All Products
Search
Document Center

Resource Access Management:SetPasswordPolicy

Last Updated:Mar 03, 2024

Configures the password policy for RAM users.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
ram:SetPasswordPolicyWrite
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
MinimumPasswordLengthintegerNo

The minimum number of characters in the password.

Valid values: 8 to 32. Default value: 8.

8
RequireLowercaseCharactersbooleanNo

Specifies whether the password must contain lowercase letters. Default value: false. Valid values:

  • true
  • false
false
RequireUppercaseCharactersbooleanNo

Specifies whether the password must contain uppercase letters. Default value: false. Valid values:

  • true
  • false
false
RequireNumbersbooleanNo

Specifies whether the password must contain digits. Default value: false. Valid values:

  • true
  • false
false
RequireSymbolsbooleanNo

Specifies whether the password must contain special characters. Default value: false. Valid values:

  • true
  • false
false
HardExpirebooleanNo

Specifies whether to disable logon after the password expires. Valid values:

  • true: After the password expires, you cannot use the password to log on to the console. You can log on to the console only after you reset the password by using your Alibaba Cloud account or as a RAM user that has administrative rights.
  • false: After the password expires, you can change the password to log on to the console. This is the default value.
false
MaxLoginAttempsintegerNo

The maximum number of password retries. If you enter the wrong passwords for the specified consecutive times, the account is locked for one hour.

Valid values: 0 to 32.

The default value is 0, which indicates that the password retries are not limited.

0
PasswordReusePreventionintegerNo

The policy for password history check.

The previous N passwords cannot be reused. Valid values of N: 0 to 24.

The default value is 0, which indicates that RAM users can reuse previous passwords.

0
MaxPasswordAgeintegerNo

The validity period of the password.

Valid values: 0 to 1095. Unit: days.

The default value is 0, which indicates that the password never expires.

0
MinimumPasswordDifferentCharacterintegerNo

The minimum number of unique characters in the password.

Valid values: 0 to 8.

The default value is 0, which indicates that no limits are imposed on the number of unique characters in a password.

0
PasswordNotContainUserNamebooleanNo

Specifies whether to exclude the username from the password. Valid values:

  • true: A password cannot contain the username.
  • false: A password can contain the username. This is the default value.
false

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request.

3FB5551F-B2ED-40D4-8392-1E4AC2384EFD
PasswordPolicyobject

The details of the password policy.

RequireNumbersboolean

Indicates whether the password must contain digits.

false
RequireLowercaseCharactersboolean

Indicates whether the password must contain lowercase letters.

false
PasswordReusePreventioninteger

The policy for password history check.

0
RequireSymbolsboolean

Indicates whether the password must contain special characters.

false
PasswordNotContainUserNameboolean

Indicates whether to exclude the username from the password.

false
MinimumPasswordDifferentCharacterinteger

The minimum number of unique characters in the password.

0
MaxPasswordAgeinteger

The validity period of the password.

0
HardExpireboolean

Indicates whether to disable logon after the password expires.

false
MinimumPasswordLengthinteger

The minimum number of characters in the password.

8
RequireUppercaseCharactersboolean

Indicates whether the password must contain uppercase letters.

false
MaxLoginAttempsinteger

The maximum number of password retries.

0

Examples

Sample success responses

JSONformat

{
  "RequestId": "3FB5551F-B2ED-40D4-8392-1E4AC2384EFD",
  "PasswordPolicy": {
    "RequireNumbers": false,
    "RequireLowercaseCharacters": false,
    "PasswordReusePrevention": 0,
    "RequireSymbols": false,
    "PasswordNotContainUserName": false,
    "MinimumPasswordDifferentCharacter": 0,
    "MaxPasswordAge": 0,
    "HardExpire": false,
    "MinimumPasswordLength": 8,
    "RequireUppercaseCharacters": false,
    "MaxLoginAttemps": 0
  }
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history