Permission Policy Actions and Resources
Gateway Group
| Action | Resource | API |
|---|---|---|
| gateway:DeleteGatewayGroup | arn:api7:gateway:gatewaygroup/%s | DELETE /api/gateway_groups/:gateway_group_id |
| gateway:GetGatewayGroup | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id |
| gateway:CreateGatewayGroup | arn:api7:gateway:gatewaygroup/* | POST /api/gateway_groups |
| gateway:UpdateGatewayGroup | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id |
| gateway:UpdateGatewayGroup | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id/admin_key |
Gateway Instance
| Action | Resource | API |
|---|---|---|
| gateway:GetGatewayInstance | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/instances |
| gateway:GetGatewayInstanceCore | arn:api7:gateway:gatewaygroup/* | GET /api/instances/cores |
| gateway:CreateGatewayInstance | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/dp_client_certificates |
| gateway:CreateGatewayInstance | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/instance_token |
Consumer
| Action | Resource | API |
|---|---|---|
| gateway:GetConsumer | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/consumers |
| gateway:GetConsumer | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/consumers/:consumer_username |
| gateway:CreateConsumer | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/consumers |
| gateway:UpdateConsumer | arn:api7:gateway:gatewaygroup/%s | PATCH /apisix/admin/consumers/:consumer_username |
| gateway:UpdateConsumer | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/consumers/:consumer_username |
| gateway:DeleteConsumer | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/consumers/:consumer_username |
SSL Certificate
| Action | Resource | API |
|---|---|---|
| gateway:GetSSLCertificate | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/ssls |
| gateway:GetSSLCertificate | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/ssls/:ssl_id |
| gateway:CreateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/ssls |
| gateway:UpdateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/ssls/:ssl_id |
| gateway:DeleteSSLCertificate | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/ssls/:ssl_id |
Global Rule
| Action | Resource | API |
|---|---|---|
| gateway:GetGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/global_rules |
| gateway:GetGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/global_rules/:global_rule_id |
| gateway:CreateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/global_rules |
| gateway:UpdateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/global_rules/:global_rule_id |
| gateway:DeleteGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/global_rules/:global_rule_id |
Plugin Metadata
| Action | Resource | API |
|---|---|---|
| gateway:GetPluginMetadata | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/plugin_metadata |
| gateway:GetPluginMetadata | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/plugin_metadata/:plugin_name |
| gateway:UpdatePluginMetadata | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/plugin_metadata/:plugin_name |
| gateway:DeletePluginMetadata | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/plugin_metadata/:plugin_name |
Secret
| Action | Resource | API |
|---|---|---|
| gateway:GetSecret | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/secrets |
| gateway:GetSecret | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/secrets/:secret_manager/:secret_id |
| gateway:PutSecret | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/secrets/:secret_manager/:secret_id |
| gateway:DeleteSecret | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/secrets/:secret_manager/:secret_id |
Service Registry
Service Template
| Action | Resource | API |
|---|---|---|
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/routes/template/:route_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/routes |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/routes/:route_version_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/stream_routes |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/stream_routes/:stream_route_version_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/services/:service_id/versions/:version |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/services/template/:service_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/stream_routes/template/:stream_route_id |
| gateway:CreateServiceTemplate | arn:api7:gateway:servicetemplate/* | POST /api/import/services/template |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/services/template/:service_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PATCH /api/services/template/:service_id |
| gateway:DeleteServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/services/template/:service_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | POST /api/routes/template |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PATCH /api/routes/template/:route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/routes/template/:route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/routes/template/:route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | POST /api/stream_routes/template |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/stream_routes/template/:stream_route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/stream_routes/template/:stream_route_id |
Published Service
| Action | Resource | API |
|---|---|---|
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_id |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_id/healthcheck |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_id/runtime_configuration |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_id/versions |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/routes/:apisix_route_id |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/services/:apisix_service_id |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/stream_routes/:apisix_stream_route_id |
| gateway:PublishServices | arn:api7:gateway:gatewaygroup/%s/publishedservice/* | POST /api/services/publish |
| gateway:CreatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | POST /apisix/admin/services |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PATCH /apisix/admin/services/:apisix_service_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/services/:apisix_service_id |
| gateway:DeletePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/services/:apisix_service_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/routes/:apisix_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PATCH /apisix/admin/routes/:apisix_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/routes/:apisix_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/stream_routes/:apisix_stream_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/stream_routes/:apisix_stream_route_id |
Deployment Setting
| Action | Resource | API |
|---|---|---|
| gateway:GetDeploymentSetting | arn:api7:gateway:gatewaysetting/* | GET /api/system_settings |
| gateway:UpdateDeploymentSetting | arn:api7:gateway:gatewaysetting/* | PUT /api/system_settings |
Custom Plugin
| Action | Resource | API |
|---|---|---|
| gateway:GetCustomPlugin | arn:api7:gateway:gatewaysetting/* | GET /api/custom_plugins |
| gateway:GetCustomPlugin | arn:api7:gateway:gatewaysetting/* | GET /api/custom_plugins/:custom_plugin_id |
| gateway:CreateCustomPlugin | arn:api7:gateway:gatewaysetting/* | POST /api/custom_plugins |
| gateway:UpdateCustomPlugin | arn:api7:gateway:gatewaysetting/* | PUT /api/custom_plugins/:custom_plugin_id |
| gateway:DeleteCustomPlugin | arn:api7:gateway:gatewaysetting/* | DELETE /api/custom_plugins/:custom_plugin_id |
Alert
| Action | Resource | API |
|---|---|---|
| gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies |
| gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies/:alert_policy_id |
| gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies/histories |
| gateway:CreateAlertPolicy | arn:api7:gateway:alert/* | POST /api/alert/policies |
| gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PUT /api/alert/policies/:alert_policy_id |
| gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PUT /api/alert/policies/:alert_policy_id/triggers |
| gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PATCH /api/alert/policies/:alert_policy_id |
| gateway:DeleteAlertPolicy | arn:api7:gateway:alert/* | DELETE /api/alert/policies/:alert_policy_id |
| gateway:GetWebhookTemplate | arn:api7:gateway:alert/* | GET /api/alert/webhook_templates/:webhook_template_id |
| gateway:GetWebhookTemplate | arn:api7:gateway:alert/* | GET /api/alert/webhook_templates/:webhook_template_id/refer |
| gateway:CreateWebhookTemplate | arn:api7:gateway:alert/* | POST /api/alert/webhook_templates |
| gateway:UpdateWebhookTemplate | arn:api7:gateway:alert/* | PUT /api/alert/webhook_templates/:webhook_template_id |
| gateway:DeleteWebhookTemplate | arn:api7:gateway:alert/* | DELETE /api/alert/webhook_templates/:webhook_template_id |
Permission Policy
| Action | Resource | API |
|---|---|---|
| iam:GetPermissionPolicy | arn:api7:iam:permissionpolicy/%s | GET /api/permission_policies/:permission_policy_id |
| iam:CreatePermissionPolicy | arn:api7:iam:permissionpolicy/* | POST /api/permission_policies |
| iam:UpdatePermissionPolicy | arn:api7:iam:permissionpolicy/%s | PUT /api/permission_policies/:permission_policy_id |
| iam:DeletePermissionPolicy | arn:api7:iam:permissionpolicy/%s | DELETE /api/permission_policies/:permission_policy_id |
Role
| Action | Resource | API |
|---|---|---|
| iam:GetRole | arn:api7:iam:role/%s | GET /api/roles/:role_id |
| iam:GetRole | arn:api7:iam:role/%s | GET /api/roles/:role_id/permission_policies |
| iam:CreateCustomRole | arn:api7:iam:role/* | POST /api/roles |
| iam:UpdateCustomRole | arn:api7:iam:role/%s | POST /api/roles/:role_id/attach_permission_policies |
| iam:UpdateCustomRole | arn:api7:iam:role/%s | POST /api/roles/:role_id/detach_permission_policies |
| iam:UpdateCustomRole | arn:api7:iam:role/%s | PUT /api/roles/:role_id |
| iam:DeleteCustomRole | arn:api7:iam:role/%s | DELETE /api/roles/:role_id |
User
| Action | Resource | API |
|---|---|---|
| iam:GetUser | arn:api7:iam:user/%s | GET /api/users/:user_id |
| iam:InviteUser | arn:api7:iam:user/* | POST /api/invites |
| iam:UpdateUserRole | arn:api7:iam:user/%s | PUT /api/users/:user_id/assigned_roles |
| iam:ResetPassword | arn:api7:iam:user/%s | PUT /api/users/:user_id/password_reset |
| iam:DeleteUser | arn:api7:iam:user/%s | DELETE /api/users/:user_id |
License
| Action | Resource | API |
|---|---|---|
| iam:UpdateLicense | arn:api7:iam:organization/* | PUT /api/license |
Audit
| Action | Resource | API |
|---|---|---|
| iam:GetAudit | arn:api7:iam:organization/* | GET /api/audit_logs |
| iam:ExportAudits | arn:api7:iam:organization/* | GET /api/audit_logs/export |
Settings
| Action | Resource | API |
|---|---|---|
| iam:GetSCIMProvisioning | arn:api7:iam:organization/* | GET /api/system_settings/scim |
| iam:UpdateSCIMProvisioning | arn:api7:iam:organization/* | PUT /api/system_settings/scim |
| iam:UpdateSCIMProvisioning | arn:api7:iam:organization/* | PUT /api/system_settings/scim/token |
| iam:GetLoginOption | arn:api7:iam:organization/* | GET /api/login_options/:login_option_id |
| iam:CreateLoginOption | arn:api7:iam:organization/* | POST /api/login_options |
| iam:UpdateLoginOption | arn:api7:iam:organization/* | PUT /api/login_options/:login_option_id |
| iam:UpdateLoginOption | arn:api7:iam:organization/* | PATCH /api/login_options/:login_option_id |
| iam:DeleteLoginOption | arn:api7:iam:organization/* | DELETE /api/login_options/:login_option_id |