Creates a rule for a permission group.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateAccessRule

The operation that you want to perform. Set the value to CreateAccessRule.
AccessGroupName String Yes classic-test

The name of the permission group.

SourceCidrIp String No 192.0.2.0/16

The IP address or CIDR block of the authorized object.

You must set this parameter to an IP address or CIDR block.

Note If the permission group resides in the classic network, you must set this parameter to an IP address.
RWAccessType String No RDWR

Grants access permissions on the file system to the authorized object.

Valid values:

  • RDWR (default value): the read and write permissions
  • RDONLY: the read-only permissions
UserAccessType String No no_squash

The access permissions for different types of users in the authorized object.

Valid values:

  • no_squash (default value): grants root users the permissions to access the file system.
  • root_squash: grants root users the least permissions as the nobody user.
  • all_squash: grants all users the least permissions as the nobody user.

The nobody user has the least permissions in Linux and can access only the public content of the file system. This ensures the security of the file system.

Priority Integer No 1

The priority of the rule.

If multiple rules are attached to the authorized object, the rule with the highest priority takes effect.

Valid values: 1 to 100. The value 1 indicates the highest priority.

FileSystemType String No standard

The type of the file system.

Valid values:

  • standard (default value): General-purpose NAS file system
  • extreme: Extreme NAS file system
Ipv6SourceCidrIp String No 2001:250:6000::***

The IPv6 address or CIDR block of the authorized object.

You must set this parameter to an IPv6 address or CIDR block.

Note
  • Only Extreme NAS file systems that reside in the Chinese mainland support IPv6. If you specify this parameter, you must enable IPv6 for the file system.
  • Only permission groups that reside in VPCs support IPv6.
  • You cannot specify an IPv4 address and an IPv6 address at the same time.

Response parameters

Parameter Type Example Description
RequestId String A323836B-5BC6-45A6-8048-60675C23****

The ID of the request.

AccessRuleId String 1

The ID of the rule.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateAccessRule
&AccessGroupName=classic-test
&SourceCidrIp=192.0.2.0/16
&RWAccessType=RDWR
&UserAccessType=no_squash
&Priority=1
&FileSystemType=standard
&Ipv6SourceCidrIp=2001:250:6000::***
&Common request parameters

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateAccessRuleResponse>
    <RequestId>A323836B-5BC6-45A6-8048-60675C23****</RequestId>
    <AccessRuleId>1</AccessRuleId>
</CreateAccessRuleResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "A323836B-5BC6-45A6-8048-60675C23****",
  "AccessRuleId" : "1"
}

Error codes

HTTP status code Error code Error message Description
400 InvalidParam.Ipv6SourceCidrIp IPv6 address verification failed. The error message returned because the specified IPv6 address fails to be verified.
400 InvalidParam.SourceCidrIp IPv4 address verification failed. The error message returned because the specified IPv4 address fails to be verified.
400 InvalidParam.IPv4AndIPv6MutuallyExclusive You cannot configure IPv4 and IPv6 at the same time. The error message returned because you cannot specify an IPv4 address and an IPv6 address at the same time.
400 InvalidAccessGroup.NotsupportedIPv6 The access group does not support IPv6. The error message returned because the permission group does not support IPv6.

For a list of error codes, visit the API Error Center.