j9九游会登录/ 统一身份认证服务 iam_统一身份认证服务(新版)/ 服务授权参考/ / / 设备接入 iotda
更新时间:2025-12-02 gmt 08:00

设备接入 iotda-j9九游会登录

云服务在iam预置了常用授权项,称为系统身份策略。如果iam系统身份策略无法满足授权要求,管理员可以根据各j9九游会登录的服务支持的授权项,创建iam自定义身份策略来进行精细的访问控制,iam自定义身份策略是对系统身份策略的扩展和补充。

除iam服务外,organizations服务中的服务控制策略(service control policy,以下简称scp)也可以使用这些授权项元素设置访问控制策略。

scp不直接进行授权,只划定权限边界。将scp绑定到组织单元或者成员账号时,并没有直接对组织单元或成员账号授予操作权限,而是规定了成员账号或组织单元包含的成员账号的授权范围。iam身份策略授予权限的有效性受scp限制,只有在scp允许范围内的权限才能生效。

iam服务与organizations服务在使用这些元素进行访问控制时,存在着一些区别,详情请参见:iam服务与organizations服务权限访问控制的区别

本章节介绍iam服务基于身份策略授权场景中自定义身份策略和组织服务中scp使用的元素,这些元素包含了操作(action)、资源(resource)和条件(condition)

操作(action)

操作(action)即为身份策略中支持的授权项。

  • “访问级别”列描述如何对操作进行分类(list、read和write等)。此分类可帮助您了解在身份策略中相应操作对应的访问级别。
  • “资源类型”列指每个操作是否支持资源级权限。
    • 资源类型支持通配符号*表示所有。如果此列没有值(-),则必须在身份策略语句的resource元素中指定所有资源类型(“*”)。
    • 如果该列包含资源类型,则必须在具有该操作的语句中指定该资源的urn。
    • 资源类型列中必需资源在表中用星号(*)标识,表示使用此操作必须指定该资源类型。

  • 关于iotda定义的资源类型的详细信息请参见资源类型(resource)

    • “条件键”列包括了可以在身份策略语句的condition元素中iotda支持指定的键值。
      • 如果该授权项资源类型列存在值,则表示条件键仅对列举的资源类型生效。
      • 如果该授权项资源类型列没有值(-),则表示条件键对整个授权项生效。
      • 如果此列条件键没有值(-),表示此操作不支持指定条件键。

      关于iotda定义的条件键的详细信息请参见表4

    • 别名”列包括了可以在身份策略中配置的策略授权项。通过这些授权项,可以控制支持策略授权的api访问。详细信息请参见身份策略兼容性说明

    您可以在身份策略语句的action元素中指定以下iotda的相关操作。

    表1 iotda支持的授权项

    授权项

    描述

    访问级别

    资源类型(*为必须)

    条件键

    别名

    iotda:products:create

    创建产品

    write

    app

    g:enterpriseprojectid

    -

    iotda:products:querylist

    查询产品列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:products:query

    查询产品

    read

    app

    g:enterpriseprojectid

    -

    iotda:products:modify

    修改产品

    write

    app

    g:enterpriseprojectid

    -

    iotda:products:delete

    删除产品

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:register

    创建设备

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:querylist

    查询设备列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:devices:query

    查询设备

    read

    app

    g:enterpriseprojectid

    -

    iotda:devices:querygrouplist

    查询设备群组列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:devices:modify

    修改设备

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:changegateway

    修改设备网关

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:delete

    删除设备

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:resetsecret

    重置设备密钥

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:freeze

    冻结设备

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:unfreeze

    解冻设备

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:resetfingerprint

    重置设备指纹

    write

    app

    g:enterpriseprojectid

    -

    iotda:devices:querylist

    灵活搜索设备列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:devices:queryhistorydata

    查询设备历史数据

    list

    app

    g:enterpriseprojectid

    -

    iotda:messages:send

    下发设备消息

    write

    app

    g:enterpriseprojectid

    -

    iotda:messages:querylist

    查询设备消息列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:messages:query

    查询指定消息id的消息

    read

    app

    g:enterpriseprojectid

    -

    iotda:messages:delete

    删除指定消息id的消息

    write

    app

    g:enterpriseprojectid

    		   

    iotda:message:broadcast

    下发广播消息

    write

    app

    g:enterpriseprojectid

    -

    iotda:commands:send

    下发设备命令

    write

    app

    g:enterpriseprojectid

    -

    iotda:asynccommands:send

    下发异步设备命令

    write

    app

    g:enterpriseprojectid

    -

    iotda:asynccommands:query

    查询指定id的命令

    read

    app

    g:enterpriseprojectid

    -

    iotda:historycommands:querylist

    查询历史异步命令列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:historycommands:querycommandscount

    统计历史异步命令总数

    read

    app

    g:enterpriseprojectid

    -

    iotda:properties:modify

    修改设备属性

    write

    app

    g:enterpriseprojectid

    -

    iotda:properties:query

    查询设备属性

    read

    app

    g:enterpriseprojectid

    -

    iotda:shadow:query

    查询设备影子数据

    read

    app

    g:enterpriseprojectid

    -

    iotda:shadow:delete

    删除设备影子数据

    write

    app

    g:enterpriseprojectid

    		   

    iotda:shadow:config

    配置设备影子预期数据

    write

    app

    g:enterpriseprojectid

    -

    iotda:amqpqueue:create

    创建amqp队列

    write

    -

    g:enterpriseprojectid

    -

    iotda:amqpqueue:querylist

    查询amqp列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:amqpqueue:query

    查询单个amqp队列

    read

    -

    g:enterpriseprojectid

    -

    iotda:amqpqueue:delete

    删除amqp队列

    write

    -

    g:enterpriseprojectid

    -

    iotda:amqpqueue:disconnect

    断开amqp队列连接

    write

    -

    g:enterpriseprojectid

    iotda:amqpqueue:delete

    iotda:accesscode:create

    生成接入凭证

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingrules:create

    创建规则触发条件

    write

    app

    g:enterpriseprojectid

    -

    iotda:routingrules:querylist

    查询规则条件列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:routingrules:query

    查询规则条件

    read

    app

    g:enterpriseprojectid

    -

    iotda:routingrules:modify

    修改规则触发条件

    write

    app

    g:enterpriseprojectid

    -

    iotda:routingrules:delete

    删除规则触发条件

    write

    app

    g:enterpriseprojectid

    -

    iotda:routingrules:verifysql

    校验sql有效性

    write

    app

    g:enterpriseprojectid

    -

    iotda:routingbacklogpolicy:create

    创建外出推送积压策略

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingbacklogpolicy:querylist

    查询外出推送积压策略列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:routingbacklogpolicy:delete

    删除外出推送积压策略

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingbacklogpolicy:query

    查询外出推送积压策略

    read

    -

    g:enterpriseprojectid

    -

    iotda:routingbacklogpolicy:update

    修改外出推送积压策略

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingflowcontrolpolicy:create

    创建外出流控策略

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingflowcontrolpolicy:update

    更新外出流控策略

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingflowcontrolpolicy:querylist

    查询外出流控策略列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:routingflowcontrolpolicy:query

    查询流控策略详情

    read

    -

    g:enterpriseprojectid

    -

    iotda:routingflowcontrolpolicy:delete

    删除外出流控策略

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingactions:create

    创建规则动作

    write

    app

    g:enterpriseprojectid

    iotda:httpforwardingenablessl

    iotda:httpforwardingenableauthentication

    iotda:dmskafkaforwardingenableauthentication

    iotda:dmskafkaforwardingenablessl

    iotda:mysqlforwardingenablessl

    iotda:postgresqlforwardingenablessl

    iotda:mrskafkaforwardingenableauthentication

    iotda:dmsrocketmqforwardingenablessl

    iotda:mongodbforwardingenablessl

    -

    iotda:routingactions:querylist

    查询规则动作列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:routingactions:query

    查询规则动作

    read

    app

    g:enterpriseprojectid

    -

    iotda:routingactions:modify

    修改规则动作

    write

    app

    g:enterpriseprojectid

    iotda:httpforwardingenablessl

    iotda:httpforwardingenableauthentication

    iotda:dmskafkaforwardingenableauthentication

    iotda:dmskafkaforwardingenablessl

    iotda:mysqlforwardingenablessl

    iotda:postgresqlforwardingenablessl

    iotda:mrskafkaforwardingenableauthentication

    iotda:dmsrocketmqforwardingenablessl

    iotda:mongodbforwardingenablessl

    -

    iotda:routingactions:delete

    删除规则动作

    write

    app

    g:enterpriseprojectid

    -

    iotda:routingactions:verifyconnectivity

    验证连通性

    write

    app

    g:enterpriseprojectid

    iotda:routingactions:modify

    iotda:routingactions:querystats

    查询规则动作的统计

    read

    app

    g:enterpriseprojectid

    iotda:routingactions:query

    iotda:routingactions:clearmessage

    清理规则动作积压数据

    write

    app

    g:enterpriseprojectid

    -

    iotda:rules:create

    创建规则

    write

    -

    g:enterpriseprojectid

    -

    iotda:rules:querylist

    查询规则列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:rules:modify

    修改规则

    write

    -

    g:enterpriseprojectid

    -

    iotda:rules:query

    查询规则

    read

    -

    g:enterpriseprojectid

    -

    iotda:rules:delete

    删除规则

    write

    -

    g:enterpriseprojectid

    -

    iotda:rules:modifystatus

    修改规则状态

    write

    -

    g:enterpriseprojectid

    -

    iotda:group:create

    添加设备组

    write

    app

    g:enterpriseprojectid

    -

    iotda:group:querylist

    查询设备组列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:group:query

    查询设备组

    read

    app

    g:enterpriseprojectid

    -

    iotda:group:modify

    修改设备组

    write

    app

    g:enterpriseprojectid

    -

    iotda:group:delete

    删除设备组

    write

    app

    g:enterpriseprojectid

    -

    iotda:group:adddevice

    管理设备组中的设备

    write

    app

    g:enterpriseprojectid

    -

    iotda:group:querydevicelist

    查询设备组设备列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:tags:bind

    绑定标签

    tagging

    -
    • g:enterpriseprojectid
    • g:requesttag/
    • g:tagkeys

    -

    iotda:tags:unbind

    解绑标签

    tagging

    -
    • g:enterpriseprojectid
    • g:requesttag/
    • g:tagkeys

    -

    iotda:tags:queryresourcelist

    按标签查询资源

    list

    -
    • g:enterpriseprojectid
    • g:requesttag/
    • g:tagkeys

    iotda:tags:query

    iotda:apps:querylist

    查询资源空间列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:app:create

    创建资源空间

    write

    app

    g:enterpriseprojectid

    -

    iotda:apps:query

    查询资源空间

    read

    app

    g:enterpriseprojectid

    -

    iotda:apps:delete

    删除资源空间

    write

    app

    g:enterpriseprojectid

    -

    iotda:apps:update

    修改资源空间

    write

    app

    g:enterpriseprojectid

    		   

    iotda:batchtasks:create

    创建批量任务

    write

    -

    g:enterpriseprojectid

    -

    iotda:batchtasks:querylist

    查询批量任务列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:batchtasks:query

    查询批量任务

    read

    -

    g:enterpriseprojectid

    -

    iotda:batchtasks:retry

    批量任务重试

    write

    -

    g:enterpriseprojectid

    iotda:batchtasks:create

    iotda:batchtasks:stop

    批量任务停止

    write

    -

    g:enterpriseprojectid

    -

    iotda:batchtasks:delete

    删除批量任务

    write

    -

    g:enterpriseprojectid

    -

    iotda:batchtaskfiles:create

    上传批量任务文件

    write

    -

    g:enterpriseprojectid

    -

    iotda:batchtaskfiles:querylist

    查询批量任务文件列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:batchtaskfiles:delete

    删除批量任务文件

    write

    -

    g:enterpriseprojectid

    -

    iotda:certificates:upload

    上传设备ca证书

    write

    app

    g:enterpriseprojectid

    -

    iotda:certificates:querylist

    获取设备ca证书列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:certificates:delete

    删除设备ca证书

    write

    app

    g:enterpriseprojectid

    -

    iotda:certificates:check

    验证设备ca证书

    write

    app

    g:enterpriseprojectid

    -

    iotda:certificate:query

    查询设备ca证书

    read

    app

    g:enterpriseprojectid

    -

    iotda:certificates:update

    更新设备ca证书

    write

    app

    g:enterpriseprojectid

    -

    iotda:certificates:debug

    调试设备ca证书

    write

    app

    g:enterpriseprojectid

    -

    iotda:appcacertificate:querylist

    查询应用侧ca证书列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:appcacertificate:create

    上传应用侧ca证书

    write

    -

    g:enterpriseprojectid

    -

    iotda:appcacertificate:delete

    删除应用侧ca证书

    write

    -

    g:enterpriseprojectid

    iotda:cacertificates:delete

    iotda:appcacertificate:update

    更新应用侧ca证书

    write

    -

    g:enterpriseprojectid

    iotda:cacertificates:update

    iotda:servercertificate:query

    查询接入证书

    read

    -

    g:enterpriseprojectid

    -

    iotda:servercertificate:update

    更新接入证书

    write

    -

    g:enterpriseprojectid

    -

    iotda:servercertificate:create

    创建接入证书

    write

    -

    g:enterpriseprojectid

    -

    iotda:servercertificate:delete

    删除接入证书

    write

    -

    g:enterpriseprojectid

    -

    iotda:servercertificate:querylist

    查询接入证书列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:otapackages:create

    创建ota升级包

    write

    -

    g:enterpriseprojectid

    -

    iotda:otapackages:querylist

    查询ota升级包列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:otapackages:query

    获取ota升级包详情

    read

    -

    g:enterpriseprojectid

    -

    iotda:otapackages:delete

    删除ota升级包

    write

    -

    g:enterpriseprojectid

    -

    iotda:obsbucket:query

    查询已配置的文件上传桶名

    read

    -

    g:enterpriseprojectid

    -

    iotda:obsbucket:create

    配置文件上传obs桶

    write

    -

    g:enterpriseprojectid

    -

    iotda:simulator:register

    注册设备模拟器

    write

    app

    g:enterpriseprojectid

    -

    iotda:simulator:queryhistorydata

    查询设备模拟器历史数据

    list

    app

    g:enterpriseprojectid

    -

    iotda:simulator:delete

    删除设备模拟器

    write

    app

    g:enterpriseprojectid

    -

    iotda:bundle:query

    查询插件信息

    read

    app

    g:enterpriseprojectid

    -

    iotda:bundle:querylist

    查询插件列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:bundle:create

    创建插件信息

    write

    app

    g:enterpriseprojectid

    -

    iotda:bundle:update

    更新插件信息

    write

    app

    g:enterpriseprojectid

    -

    iotda:offlinebundle:deploy

    离线插件部署

    write

    app

    g:enterpriseprojectid

    -

    iotda:onlinebundle:deploy

    在线插件部署

    write

    app

    g:enterpriseprojectid

    -

    iotda:bundlemapping:query

    查询编解码对应关系

    read

    -

    g:enterpriseprojectid

    -

    iotda:bundlemapping:save

    保存编解码对应关系

    write

    -

    g:enterpriseprojectid

    -

    iotda:bundlemessage:query

    查询插件消息

    read

    -

    g:enterpriseprojectid

    -

    iotda:bundlemessage:save

    保存插件消息

    write

    -

    g:enterpriseprojectid

    -

    iotda:devicedebugmessage:send

    发送设备调试消息

    write

    -

    g:enterpriseprojectid

    iotda:bundlemessage:send

    iotda:devicedebugmessage:querylist

    查询设备调试消息列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:bridge:querylist

    查询网桥列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:bridge:create

    创建网桥

    write

    -

    g:enterpriseprojectid

    -

    iotda:bridge:delete

    删除网桥

    write

    -

    g:enterpriseprojectid

    -

    iotda:bridge:reset

    重置网桥密钥

    write

    -

    g:enterpriseprojectid

    -

    iotda:exporttasks:querylist

    查询导出任务列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:exporttasks:create

    创建导出任务

    write

    -

    g:enterpriseprojectid

    -

    iotda:exporttasks:query

    下载导出结果文件

    read

    -

    g:enterpriseprojectid

    -

    iotda:harmonysoftbus:querylist

    查询鸿蒙软总线列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:harmonysoftbus:create

    创建鸿蒙软总线

    write

    -

    g:enterpriseprojectid

    -

    iotda:harmonysoftbus:delete

    删除鸿蒙软总线

    write

    -

    g:enterpriseprojectid

    -

    iotda:harmonysoftbus:reset

    重置鸿蒙软总线key

    write

    -

    g:enterpriseprojectid

    -

    iotda:harmonysoftbus:sync

    同步鸿蒙软总线

    write

    -

    g:enterpriseprojectid

    -

    iotda:instance:querylist

    查询实例列表

    list

    instance

    g:enterpriseprojectid

    g:tagkeys

    g:requesttag/

    -

    iotda:instance:update

    更新实例

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    iotda:allowpublicaccess

    iotda:allowpublicforwarding

    iotda:domainconfiguration

    -

    iotda:instance:delete

    删除实例

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:query

    查询实例详情

    read

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:restart

    重启实例创建

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:querytasklist

    查询实例任务列表

    list

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:querytask

    查询实例任务详情

    read

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:operatetag

    操作实例标签

    tagging

    instance

    g:enterpriseprojectid

    g:tagkeys

    g:requesttag/

    -

    iotda:instance:listtags

    查询实例标签列表

    list

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:queryoutboundchannellist

    查询外出对接通道列表

    list

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:createoutboundchannel

    创建外出对接通道

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:queryprotocoladaptorlist

    查询协议层插件适配器列表

    list

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:createprotocoladaptor

    创建协议层插件适配器

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:updateprotocoladaptor

    更新协议层插件适配

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:queryprotocoladaptor

    查询协议层插件适配器详情

    read

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:deleteprotocoladaptor

    删除协议层插件适配器

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:instance:queryprotocoladaptorlog

    查询泛协议适配器运行日志

    read

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:protocoladaptorimage:querylist

    查询泛协议镜像列表

    list

    -

    -

    -

    iotda:protocoladaptorimage:create

    创建泛协议镜像

    write

    -

    -

    -

    iotda:protocoladaptorimage:update

    更新泛协议镜像

    write

    -

    -

    -

    iotda:protocoladaptorimage:delete

    删除泛协议镜像

    write

    -

    -

    -

    iotda:dbtable:query

    查询数据库表结构

    read

    -

    g:enterpriseprojectid

    -

    iotda:dbtable:querylist

    查询数据库表

    list

    -

    g:enterpriseprojectid

    -

    iotda:messagetrace:querylist

    查询消息跟踪配置列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:messagetrace:update

    修改消息跟踪配置

    write

    -

    g:enterpriseprojectid

    -

    iotda:messagetracedata:delete

    删除消息跟踪数据

    write

    -

    g:enterpriseprojectid

    -

    iotda:messagetracedata:querylist

    查询消息跟踪数据列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:productconfig:querylist

    查询产品配置列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:productconfig:create

    创建产品配置

    write

    -

    g:enterpriseprojectid

    -

    iotda:productconfig:query

    查询产品配置

    read

    -

    g:enterpriseprojectid

    -

    iotda:productfunctions:querylist

    查询产品函数列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:productfunctions:create

    创建产品函数

    write

    app

    g:enterpriseprojectid

    -

    iotda:productfunctions:delete

    删除产品函数

    write

    app

    g:enterpriseprojectid

    -

    iotda:topics:querylist

    查询自定义topic列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:topics:create

    创建自定义topic

    write

    app

    g:enterpriseprojectid

    -

    iotda:topics:delete

    删除自定义topic

    write

    app

    g:enterpriseprojectid

    -

    iotda:topics:modify

    修改自定义topic

    write

    app

    g:enterpriseprojectid

    -

    iotda:tunnel:querylist

    查询隧道列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:tunnel:create

    创建设备隧道

    write

    -

    g:enterpriseprojectid

    -

    iotda:tunnel:delete

    删除设备隧道

    write

    -

    g:enterpriseprojectid

    -

    iotda:tunnel:query

    查询隧道详情

    read

    -

    g:enterpriseprojectid

    -

    iotda:tunnel:close

    关闭设备隧道

    write

    -

    g:enterpriseprojectid

    iotda:tunnel:update

    iotda:scripts:delete

    卸载javascript插件脚本

    write

    app

    g:enterpriseprojectid

    -

    iotda:scripts:create

    上传javascript插件脚本

    write

    app

    g:enterpriseprojectid

    -

    iotda:scripts:run

    运行javascript插件脚本

    write

    app

    g:enterpriseprojectid

    -

    iotda:scripts:query

    查询javascript插件脚本

    read

    app

    g:enterpriseprojectid

    -

    iotda:device-proxies:create

    创建设备代理

    write

    app

    g:enterpriseprojectid

    -

    iotda:device-proxies:querylist

    查询设备代理列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:device-proxies:query

    查询设备代理

    read

    app

    g:enterpriseprojectid

    -

    iotda:device-proxies:modify

    修改设备代理

    write

    app

    g:enterpriseprojectid

    -

    iotda:device-proxies:delete

    删除设备代理

    write

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:create

    创建设备策略

    write

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:delete

    删除设备策略

    write

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:update

    修改设备策略

    write

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:query

    查询设备策略

    read

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:querylist

    查询设备策略列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:bind

    绑定设备策略

    permission_management

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:unbind

    解除绑定设备策略

    permission_management

    app

    g:enterpriseprojectid

    -

    iotda:devicepolicy:querytargets

    查询绑定策略的设备列表

    list

    app

    g:enterpriseprojectid

    -

    iotda:routingprivatelink:create

    创建流转规则私有连接

    write

    -

    g:enterpriseprojectid

    -

    iotda:routingprivatelink:querylist

    查询流转规则私有连接列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:routingprivatelink:query

    查询流转规则私有连接

    read

    -

    g:enterpriseprojectid

    -

    iotda:routingprivatelink:delete

    删除流转规则私有连接

    write

    -

    g:enterpriseprojectid

    -

    iotda:provisioningtemplate:create

    创建自注册模板

    write

    -

    g:enterpriseprojectid

    -

    iotda:provisioningtemplate:querylist

    查询自注册模板列表

    list

    -

    g:enterpriseprojectid

    -

    iotda:provisioningtemplate:delete

    删除自注册模板

    write

    -

    g:enterpriseprojectid

    -

    iotda:provisioningtemplate:query

    查询自注册模板

    read

    -

    g:enterpriseprojectid

    -

    iotda:provisioningtemplate:update

    更新自注册模板

    write

    -

    g:enterpriseprojectid

    -

    iotda:deviceauthorizers:create

    创建自定义鉴权

    write

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthorizers:query

    查询自定义鉴权详情

    read

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthorizers:querylist

    查询自定义鉴权列表

    list

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthorizers:delete

    删除自定义鉴权

    write

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthorizers:update

    更新自定义鉴权

    write

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthenticationtemplate:create

    创建设备鉴权模板

    write

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthenticationtemplate:querylist

    查询设备鉴权模板列表

    list

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthenticationtemplate:delete

    删除设备鉴权模板

    write

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthenticationtemplate:update

    更新设备鉴权模板

    write

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthenticationtemplate:query

    查询设备鉴权模板

    read

    instance

    g:enterpriseprojectid

    -

    iotda:deviceauthenticationtemplate:debug

    调试设备鉴权模板

    write

    instance

    g:enterpriseprojectid

    -

    iotda:devicecertificates:querylist

    查询设备证书列表

    list

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:devicecertificates:delete

    删除设备证书

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:devicecertificates:update

    更新设证书

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:devicecertificates:query

    查询设备证书

    read

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:devicecertificates:querydevicelist

    查询设备列表

    read

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:securityprofile:create

    创建安全态势感知配置

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:securityprofile:querylist

    查询安全态势感知配置列表

    list

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:securityprofile:delete

    删除安全态势感知配置

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:securityprofile:update

    更新安全态势感知配置

    write

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda:securityprofile:query

    查询安全态势感知配置

    read

    instance

    g:enterpriseprojectid

    g:resourcetag/

    -

    iotda的api通常对应着一个或多个授权项。表2 api与授权项的关系展示了api与授权项的关系,以及该api需要依赖的授权项。

    表2 api与授权项的关系

    api

    对应的授权项

    依赖的授权项

    post /v5/iot/{project_id}/products

    iotda:products:create

    -

    get /v5/iot/{project_id}/products

    iotda:products:querylist

    -

    get /v5/iot/{project_id}/products/{product_id}

    iotda:products:query

    -

    put /v5/iot/{project_id}/products/{product_id}

    iotda:products:modify

    -

    delete /v5/iot/{project_id}/products/{product_id}

    iotda:products:delete

    -

    post /v5/iot/{project_id}/devices

    iotda:devices:register

    -

    get /v5/iot/{project_id}/devices

    iotda:devices:querylist

    -

    get /v5/iot/{project_id}/devices/{device_id}

    iotda:devices:query

    -

    post /v5/iot/{project_id}/devices/{device_id}/list-device-group

    iotda:devices:querygrouplist

    		   

    put /v5/iot/{project_id}/devices/{device_id}

    iotda:devices:modify

    -

    delete /v5/iot/{project_id}/devices/{device_id}

    iotda:devices:delete

    -

    post /v5/iot/{project_id}/devices/{device_id}/action

    iotda:devices:resetsecret

    -

    post /v5/iot/{project_id}/devices/{device_id}/freeze

    iotda:devices:freeze

    -

    post /v5/iot/{project_id}/devices/{device_id}/unfreeze

    iotda:devices:unfreeze

    -

    post /v5/iot/{project_id}/devices/{device_id}/reset-fingerprint

    iotda:devices:resetfingerprint

    -

    post /v5/iot/{project_id}/search/query-devices

    iotda:devices:querylist

    -

    post /v5/iot/{project_id}/devices/{device_id}/messages

    iotda:messages:send

    -

    get /v5/iot/{project_id}/devices/{device_id}/messages

    iotda:messages:querylist

    -

    get /v5/iot/{project_id}/devices/{device_id}/messages/{message_id}

    iotda:messages:query

    -

    post /v5/iot/{project_id}/broadcast-messages

    iotda:message:broadcast

    -

    post /v5/iot/{project_id}/devices/{device_id}/commands

    iotda:commands:send

    -

    post /v5/iot/{project_id}/devices/{device_id}/async-commands

    iotda:asynccommands:send

    -

    get /v5/iot/{project_id}/devices/{device_id}/async-commands/{command_id}

    iotda:asynccommands:query

    -

    put /v5/iot/{project_id}/devices/{device_id}/properties

    iotda:properties:modify

    -

    get /v5/iot/{project_id}/devices/{device_id}/properties

    iotda:properties:query

    -

    get /v5/iot/{project_id}/devices/{device_id}/shadow

    iotda:shadow:query

    -

    put /v5/iot/{project_id}/devices/{device_id}/shadow

    iotda:shadow:config

    -

    post /v5/iot/{project_id}/amqp-queues

    iotda:amqpqueue:create

    -

    get /v5/iot/{project_id}/amqp-queues

    iotda:amqpqueue:querylist

    -

    get /v5/iot/{project_id}/amqp-queues/{queue_id}

    iotda:amqpqueue:query

    -

    delete /v5/iot/{project_id}/amqp-queues/{queue_id}

    iotda:amqpqueue:delete

    -

    post /v5/iot/{project_id}/auth/accesscode

    iotda:accesscode:create

    -

    post /v5/iot/{project_id}/routing-rule/rules

    iotda:routingrules:create

    -

    get /v5/iot/{project_id}/routing-rule/rules

    iotda:routingrules:querylist

    -

    get /v5/iot/{project_id}/routing-rule/rules/{rule_id}

    iotda:routingrules:query

    -

    put /v5/iot/{project_id}/routing-rule/rules/{rule_id}

    iotda:routingrules:modify

    -

    delete /v5/iot/{project_id}/routing-rule/rules/{rule_id}

    iotda:routingrules:delete

    -

    post /v5/iot/{project_id}/routing-rule/backlog-policy

    iotda:routingbacklogpolicy:create

    -

    get /v5/iot/{project_id}/routing-rule/backlog-policy

    iotda:routingbacklogpolicy:querylist

    -

    delete /v5/iot/{project_id}/routing-rule/backlog-policy/{policy_id}

    iotda:routingbacklogpolicy:delete

    -

    get /v5/iot/{project_id}/routing-rule/backlog-policy/{policy_id}

    iotda:routingbacklogpolicy:query

    -

    put /v5/iot/{project_id}/routing-rule/backlog-policy/{policy_id}

    iotda:routingbacklogpolicy:update

    -

    post /v5/iot/{project_id}/routing-rule/flowcontrol-policy

    iotda:routingflowcontrolpolicy:create

    -

    put /v5/iot/{project_id}/routing-rule/flowcontrol-policy/{policy_id}

    iotda:routingflowcontrolpolicy:update

    -

    get /v5/iot/{project_id}/routing-rule/flowcontrol-policy

    iotda:routingflowcontrolpolicy:querylist

    -

    get /v5/iot/{project_id}/routing-rule/flowcontrol-policy/{policy_id}

    iotda:routingflowcontrolpolicy:query

    -

    delete /v5/iot/{project_id}/routing-rule/flowcontrol-policy/{policy_id}

    iotda:routingflowcontrolpolicy:delete

    -

    post /v5/iot/{project_id}/routing-rule/private-links

    iotda:routingprivatelink:create

    -

    get /v5/iot/{project_id}/routing-rule/private-links

    iotda:routingprivatelink:querylist

    -

    get /v5/iot/{project_id}/routing-rule/private-links/{link_id}

    iotda:routingprivatelink:query

    -

    delete /v5/iot/{project_id}/routing-rule/private-links/{link_id}

    iotda:routingprivatelink:delete

    -

    post /v5/iot/{project_id}/routing-rule/actions

    iotda:routingactions:create

    -

    get /v5/iot/{project_id}/routing-rule/actions

    iotda:routingactions:querylist

    -

    get /v5/iot/{project_id}/routing-rule/actions/{action_id}

    iotda:routingactions:query

    -

    put /v5/iot/{project_id}/routing-rule/actions/{action_id}

    iotda:routingactions:modify

    -

    delete /v5/iot/{project_id}/routing-rule/actions/{action_id}

    iotda:routingactions:delete

    -

    post /v5/iot/{project_id}/rules

    iotda:rules:create

    -

    get /v5/iot/{project_id}/rules

    iotda:rules:querylist

    -

    put /v5/iot/{project_id}/rules/{rule_id}

    iotda:rules:modify

    -

    get /v5/iot/{project_id}/rules/{rule_id}

    iotda:rules:query

    -

    delete /v5/iot/{project_id}/rules/{rule_id}

    iotda:rules:delete

    -

    put /v5/iot/{project_id}/rules/{rule_id}/status

    iotda:rules:modifystatus

    -

    post /v5/iot/{project_id}/device-group

    iotda:group:create

    -

    get /v5/iot/{project_id}/device-group

    iotda:group:querylist

    -

    get /v5/iot/{project_id}/device-group/{group_id}

    iotda:group:query

    -

    put /v5/iot/{project_id}/device-group/{group_id}

    iotda:group:modify

    -

    delete /v5/iot/{project_id}/device-group/{group_id}

    iotda:group:delete

    -

    post /v5/iot/{project_id}/device-group/{group_id}/action

    iotda:group:adddevice

    -

    get /v5/iot/{project_id}/device-group/{group_id}/devices

    iotda:group:querydevicelist

    -

    post /v5/iot/{project_id}/tags/bind-resource

    iotda:tags:bind

    -

    post /v5/iot/{project_id}/tags/unbind-resource

    iotda:tags:unbind

    -

    post /v5/iot/{project_id}/tags/query-resources

    iotda:tags:queryresourcelist

    -

    get /v5/iot/{project_id}/apps

    iotda:apps:querylist

    -

    post /v5/iot/{project_id}/apps

    iotda:app:create

    -

    get /v5/iot/{project_id}/apps/{app_id}

    iotda:apps:query

    -

    delete /v5/iot/{project_id}/apps/{app_id}

    iotda:apps:delete

    -

    put /v5/iot/{project_id}/apps/{app_id}

    iotda:apps:update

    		   

    post /v5/iot/{project_id}/batchtasks

    iotda:batchtasks:create

    -

    get /v5/iot/{project_id}/batchtasks

    iotda:batchtasks:querylist

    -

    get /v5/iot/{project_id}/batchtasks/{task_id}

    iotda:batchtasks:query

    -

    post /v5/iot/{project_id}/batchtasks/{task_id}/retry

    iotda:batchtasks:retry

    -

    post /v5/iot/{project_id}/batchtasks/{task_id}/stop

    iotda:batchtasks:stop

    -

    delete /v5/iot/{project_id}/batchtasks/{task_id}

    iotda:batchtasks:delete

    -

    post /v5/iot/{project_id}/batchtask-files

    iotda:batchtaskfiles:create

    -

    get /v5/iot/{project_id}/batchtask-files

    iotda:batchtaskfiles:querylist

    -

    delete /v5/iot/{project_id}/batchtask-files/{file_id}

    iotda:batchtaskfiles:delete

    -

    post /v5/iot/{project_id}/certificates

    iotda:certificates:upload

    -

    get /v5/iot/{project_id}/certificates

    iotda:certificates:querylist

    -

    delete /v5/iot/{project_id}/certificates/{certificate_id}

    iotda:certificates:delete

    -

    post /v5/iot/{project_id}/certificates/{certificate_id}/action

    iotda:certificates:check

    -

    get /v5/iot/{project_id}/certificates/{certificate_id}

    iotda:certificate:query

    -

    put /v5/iot/{project_id}/certificates/{certificate_id}

    iotda:certificates:update

    -

    post /v5/iot/{project_id}/certificates/{certificate_id}/debug

    iotda:certificates:debug

    -

    get /v5/iot/{project_id}/certificates/app-cert

    iotda:appcacertificate:querylist

    -

    post /v5/iot/{project_id}/certificates/app-cert

    iotda:appcacertificate:create

    -

    delete /v5/iot/{project_id}/certificates/app-cert/{certificate_id}

    iotda:appcacertificate:delete

    -

    put

    /v5/iot/{project_id}/certificates/app-cert/{certificate_id}

    iotda:appcacertificate:update

    -

    get /v1/iot/secretmgmt/certificates/servercert

    iotda:servercertificate:query

    -

    put /v1/iot/secretmgmt/certificates/servercert

    iotda:servercertificate:update

    -

    post /v1/iot/secretmgmt/certificates/servercert

    iotda:servercertificate:create

    -

    delete /v1/iot/secretmgmt/certificates/servercert

    iotda:servercertificate:delete

    -

    get /v1/iot/secretmgmt/certificates/servercert/list

    iotda:servercertificate:querylist

    -

    get /v5/iot/{project_id}/file-storage/device

    iotda:obsbucket:query

    -

    post /v5/iot/{project_id}/file-storage/device

    iotda:obsbucket:create

    -

    put /iodev/portal/authorized/v1.5.0/apps/{appid}/nbdevices

    iotda:simulator:register

    -

    get /iodev/portal/authorized/v1.5.0/apps/{appid}/simulator/devices/{deviceid}/historydata

    iotda:simulator:queryhistorydata

    -

    delete /iodev/portal/authorized/v1.5.0/apps/{appid}/simulator/devices/{deviceid}

    iotda:simulator:delete

    -

    get /sps/portal/bundle/v2.0.0/apps/{appid}/querytaskidbyproductid

    iotda:bundle:query

    -

    post /sps/portal/cigcodec/device

    iotda:bundle:create

    -

    put /sps/portal/cigcodec/device

    iotda:bundle:update

    -

    get /sps/portal/cigcodec/device/{id}/downloadsignbundle2

    iotda:bundle:query

    -

    post /sps/portal/bundle/v2.0.0/apps/{id}/defaultcigappid/bundlepackages/newsign

    iotda:offlinebundle:deploy

    -

    post /sps/portal/cigcodec/device/deploy2

    iotda:onlinebundle:deploy

    -

    get /sps/portal/cigcodec/historydevices

    iotda:bundle:querylist

    -

    get /sps/portal/cigcodec/device/{id}/mapping

    iotda:bundlemapping:query

    -

    put /sps/portal/cigcodec/device/{id}/mapping

    iotda:bundlemapping:save

    -

    get /sps/portal/cigcodec/device/{id}/message

    iotda:bundlemessage:query

    -

    put /sps/portal/cigcodec/device/{id}/message

    iotda:bundlemessage:save

    -

    post /iodev/portal/authorized/v1.5.0/apps/{appid}/nbdevicedata

    iotda:devicedebugmessage:send

    -

    get /iodev/portal/authorized/v1.5.0/apps/{appid}/nbdevice/hexlogs/{id}

    iotda:devicedebugmessage:querylist

    -

    post /v5/iot/{project_id}/ota-upgrades/packages

    iotda:otapackages:create

    -

    get /v5/iot/{project_id}/ota-upgrades/packages

    iotda:otapackages:querylist

    -

    get /v5/iot/{project_id}/ota-upgrades/packages/{package_id}

    iotda:otapackages:query

    -

    delete /v5/iot/{project_id}/ota-upgrades/packages/{package_id}

    iotda:otapackages:delete

    -

    get /v5/iot/{project_id}/tunnels

    iotda:tunnel:querylist

    -

    post /v5/iot/{project_id}/tunnels

    iotda:tunnel:create

    -

    delete /v5/iot/{project_id}/tunnels/{id}

    iotda:tunnel:delete

    -

    get /v5/iot/{project_id}/tunnels/{id}

    iotda:tunnel:query

    -

    put /v5/iot/{project_id}/tunnels/{id}

    iotda:tunnel:close

    -

    get /v5/iot/{project_id}/bridges

    iotda:bridge:querylist

    -

    post /v5/iot/{project_id}/bridges

    iotda:bridge:create

    -

    delete /v5/iot/{project_id}/bridges/{bridge_id}

    iotda:bridge:delete

    -

    post /v5/iot/{project_id}/bridges/{bridge_id}/reset-secret

    iotda:bridge:reset

    -

    get /v5/iot/{project_id}/export-tasks

    iotda:exporttasks:querylist

    -

    post /v5/iot/{project_id}/export-tasks

    iotda:exporttasks:create

    -

    get /v5/iot/{project_id}/export-tasks/{id}/file

    iotda:exporttasks:query

    -

    get /v5/iot/{project_id}/harmony-soft-bus

    iotda:harmonysoftbus:querylist

    -

    post /v5/iot/{project_id}/harmony-soft-bus

    iotda:harmonysoftbus:create

    -

    delete /v5/iot/{project_id}/harmony-soft-bus/{id}

    iotda:harmonysoftbus:delete

    -

    post /v5/iot/{project_id}/harmony-soft-bus/{id}/reset-bus-key

    iotda:harmonysoftbus:reset

    -

    post /v5/iot/{project_id}/harmony-soft-bus/{id}/sync

    iotda:harmonysoftbus:sync

    -

    get /v5/iot/{project_id}/iotda-instances/{instance_id}

    iotda:instance:query

    -

    get /v5/iot/{project_id}/iotda-instances

    iotda:instance:querylist

    -

    post /v5/iot/{project_id}/iotda-instances

    iotda:instance:create

    -

    put /v5/iot/{project_id}/instances/{instance_id}

    iotda:instance:update

    -

    /v5/iot/{project_id}/instances/{instance_id}/restart

    iotda:instance:restart

    -

    get /v5/iot/{project_id}/iotda-instances/{instance_id}/tasks

    iotda:instance:querytasklist

    -

    get /v5/iot/{project_id}/iotda-instances/{instance_id}/tasks/{task_id}

    iotda:instance:querytask

    -

    get /v5/iot/{project_id}/iotda-instances/tags

    iotda:instance:listtags

    -

    post /v5/iot/{project_id}/iotda-instances/{instance_id}/bind-tags

    iotda:instance:operatetag

    -

    post /v5/iot/{project_id}/iotda-instances/{instance_id}/unbind-tags

    iotda:instance:operatetag

    -

    get /v5/iot/{project_id}/instances/{instance_id}/outbound-channel

    iotda:instance:queryoutboundchannellist

    -

    post /v5/iot/{project_id}/instances/{instance_id}/outbound-channel

    iotda:instance:createoutboundchannel

    -

    get /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors

    iotda:instance:queryprotocoladaptorlist

    -

    post /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors

    iotda:instance:createprotocoladaptor

    -

    get /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}

    iotda:instance:queryprotocoladaptor

    -

    put /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}

    iotda:instance:updateprotocoladaptor

    -

    delete /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}

    iotda:instance:deleteprotocoladaptor

    -

    post /v5/iot/{project_id}/instances/{instance_id}/protocol-adaptors/{id}/query-logs

    iotda:instance:queryprotocoladaptorlog

    -

    get /v5/iot/{project_id}/protocol-adaptors/images

    iotda:protocoladaptorimage:querylist

    -

    post /v5/iot/{project_id}/protocol-adaptors/images

    iotda:protocoladaptorimage:create

    -

    put /v5/iot/{project_id}/protocol-adaptors/images/{id}

    iotda:protocoladaptorimage:update

    -

    delete /v5/iot/{project_id}/protocol-adaptors/images/{id}

    iotda:protocoladaptorimage:delete

    -

    post /v5/iot/{project_id}/iodbagent/tables/detail-query

    iotda:dbtable:query

    -

    post /v5/iot/{project_id}/iodbagent/tables/list-query

    iotda:dbtable:querylist

    -

    get /v5/iot/{project_id}/monitor/device-config

    iotda:messagetrace:querylist

    -

    put /v5/iot/{project_id}/monitor/device-config/{device_id}

    iotda:messagetrace:update

    -

    get /v5/iot/{project_id}/monitor/device-config/{device_id}

    iotda:messagetrace:query

    -

    delete /v5/iot/{project_id}/monitor/message-trace-data

    iotda:messagetracedata:delete

    -

    get /v5/iot/{project_id}/monitor/message-trace-data

    iotda:messagetracedata:querylist

    -

    get /v5/iot/{project_id}/product-config

    iotda:productconfig:querylist

    -

    post /v5/iot/{project_id}/product-config

    iotda:productconfig:create

    -

    get /v5/iot/{project_id}/product-config/{id}

    iotda:productconfig:query

    -

    get /v5/iot/{project_id}/product-functions

    iotda:productfunctions:querylist

    -

    post /v5/iot/{project_id}/product-functions

    iotda:productfunctions:create

    -

    delete /v5/iot/{project_id}/product-functions/{function_id}

    iotda:productfunctions:delete

    -

    get /v5/iot/{project_id}/topics

    iotda:topics:querylist

    -

    post /v5/iot/{project_id}/topics

    iotda:topics:create

    -

    delete /v5/iot/{project_id}/topics/{topic_id}

    iotda:topics:delete

    -

    put /v5/iot/{project_id}/topics/{topic_id}

    iotda:topics:modify

    -

    delete /v5/iot/{project_id}/products/{product_id}/scripts

    iotda:scripts:delete

    -

    post /v5/iot/{project_id}/products/{product_id}/scripts

    iotda:scripts:create

    -

    post /v5/iot/{project_id}/products/{product_id}/scripts/action

    iotda:scripts:run

    -

    get /v5/iot/{project_id}/products/{product_id}/scripts

    iotda:scripts:query

    -

    post /v5/iot/{project_id}/device-proxies

    iotda:device-proxies:create

    -

    get /v5/iot/{project_id}/device-proxies

    iotda:device-proxies:querylist

    -

    get /v5/iot/{project_id}/device-proxies/{proxy_id}

    iotda:device-proxies:query

    -

    put /v5/iot/{project_id}/device-proxies/{proxy_id}

    iotda:device-proxies:modify

    -

    delete /v5/iot/{project_id}/device-proxies/{proxy_id}

    iotda:device-proxies:delete

    -

    post /v5/iot/{project_id}/device-policies

    iotda:devicepolicy:create

    -

    get /v5/iot/{project_id}/device-policies

    iotda:devicepolicy:querylist

    -

    delete /v5/iot/{project_id}/device-policies/{policy_id}

    iotda:devicepolicy:delete

    -

    get /v5/iot/{project_id}/device-policies/{policy_id}

    iotda:devicepolicy:query

    -

    put /v5/iot/{project_id}/device-policies/{policy_id}

    iotda:devicepolicy:update

    -

    post /v5/iot/{project_id}/device-policies/{policy_id}/bind

    iotda:devicepolicy:bind

    -

    post /v5/iot/{project_id}/device-policies/{policy_id}/unbind

    iotda:devicepolicy:unbind

    -

    get /v5/iot/{project_id}/device-policies/{policy_id}/targets

    iotda:devicepolicy:querytargets

    -

    post /v5/iot/{project_id}/provisioning-templates

    iotda:provisioningtemplate:create

    -

    get /v5/iot/{project_id}/provisioning-templates

    iotda:provisioningtemplate:querylist

    -

    delete /v5/iot/{project_id}/provisioning-templates/{template_id}

    iotda:provisioningtemplate:delete

    -

    put /v5/iot/{project_id}/provisioning-templates/{template_id}

    iotda:provisioningtemplate:update

    -

    get /v5/iot/{project_id}/provisioning-templates/{template_id}

    iotda:provisioningtemplate:query

    -

    post /v5/iot/{project_id}/device-authentication-templates

    iotda:deviceauthenticationtemplate:create

    -

    get /v5/iot/{project_id}/device-authentication-templates

    iotda:deviceauthenticationtemplate:querylist

    -

    delete /v5/iot/{project_id}/device-authentication-templates/{template_id}

    iotda:deviceauthenticationtemplate:delete

    -

    put /v5/iot/{project_id}/device-authentication-templates/{template_id}

    iotda:deviceauthenticationtemplate:update

    -

    get /v5/iot/{project_id}/device-authentication-templates/{template_id}

    iotda:deviceauthenticationtemplate:query

    -

    post /v5/iot/{project_id}/device-authentication-templates/{template_id}/debug

    iotda:deviceauthenticationtemplate:debug

    -

    get /v5/iot/{project_id}/device-certificates

    iotda:devicecertificates:querylist

    -

    get /v5/iot/{project_id}/device-certificates/{certificate_id}

    iotda:devicecertificates:query

    -

    put /v5/iot/{project_id}/device-certificates/{certificate_id}

    iotda:devicecertificates:update

    -

    delete /v5/iot/{project_id}/device-certificates/{certificate_id}

    iotda:devicecertificates:delete

    -

    post /v5/iot/{project_id}/device-certificates/{certificate_id}/list-device

    iotda:devicecertificates:querydevicelist

    -

    post /v5/iot/{project_id}/security-profiles

    iotda:securityprofile:create

    -

    get /v5/iot/{project_id}/security-profiles

    iotda:securityprofile:querylist

    -

    delete /v5/iot/{project_id}/security-profiles/{profile_id}

    iotda:securityprofile:delete

    -

    put /v5/iot/{project_id}/security-profiles/{profile_id}

    iotda:securityprofile:update

    -

    get /v5/iot/{project_id}/security-profiles/{profile_id}

    iotda:securityprofile:query

    -

    post /v5/iot/{project_id}/device-authorizers

    iotda:deviceauthorizers:create

    -

    get /v5/iot/{project_id}/device-authorizers/{authorizer_id}

    iotda:deviceauthorizers:query

    -

    get /v5/iot/{project_id}/device-authorizers

    iotda:deviceauthorizers:querylist

    -

    delete /v5/iot/{project_id}/device-authorizers/{authorizer_id}

    iotda:deviceauthorizers:delete

    -

    put /v5/iot/{project_id}/device-authorizers/{authorizer_id}

    iotda:deviceauthorizers:update

    -

资源类型(resource)

资源类型(resource)表示身份策略所作用的资源。表3 iotda支持的资源类型中的某些操作指定了可以在该操作指定的资源类型,则必须在具有该操作的身份策略语句中指定该资源的urn,身份策略仅作用于此资源;如未指定,resource默认为“*”,则身份策略将应用到所有资源。您也可以在身份策略中设置条件,从而指定资源类型。

iotda定义了以下可以在身份策略的resource元素中使用的资源类型。

表3 iotda支持的资源类型

资源类型

urn

app

iotda:::app:

instance

iotda:::instance:

条件(condition)

条件(condition)是身份策略生效的特定条件,包括条件键运算符

  • 条件键表示身份策略语句的condition元素中的键值。根据适用范围,分为全局级条件键和服务级条件键。
    • 全局级条件键(前缀为g:)适用于所有操作,在鉴权过程中,云服务不需要提供用户身份信息,系统将自动获取并鉴权。详情请参见:全局条件键
    • 服务级条件键(前缀通常为服务缩写,如iotda:)仅适用于对应服务的操作,详情请参见表4
    • 单值/多值表示api调用时请求中与条件关联的值数。单值条件键在api调用时的请求中最多包含一个值,多值条件键在api调用时请求可以包含多个值。例如:g:sourcevpce是单值条件键,表示仅允许通过某个vpc终端节点发起请求访问某资源,一个请求最多包含一个vpc终端节点id值。g:tagkeys是多值条件键,表示请求中携带的所有标签的key组成的列表,当用户在调用api请求时传入标签可以传入多个值。
  • 运算符与条件键、条件值一起构成完整的条件判断语句,当请求信息满足该条件时,身份策略才能生效。支持的运算符请参见:运算符

iotda定义了以下可以在身份策略的condition元素中使用的条件键,您可以使用这些条件键进一步细化身份策略语句应表4 iotda支持的服务级条件键

表4 iotda支持的服务级条件键

服务级条件键

类型

单值/多值

说明

iotda:allowpublicaccess

boolean

单值

根据修改实例时设置的允许公网访问的配置过滤请求。

iotda:domainconfiguration

boolean

单值

根据修改实例时是否配置接入域名过滤请求。

iotda:devicegroupid

string

单值

根据创建隧道时设置的设备所属的群组过滤请求。

iotda:httpforwardingenablessl

boolean

单值

根据创建/修改规则动作时设置的http通道开启tls协议的配置过滤请求。

iotda:httpforwardingenableauthentication

boolean

单值

根据创建/修改规则动作时设置的http通道启用token认证的配置过滤请求。

iotda:dmskafkaforwardingenableauthentication

boolean

单值

根据创建/修改规则动作时设置的dmskafka通道启用mechanism为scram-sha-512的配置过滤请求。

iotda:dmskafkaforwardingenablessl

boolean

单值

根据创建/修改规则动作时设置的dmskafka通道开启tls协议的配置过滤请求。

iotda:mysqlforwardingenablessl

boolean

单值

根据创建/修改规则动作时设置的mysql协议通道开启tls协议的配置过滤请求。

iotda:postgresqlforwardingenablessl

boolean

单值

根据创建/修改规则动作时设置的postgresql协议通道开启tls协议的配置过滤请求。

iotda:mrskafkaforwardingenableauthentication

boolean

单值

根据创建/修改规则动作时设置的mrskafka通道启用kerberos认证的配置过滤请求。

iotda:dmsrocketmqforwardingenablessl

boolean

单值

根据创建/修改规则动作时设置的rocketmq通道开启tls协议的配置过滤请求。

iotda:mongodbforwardingenablessl

boolean

单值

根据创建/修改规则动作时设置的mongodb通道开启tls协议的配置过滤请求。
父主题:

相关文档

网站地图