Queries the security preferences for Resource Access Management (RAM) users.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | GetSecurityPreference |
The operation that you want to perform. Set the value to GetSecurityPreference. |
For more information about common request parameters, see Common parameters.
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| SecurityPreference | Object |
The details of security preferences. |
|
| AccessKeyPreference | Object |
The AccessKey pair preference. |
|
| AllowUserToManageAccessKeys | Boolean | false |
Indicates whether RAM users can manage their AccessKey pairs. Valid values:
|
| LoginProfilePreference | Object |
The logon preference. |
|
| EnableSaveMFATicket | Boolean | false |
Indicates whether RAM users can remember the multi-factor authentication (MFA) devices for seven days. Valid values:
|
| LoginSessionDuration | Integer | 6 |
The validity period of the logon session of RAM users. Unit: hours. |
| LoginNetworkMasks | String | 10.0.0.0/8 |
The subnet mask. |
| AllowUserToChangePassword | Boolean | true |
Indicates whether RAM users can change their passwords. Valid values:
|
| EnforceMFAForLogin | Boolean | false |
Indicates whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values:
|
| MFAPreference | Object |
The MFA preference. |
|
| AllowUserToManageMFADevices | Boolean | false |
Indicates whether RAM users can manage their MFA devices. Valid values:
|
| VerificationPreference | Object |
The verification method preference to achieve access control. |
|
| VerificationTypes | String | ["mfa"] |
The verification method that is used to achieve access control for RAM users. Valid value: mfa, which indicates that the verification method is MFA. |
| RequestId | String | 30C9068D-FBAA-4998-9986-8A562FED0BC3 |
The ID of the request. |
Examples
Sample requests
https://[Endpoint]/?Action=GetSecurityPreference
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<GetSecurityPreferenceResponse>
<SecurityPreference>
<LoginProfilePreference>
<EnforceMFAForLogin>false</EnforceMFAForLogin>
<LoginSessionDuration>6</LoginSessionDuration>
<LoginNetworkMasks/>
<AllowUserToChangePassword>true</AllowUserToChangePassword>
<EnableSaveMFATicket>false</EnableSaveMFATicket>
</LoginProfilePreference>
<AccessKeyPreference>
<AllowUserToManageAccessKeys>false</AllowUserToManageAccessKeys>
</AccessKeyPreference>
<VerificationPreference>
<VerificationTypes>mfa</VerificationTypes>
</VerificationPreference>
<MFAPreference>
<AllowUserToManageMFADevices>true</AllowUserToManageMFADevices>
</MFAPreference>
</SecurityPreference>
<RequestId>30C9068D-FBAA-4998-9986-8A562FED0BC3</RequestId>
</GetSecurityPreferenceResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"SecurityPreference" : {
"LoginProfilePreference" : {
"EnforceMFAForLogin" : false,
"LoginSessionDuration" : 6,
"LoginNetworkMasks" : "",
"AllowUserToChangePassword" : true,
"EnableSaveMFATicket" : false
},
"AccessKeyPreference" : {
"AllowUserToManageAccessKeys" : false
},
"VerificationPreference" : {
"VerificationTypes" : [ "mfa" ]
},
"MFAPreference" : {
"AllowUserToManageMFADevices" : true
}
},
"RequestId" : "30C9068D-FBAA-4998-9986-8A562FED0BC3"
}Error codes
For a list of error codes, visit the API Error Center.