingTransferAuthorizationCode | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForModifyingDnsHost | domain:DnsHostModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForCreatingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForSynchronizingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForDeletingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForModifyingDomainDns | domain:DnsModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForTransferProhibitionLock | domain:SecuritySetting | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForTransferProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName |
| API | 鉴权Action | 鉴权Resource |
|---|---|---|
| QueryDomainList | domain:QueryCommonInfo | acs:domain:*:$accountid:* |
| QueryDomainByInstanceId | acs:domain:*:$accountid:* | |
| QueryContactInfo | acs:domain:*:$accountid:* | |
| VerifyContactField | acs:domain:*:$accountid:* | |
| QueryTaskList | domain:QueryDomainTask | acs:domain:*:$accountid:* |
| QueryTaskInfoHistory | acs:domain:*:$accountid:* | |
| QueryTaskDetailList | acs:domain:*:$accountid:* | |
| QueryTaskDetailHistory | acs:domain:*:$accountid:* | |
| PollTaskResult | acs:domain:*:$accountid:* | |
| QueryChangeLogList | domain:QueryChangeLog | acs:domain:*:$accountid:* |
| QueryTransferInByInstanceId | domain:QueryDomainTransferIn | acs:domain:*:$accountid:* |
| QueryTransferInList | acs:domain:*:$accountid:* | |
| CheckTransferInFeasibility | acs:domain:*:$accountid:* | |
| TransferInCheckMailToken | domain:TransferInCheckMailToken | acs:domain:*:$accountid:* |
| QueryTransferOutInfo | domain:QueryDomainTransferOut | acs:domain:*:$accountid:* |
| QueryDnsHost | domain:QueryDnsHost | acs:domain:*:$accountid:* |
| QueryRegistrantProfiles | domain:QueryRegistrantProfile | acs:domain:*:$accountid:* |
| ListEmailVerification | domain:QueryEmailVerification | acs:domain:*:$accountid:* |
| AcknowledgeTaskResult | domain:AcknowledgeTaskResult | acs:domain:*:$accountid:* |
| SaveRegistrantProfile | domain:RegistrantProfileOperation | acs:domain:*:$accountid:* |
| DeleteRegistrantProfile | acs:domain:*:$accountid:* | |
| DeleteEmailVerification | domain:EmailVerificationOperation | acs:domain:*:$accountid:* |
| VerifyEmail | acs:domain:*:$accountid:* | |
| ResendEmailVerification | acs:domain:*:$accountid:* | |
| SubmitEmailVerification | acs:domain:*:$accountid:* |
| API | 鉴权Action | 鉴权Resource |
|---|---|---|
| * | domain:* | acs:domain:*:$accountid:* |