Alibaba Cloud API Gateway, Руководство пользователя

Страница: 24 / 40

-
-
-
If the
id_token generated by the AS contains the userId of the Consumer, the userId
resolved from the id_token sent by the Consumer is transmitted to the Provider.
The configuration method for custom system parameters is similar to that for
system parameters.
Besides the preceding three aspects, the method for defining other
configurations of the API is the same as that in the preceding sections, which are
not described.
ApiGateway_RAM
The API gateway and Alibaba Cloud Resource Access Management (RAM) are integrated to enable
multiple employees in an enterprise to perform permission-based API management. The API provider
can create sub-accounts for employees and allow different employees to manage different APIs.
By using the RAM, employees can use the sub-accounts to view, create, manage, and delete
API groups, APIs, authorizations, and throttling policies. However, the sub-accounts are not
the owner of resources, whose operation permissions may be revoked by the primary
account at any time.
Before reading this document, make sure that you have carefully read RAM help manual and
API gateway API manual .
Skip this section if you do not have such service scenarios.
You can use the RAM console or API to add operations.
Part 1: Policy management
The authorization policy (Policy) describes authorization content. This content contains several basic
elements, including Effect, Resource, Action, and Condition.
System authorization policy
Two system permissions, AliyunApiGatewayFullAccess, and AliyunApiGatewayReadOnlyAccess, have
been preset at the API gateway. You can see RAM console-policy management to check the
API Gateway User Guide for Providers
23