As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.

# Directory Service Permissões de API: referência de ações, recursos e condições
<a name="UsingWithDS_IAM_ResourcePermissions"></a>

Ao configurar o [Controle de acesso](iam_auth_access.md#access_control) e escrever políticas de permissões que podem ser anexadas a uma identidade do IAM (políticas baseadas em identidade), você pode usar a tabela [Directory Service Permissões de API: referência de ações, recursos e condições](#UsingWithDS_IAM_ResourcePermissions) como referência. Cada entrada de API na tabela inclui o seguinte:
+ O nome de cada operação da API
+ A ação ou ações correspondentes de cada operação da API nas quais você pode conceder permissões para executar a ação
+ O AWS recurso no qual você pode conceder as permissões

 Especifique as ações no campo `Action` da política e o valor do recurso no campo `Resource` da política. Para especificar uma ação, use o prefixo `ds:` seguido do nome da operação da API (por exemplo, `ds:CreateDirectory`). Alguns AWS aplicativos podem exigir o uso de operações de Directory Service API não públicas`ds:AuthorizeApplication`, como`ds:CheckAlias`,`ds:CreateIdentityPoolDirectory`,`ds:GetAuthorizedApplicationDetails`,`ds:UpdateAuthorizedApplication`, e `ds:UnauthorizeApplication` em suas políticas. 

Alguns só Directory Service APIs podem ser chamados por meio do Console de gerenciamento da AWS. Eles não são públicos APIs, no sentido de que não podem ser chamados programaticamente e não são fornecidos por nenhum SDK. Eles aceitam credenciais de usuário. Essas operações de API incluem `ds:DisableRoleAccess`, `ds:EnableRoleAccess` e `ds:UpdateDirectory`.

 Você pode usar chaves de condição AWS globais em suas políticas Directory Service e nas políticas do Directory Service Data para expressar condições. Para obter uma lista completa das AWS chaves, consulte [Chaves de condição globais disponíveis](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#AvailableKeys) no *Guia do usuário do IAM*. 

## Directory Service API e permissões necessárias para ações
<a name="actions-related-to-objects-table"></a>


| Directory Service Operações de API | Permissões obrigatórias (ações de API) | Recursos | 
| --- | --- | --- | 
| [AcceptSharedDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_AcceptSharedDirectory.html)  | ds:AcceptSharedDirectory | \$1 | 
| [AddIpRoutes](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_AddIpRoutes.html)  |  `ds:AddIpRoutes` `ec2:DescribeSecurityGroup` `ec2:AuthorizeSecurityGroupIngress` `ec2:AuthorizeSecurityGroupEgress`  | \$1 | 
| [AddTagsToResource](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_AddTagsToResource.html)  | ds:AddTagsToResource`ec2:CreateTags` | \$1 | 
| [CancelSchemaExtension](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CancelSchemaExtension.html)  | ds:CancelSchemaExtension | \$1 | 
|   [ConnectDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ConnectDirectory.html)   |  `ds:ConnectDirectory` `ec2:DescribeSubnets` `ec2:DescribeVpcs` `ec2:CreateSecurityGroup` `ec2:CreateNetworkInterface` `ec2:DescribeNetworkInterfaces` `ec2:AuthorizeSecurityGroupIngress` `ec2:AuthorizeSecurityGroupEgress` `ec2:CreateTags`  |  \$1  | 
|   [CreateAlias](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateAlias.html)   |  `ds:CreateAlias`  |  \$1  | 
|   [CreateComputer](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateComputer.html)   |  `ds:CreateComputer`  |  \$1  | 
|   [CreateConditionalForwarder](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateConditionalForwarder.html)   |  `ds:CreateConditionalForwarder`  |  \$1  | 
|   [CreateDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateDirectory.html)   |  `ds:CreateDirectory` `ec2:DescribeSubnets` `ec2:DescribeVpcs` `ec2:CreateSecurityGroup` `ec2:CreateNetworkInterface` `ec2:DescribeNetworkInterfaces` `ec2:AuthorizeSecurityGroupIngress` `ec2:AuthorizeSecurityGroupEgress` `ec2:CreateTags`  |  \$1  | 
| [CreateLogSubscription](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateLogSubscription.html)  | ds:CreateLogSubscription | \$1 | 
|   [CreateMicrosoftANÚNCIO](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateMicrosoftAD.html)   |  `ds:CreateMicrosoftAD` `ec2:DescribeSubnets` `ec2:DescribeVpcs` `ec2:CreateSecurityGroup` `ec2:CreateNetworkInterface` `ec2:DescribeNetworkInterfaces` `ec2:AuthorizeSecurityGroupIngress` `ec2:AuthorizeSecurityGroupEgress` `ec2:RevokeSecurityGroupEgress` `ec2:CreateTags`  |  \$1  | 
|   [CreateSnapshot](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateSnapshot.html)   |  `ds:CreateSnapshot`  |  \$1  | 
|   [CreateTrust](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_CreateTrust.html)   |  `ds:CreateTrust`  |  \$1  | 
|   [DeleteConditionalForwarder](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteConditionalForwarder.html)   |  `ds:DeleteConditionalForwarder`  |  \$1  | 
|   [DeleteDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteDirectory.html)   |  `ds:DeleteDirectory` `ec2:DescribeNetworkInterfaces` `ec2:DeleteSecurityGroup` `ec2:DeleteNetworkInterface` `ec2:RevokeSecurityGroupIngress` `ec2:RevokeSecurityGroupEgress` `ec2:DeleteTags`  |  \$1  | 
| [DeleteLogSubscription](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteLogSubscription.html)  | ds:DeleteLogSubscription | \$1 | 
|   [DeleteSnapshot](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteSnapshot.html)   |  `ds:DeleteSnapshot`  |  \$1  | 
|   [DeleteTrust](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeleteTrust.html)   |  `ds:DeleteTrust`  |  \$1  | 
|   [DeregisterEventTopic](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DeregisterEventTopic.html)   |  `ds:DeregisterEventTopic`  |  \$1  | 
|   [DescribeConditionalForwarders](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeConditionalForwarders.html)   |  `ds:DescribeConditionalForwarders`  |  \$1  | 
|   [DescribeDirectories](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeDirectories.html)   |  `ds:DescribeDirectories`  |  \$1  | 
| [DescribeDomainControllers](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeDomainControllers.html)  | ds:DescribeDomainControllers | \$1 | 
|   [DescribeEventTopics](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeEventTopics.html)   |  `ds:DescribeEventTopics`  |  \$1  | 
| [DescribeSharedDirectories](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeSharedDirectories.html)  | ds:DescribeSharedDirectories | \$1 | 
|   [DescribeSnapshots](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeSnapshots.html)   |  `ds:DescribeSnapshots`  |  \$1  | 
|   [DescribeTrusts](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DescribeTrusts.html)   |  `ds:DescribeTrusts`  |  \$1  | 
|   [DisableRadius](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DisableRadius.html)   |  `ds:DisableRadius`  |  \$1  | 
|   [DisableSso](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_DisableSso.html)   |  `ds:DisableSso`  |  \$1  | 
|   [EnableRadius](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_EnableRadius.html)   |  `ds:EnableRadius`  |  \$1  | 
|   [EnableSso](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_EnableSso.html)   |  `ds:EnableSso`  |  \$1  | 
|   [GetDirectoryLimits](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_GetDirectoryLimits.html)   |  `ds:GetDirectoryLimits`  |  \$1  | 
|   [GetSnapshotLimits](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_GetSnapshotLimits.html)   |  `ds:GetSnapshotLimits`  |  \$1  | 
|  [ListIpRoutes](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListIpRoutes.html)  |  `ds:ListIpRoutes`  |  \$1  | 
| [ListLogSubscriptions](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListLogSubscriptions.html)  | ds:ListLogSubscriptions | \$1 | 
|  [ListSchemaExtensions](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListSchemaExtensions.html)  |  `ds:ListSchemaExtensions`  |  \$1  | 
|  [ListTagsForResource](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ListTagsForResource.html)  |  `ds:ListTagsForResource`  |  \$1  | 
|   [RegisterEventTopic](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RegisterEventTopic.html)   |  `ds:RegisterEventTopic` `sns:GetTopicAttributes`  |  \$1  | 
| [RejectSharedDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RejectSharedDirectory.html)  | ds:RejectSharedDirectory | \$1 | 
|  [RemoveIpRoutes](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RemoveIpRoutes.html)  |  `ds:RemoveIpRoutes`  |  \$1  | 
|  [RemoveTagsFromResource](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RemoveTagsFromResource.html)  |  `ds:RemoveTagsFromResource` `ec2:DeleteTags`  |  \$1  | 
| [ResetUserPassword](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ResetUserPassword.html)  | ds:ResetUserPassword | \$1 | 
|   [RestoreFromSnapshot](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_RestoreFromSnapshot.html)   |  `ds:RestoreFromSnapshot`  |  \$1  | 
| [ShareDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ShareDirectory.html)  |  `ds:ShareDirectory` `organizations:DescribeAccount` `organizations:DescribeOrganization` `organizations:ListAWSServiceAccessForOrganization`  | \$1 | 
|  [StartSchemaExtension](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_StartSchemaExtension.html)  |  `ds:StartSchemaExtension`  |  \$1  | 
| [UnshareDirectory](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UnshareDirectory.html)  | ds:UnshareDirectory | \$1 | 
|   [UpdateConditionalForwarder](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateConditionalForwarder.html)   |  `ds:UpdateConditionalForwarder`  |  \$1  | 
| [UpdateNumberOfDomainControllers](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateNumberOfDomainControllers.html)  |  `ds:UpdateNumberOfDomainControllers` `ec2:DescribeSubnets` `ec2:DescribeVpcs` `ec2:CreateNetworkInterface` `ec2:DescribeNetworkInterfaces` `ec2:DeleteNetworkInterface`  | \$1 | 
|   [UpdateRadius](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateRadius.html)   |  `ds:UpdateRadius`  |  \$1  | 
| [UpdateTrust](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_UpdateTrust.html)  | ds:UpdateTrust | \$1 | 
|   [VerifyTrust](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_VerifyTrust.html)   |  `ds:VerifyTrust`  |  \$1  | 

## AWS API de dados do Directory Service e permissões necessárias para ações
<a name="DSData_ResourcePermissions"></a>

**nota**  
 Para especificar uma ação, use o prefixo `ds-data:` seguido do nome da operação da API (por exemplo, `ds-data:AddGroupMember`). 


| Operações da API do Directory Service Data | Permissões obrigatórias (ações de API): | Recursos | 
| --- | --- | --- | 
|  [AddGroupMember](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_AddGroupMember.html)  |  `ds-data:AddGroupMember`  | \$1 | 
|  [CreateGroup](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_CreateGroup.html)  |  `ds-data:CreateGroup`  |  \$1  | 
|  [CreateUser](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_CreateUser.html)  |  `ds-data:CreateUser`  |  \$1  | 
|  [DeleteGroup](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_DeleteGroup.html)  |  `ds-data:DeleteGroup`  |  \$1  | 
|  [DeleteUser](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/DeleteUser.html)  |  `ds-data:DeleteUser`  |  \$1  | 
|  [DescribeGroup](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_DescribeGroup.html)  |  `ds-data:DescribeGroup`  |  \$1  | 
|  [DescribeUser](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_DescribeUser.html)  |  `ds-data:DescribeUser`  |  \$1  | 
|  [DisableUser](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_DisableUser.html)  |  `ds-data:DisableUser`  |  \$1  | 
|  [ListGroups](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_ListGroups.html)  |  `ds-data:ListGroups`  |  \$1  | 
|  [ListGroupMembers](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_ListGroupMembers.html)  |  `ds-data:ListGroupMembers`  |  \$1  | 
|  [ListGroupsForMember](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_ListGroupsForMember.html)  |  `ds-data:ListGroupsForMember`  |  \$1  | 
|  [ListUsers](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_ListUsers.html)  |  `ds-data:ListUsers`  |  \$1  | 
|  [RemoveGroupMember](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_RemoveGroupMember.html)  |  `ds-data:RemoveGroupMember`  |  \$1  | 
|  [SearchGroups](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_SearchGroups.html)  |  `ds-data:DescribeGroup` `ds-data:SearchGroups`  |  \$1  | 
| [SearchUsers](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_SearchUsers.html) |  `ds-data:DescribeUser` `ds-data:SearchUsers`  |  \$1  | 
| [UpdateGroup](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_UpdateGroup.html) |  `ds-data:UpdateGroup`  |  \$1  | 
| [UpdateUser](https://docs.aws.amazon.com/directoryservicedata/latest/DirectoryServiceDataAPIReference/API_UpdateUser.html) |  `ds-data:UpdateUser`  |  \$1  | 

## Related Topics
<a name="iam2_related"></a>
+ [Controle de acesso](iam_auth_access.md#access_control)