Permission Policy Actions and Resources
Gateway Group
Action | Resource | API |
---|---|---|
gateway:GetGatewayGroup | arn:api7:gateway:gatewaygroup/%s | List all gateway groups,Get a gateway group |
gateway:CreateGatewayGroup | arn:api7:gateway:gatewaygroup/* | Create a gateway group |
gateway:UpdateGatewayGroup | arn:api7:gateway:gatewaygroup/%s | Update a gateway group, Generate admin key for a gateway group |
gateway:DeleteGatewayGroup | arn:api7:gateway:gatewaygroup/%s | Delete a gateway group |
Published Service
note
Please be careful about the difference between service ID and service template ID.
Routes
note
Please be careful about the difference between service ID and service template ID.
Action | Resource | API |
---|---|---|
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | List all routes in a published service on a gateway group using service template ID, List all routes in a published service on a gateway group, Get a route on a gateway group, Get a route in a published service on a gateway group using service template ID |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | Create a route in a published service on a gateway group, Update a route in a published service, Patch a route in a published service on a gateway group, Delete a route in a published service on a gateway group |
Stream Routes
note
Please be careful about the difference between service ID and service template ID.
Action | Resource | API |
---|---|---|
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | List all stream routes in a published service on a gateway group using service template ID, List all stream routes in a published service on a gateway group, Get a stream route in a published service on a gateway group, Get a stream route in a published service on a gateway group |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | Create a stream route in a published service on a gateway group, Update a stream route in a published service on a gateway group, Delete a stream route in a published service on a gateway group |
Gateway Instance
Action | Resource | API |
---|---|---|
gateway:GetGatewayInstance | arn:api7:gateway:gatewaygroup/%s | List all gateway instances of all gateway groups, List all gateway instances of a gateway group , Calculate the number of instances in different states of a gateway group |
gateway:GetGatewayInstanceCore | arn:api7:gateway:gatewaygroup/* | List gateway instances cores of all gateway groups,Export the gateway instance core usage |
gateway:CreateGatewayInstance | arn:api7:gateway:gatewaygroup/%s | Issue a data plane certificate on a gateway group , Create a token for all gateway instances in a gateway group. , Generate script to install the gateway instance by Docker , Generate script to install the gateway instance by Helm in Kubernetes , Generate values.yaml to install the gateway instance by Helm in Kubernetes |
Permission Policy
Action | Resource | API |
---|---|---|
iam:GetPermissionPolicy | arn:api7:iam:permissionpolicy/%s | List all permission policies, Get a permission policy , List all permission policies attached to a role |
iam:CreatePermissionPolicy | arn:api7:iam:permissionpolicy/* | Create a permission policy |
iam:UpdatePermissionPolicy | arn:api7:iam:permissionpolicy/%s | Update a permission policy |
iam:DeletePermissionPolicy | arn:api7:iam:permissionpolicy/%s | Delete a permission policy |
Role
Action | Resource | API |
---|---|---|
iam:GetRole | arn:api7:iam:role/%s | List all roles, Get a role |
iam:CreateRole | arn:api7:iam:role/* | Create a role |
iam:UpdateRole | arn:api7:iam:role/%s | Attach permission policies to a role, Detach permission policies to a role, Update a role |
iam:DeleteCustomRole | arn:api7:iam:role/%s | Delete a role |
User
Action | Resource | API |
---|---|---|
iam:GetUser | arn:api7:iam:user/%s | List all users , Get a user |
iam:InviteUser | arn:api7:iam:user/* | Invite a user |
iam:UpdateUserRole | arn:api7:iam:user/%s | Update assigned roles for a user |
iam:ResetPassword | arn:api7:iam:user/%s | Reset the password to specific value |
iam:DeleteUser | arn:api7:iam:user/%s | Delete a user |
SSL Certificate
Action | Resource | API |
---|---|---|
gateway:GetSSLCertificate | arn:api7:gateway:gatewaygroup/%s | List all SSL certificates on a gateway group , Get a SSL certificate on a gateway group |
gateway:CreateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | Create a SSL certificate on a gateway group |
gateway:UpdateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | Update a SSL certificate on a gateway group |
gateway:DeleteSSLCertificate | arn:api7:gateway:gatewaygroup/%s | Delete a SSL certificate on a gateway group |
Global Rule
Action | Resource | API |
---|---|---|
gateway:GetGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | List all global rules on a gateway group, Get a global rule on a gateway group |
gateway:CreateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | Create a global rule on a gateway group |
gateway:UpdateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | Update a global rule on a gateway group |
gateway:DeleteGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | Delete a global rule on a gateway group |
Plugin Metadata
Action | Resource | API |
---|---|---|
gateway:GetPluginMetadata | arn:api7:gateway:gatewaygroup/%s | List all plugin metadata on a gateway group, Get a plugin metadata on a gateway group |
gateway:UpdatePluginMetadata | arn:api7:gateway:gatewaygroup/%s | Update a plugin metadata on a gateway group |
gateway:DeletePluginMetadata | arn:api7:gateway:gatewaygroup/%s | Delete a plugin metadata on a gateway group |
Consumer
Action | Resource | API |
---|---|---|
gateway:GetConsumer | arn:api7:gateway:gatewaygroup/%s/consumer/%s | List all consumers on a gateway group, Get a consumer on a gateway group |
gateway:CreateConsumer | arn:api7:gateway:gatewaygroup/%s/consumer/* | Create consumer on a gateway group |
gateway:UpdateConsumer | arn:api7:gateway:gatewaygroup/%s/consumer/%s | Create or update a consumer on a gateway group,Update a consumer on a gateway group |
gateway:DeleteConsumer | arn:api7:gateway:gatewaygroup/%s/consumer/%s | Delete a consumer on a gateway group |
gateway:GetConsumerCredential | arn:api7:gateway:gatewaygroup/%s/consumer/%s | List all credentials of a consumer on a gateway group |
gateway:CreateConsumerCredential | arn:api7:gateway:gatewaygroup/%s/consumer/%s | Create a credential of a consumer on a gateway group |
gateway:UpdateConsumerCredential | arn:api7:gateway:gatewaygroup/%s/consumer/%s | Update a credential of a consumer on a gateway group |
gateway:DeleteConsumerCredential | arn:api7:gateway:gatewaygroup/%s/consumer/%s | Delete a credential of a consumer on a gateway group |
Secret
Action | Resource | API |
---|---|---|
gateway:GetSecretProvider | arn:api7:gateway:gatewaygroup/%s | List all secret providers, Get a secret provider on a gateway group |
gateway:PutSecretProvider | arn:api7:gateway:gatewaygroup/%s | Update a secret on a gateway group |
gateway:DeleteSecretProvider | arn:api7:gateway:gatewaygroup/%s | Delete a secret on a gateway group |
Service Registry
Action | Resource | API |
---|---|---|
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | List all service registry connections on a gateway group, Get a service registry connection on a gateway group, List all published services connected to a service registry , Get health check history of a service registry connection on a gateway group , List all internal services in a Kubernetes service registry , List all namespaces in a Nacos service registry , List all groups in a Nacos namespace, List all internal services in a Nacos group, Get all instance metadata of a Nacos services registry |
gateway:ConnectServiceRegistry | arn:api7:gateway:gatewaygroup/%s | Create a service registry connection on a gateway group |
gateway:UpdateServiceRegistry | arn:api7:gateway:gatewaygroup/%s | Update a service registry connection on a gateway group |
gateway:DisconnectServiceRegistry | arn:api7:gateway:gatewaygroup/%s | Delete a service registry connection on a gateway group |
Service Template
note
System Settings
Action | Resource | API |
---|---|---|
gateway:UpdateDeploymentSetting | arn:api7:gateway:gatewaysetting/* | Update deployment settings |
iam:UpdateSCIMProvisioning | arn:api7:iam:organization/* | Update deployment settings , Generate SCIM Token |
iam:GetSCIMProvisioning | arn:api7:iam:organization/* | Get SCIM settings |
Login Option
Action | Resource | API |
---|---|---|
iam:GetLoginOption | arn:api7:iam:organization/* | Get a login option |
iam:CreateLoginOption | arn:api7:iam:organization/* | Create a login option |
iam:UpdateLoginOption | arn:api7:iam:organization/* | Update a login option, Patch a login option |
iam:DeleteLoginOption | arn:api7:iam:organization/* | Delete a login option |
Custom Plugin
Action | Resource | API |
---|---|---|
gateway:GetCustomPlugin | arn:api7:gateway:gatewaysetting/* | List all custom plugins, Get a custom plugin |
gateway:CreateCustomPlugin | arn:api7:gateway:gatewaysetting/* | Create a custom plugin |
gateway:UpdateCustomPlugin | arn:api7:gateway:gatewaysetting/* | Update a custom plugin |
gateway:DeleteCustomPlugin | arn:api7:gateway:gatewaysetting/* | Delete a custom plugin |
Alert
Action | Resource | API |
---|---|---|
gateway:GetAlertPolicy | arn:api7:gateway:alert/* | List all alert policies, Get an alert policy , List all alert history |
gateway:CreateAlertPolicy | arn:api7:gateway:alert/* | Create an alert policy |
gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | Update an alert policy, Update triggers of an alert policy,Patch an alert policy |
gateway:DeleteAlertPolicy | arn:api7:gateway:alert/* | Delete an alert policy. |
gateway:GetWebhookTemplate | arn:api7:gateway:alert/* | List all alert Webhook templates, Get an alert Webhook template, List alert Webhook template refers |
gateway:CreateWebhookTemplate | arn:api7:gateway:alert/* | Create an alert Webhook template |
gateway:UpdateWebhookTemplate | arn:api7:gateway:alert/* | Update an alert Webhook template |
gateway:DeleteWebhookTemplate | arn:api7:gateway:alert/* | Delete an alert Webhook template |
License
Action | Resource | API |
---|---|---|
iam:UpdateLicense | arn:api7:iam:organization/* | Update API7 License |
Audit
Action | Resource | API |
---|---|---|
iam:GetAudit | arn:api7:iam:organization/* | List all audit logs |
iam:ExportAudits | arn:api7:iam:organization/* | Export all audit logs |