Cloud Enterprise Object Storage REST API

Search (SHIFT+S)




Modified since last release

Simulate Principal Policy

POST SimulatePrincipalPolicy

Simulate a set of IAM policies attached to an IAM entity (user, group, role) with a list of API operations and resources to determine the policies' effective permissions. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to.


Query Parameters

CallerArnThe ARN of the IAM user that you want to specify as the simulated caller of the API operations.
ActionNamesA list of names of API operations to evaluate in the simulation.
PolicyInputListAn optional list of additional policy documents to include in the simulation.
ContextEntriesA list of context keys and corresponding values for the simulation to use.
PolicySourceArnARN of a user, group, or role whose policies you want to include in the simulation.
MarkerMarker is obtained from paginated response from the previous query. Use this only if the response indicates it is truncated.
MaxItemsIndicates the maximum number of elements to be returned in the response.
PermissionsBoundaryPolicyInputListAn optional list of additional PermissionBoundaryPolicy documents to include in the simulation. Only 1 is allowed.

Required Roles

This call has no restrictions.


Request Payload

No Request Payload


Response Body

No Response Body


Examples

Request
NOTE:  Policy must be encoded
https://192.168.0.0::4443/iam?Action=SimulatePrincipalPolicy
&ActionNames.member.1=s3:GetObject
&ResourceArns.member.1="arn:aws:s3:::bucket"
&PolicySourceArn=arn:ecs:iam::ns1:user/testuser
&PolicyInputList.member.1='{
  "Version":"2012-10-17",
  "Statement":{
    "Effect":"Allow",
    "Action":"s3:*",
    "Resource":"*"
  }
}'
Accept: appliction/json
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>
x-emc-namespace: <namespace>
Response
HTTP/1.1 200 OK
Content-Type: application/json

<?xml version="1.0" encoding="UTF-8" standalSimulatePrincipalPolicyone="yes"?>
<SimulatePrincipalPolicyResponse>
    <SimulatePrincipalPolicyResult>
        <IsTruncated>false</IsTruncated>
        <EvaluationResults>
            <member>
                <MatchedStatements>
                    <member>
                        <SourcePolicyId>policy1</SourcePolicyId>
                    </member>
                </MatchedStatements>
                <MissingContextValues/>
                <EvalResourceName>*</EvalResourceName>
                <EvalDecision>allowed</EvalDecision>
                <EvalActionName>s3:GetObject</EvalActionName>
            </member>
        </EvaluationResults>
    </SimulatePrincipalPolicyResult>
    <ResponseMetadata>
        <RequestId>0af9f5b8:17178fe9282:1086d:0</RequestId>
    </ResponseMetadata>
</SimulatePrincipalPolicyResponse>