All Products
Search

This Product

    ApsaraDB RDS:DescribeAccountMaskingPrivilege

    Document Center

    ApsaraDB RDS:DescribeAccountMaskingPrivilege

    Last Updated:Apr 18, 2026

    Queries the encryption or data masking permission configuration for an account in a specified instance.

    Operation description

    Prerequisites

    • Before calling this interface, ensure that the column encryption service is enabled in the DAS Security Center.

    • If you receive the ColumnEncryptionErrorCode.NOT_PURCHASED error, go to the DAS (Database Autonomy Service) Security Center, purchase and enable the column encryption service, and try again.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    rds:DescribeAccountMaskingPrivilege

    list

    *DBInstance

    acs:rds:{#regionId}:{#accountId}:dbinstance/{#DbInstanceId}

    		 None None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    DBInstanceName

    string

    Yes

    The instance ID.

    rm-t4n8t18o******6d5
    UserName

    string

    No

    The account name. Use this parameter to query for a specific account.

    rds
    RegionId

    string

    No

    The region ID.

    ap-southeast-1
    DBName

    string

    No

    The database name.

    myDB

    Response elements

    Element

    Type

    Description

    Example

    object

    The response object.

    Data

    object

    The response data.

    UserPrivilege

    array<object>

    A list of user masking privileges.

    object

    ExpireTime

    string

    The privilege expiration time in UTC.

    2026-01-22T02:01:20Z
    Privilege

    string

    The privilege type. A value of restrictedAccess indicates that data masking is required.

    restrictedAccess
    UserName

    string

    The user name.

    rds
    RequestId

    string

    The request ID.

    D0073A98-52F1-3075-8256-394**********

    Examples

    Success response

    JSON format

    {
  "Data": {
    "UserPrivilege": [
      {
        "ExpireTime": "2026-01-22T02:01:20Z",
        "Privilege": "restrictedAccess",
        "UserName": "rds"
      }
    ]
  },
  "RequestId": "D0073A98-52F1-3075-8256-394**********"
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 Order.ComboInstanceNotAllowOperate A package instance is not allowed to operate independently. A package instance is not allowed to operate independently.
    400 Price.PricingPlanResultNotFound Pricing plan price result not found. Pricing plan price result not found.
    400 Order.NoRealNameAuthentication You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication. You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the cost and cost for real-name authentication.
    400 InsufficientAvailableQuota Your account quota limit is less than 0, please recharge before trying to purchase. Your account available limit is less than 0, please recharge before trying to purchase.
    400 CommodityServiceCalling.Exception Failed to call commodity service. Failed to call commodity service return.
    400 RegionDissolvedEOM Dear customer, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will cease operations. You are currently unable to operate new purchase orders. Thank you for your understanding and support. Hello, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will stop operating. In order to ensure your business continuity and smooth transition of data migration, you are currently unable to operate new purchase orders. Thank you for your understanding and support.
    400 Commodity.InvalidComponent The module you purchased is not legal, please buy it again. The module you purchased is not legal, please buy it again.
    400 RegionEndTimeDissolvedAustralia Cloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024. Hello customer, this area has been abolished.
    400 Price.CommoditySys Commodity system call exception. Commodity system call exception.
    400 Pay.InsufficientBalance Insufficient available balance. Insufficient available balance.
    400 Order.PeriodInvalid There is a problem with the period you selected, please choose again. There is a problem with the period you selected, please choose again.
    400 pay.noCreditCard Account not bound to credit card.
    400 Order.InstHasUnpaidOrder There is an unpaid order for the service you have purchased. Please pay or void it before placing the order. There is an unpaid order for the service you have purchased. Please pay or void it before placing the order.
    400 noAvailablePaymentMethod No payment method is specified for your account. We recommend that you add a payment method. No payment method has been specified for your account. We recommend that you add a payment method.
    400 BasicInfoUncompleted Your information is incomplete. Complete your information before the operation. Your basic information is not complete, please complete your basic information before operation.
    400 Risk.RiskControlRejection Your account is abnormal, please contact customer service for details. Your account is abnormal, please contact customer service for details.
    400 Api.NotSupport Specified api is not supported. The current interface does not support.
    400 ContainForbiddenLabelError There is a label that prohibits placing orders. Please contact your distributor for assistance. You cannot place the order because a tag indicates that order placement is prohibited. Contact your distributor.
    400 InvalidDBInstanceId.NotFound The DBInstanceId provided does not exist in records. The DBInstanceId provided does not exist.
    400 InvalidInstanceLevel.DiskType Specified instance level not support request disk type The current instance type does not support the specified storage type.
    400 InvalidParam Sepcified wal level Parameter is invalid. There are still logical slots in instance, so it can not be set as replica. The specified wal_level parameter is invalid. There is still a copy slot in the instance, so it cannot be set to replica.
    400 KmsApiError User secret key invalid. The user key is invalid.
    400 System.SaleValidateFailed Sales expression validation system error. A system error occurs when the sales expression is verified.
    400 Abs.InvalidAccount.NotFound account is not found. The account does not exist.
    400 SqlExecuteFailedOrTimeout sql command execution failed or timed out:%s. SQL command execution failed or timed out
    400 ColdData.EngineVersionNotSupport The current instance engine version not support coldDataEnabled. The current instance engine version not support coldDataEnabled.
    400 ColdData.MinorVersionNotSupport The current instance minor version not support coldDataEnabled. The current instance minor version not support coldDataEnabled.
    400 IncorrectTargetClasscode The current instance type does not support this operation. This operation is not supported by the instance type.
    400 InvalidConnectionString.Duplicate Specified connection string already exists in the RDS. The link address name is duplicate. Please reset the connection string.
    400 RequiredParam.NotFound Required input param is not found.
    400 Parameters.Invalid Parameter error, please check the parameters. Parameter error, please check the parameters.
    400 BackupPolicyNotSupport Cold Data won't open with CrossBackup or Flash Backup, please check Backup Policy. Cold Data won't open with CrossBackup or Flash Backup, please check Backup Policy.
    400 InvalideStatus.Format The instance status does not support this operation.
    400 InvalidReleasedKeepPolicy.Format Specified Released Keep Policy is not valid. Specified Released Keep Policy is not valid.
    400 InvalidDBInstanceEngineType.Format the DB instance engine type does not support this operation. This operation is not supported for the database engine of the instance.
    400 Pay.NoCreditCard No credit cards. No credit cards.
    400 VpcNetworkTypeNotSupport The vpc network type instance does not support this operation. The vpc network type instance does not support this operation.
    400 MirrorInsExists Specified DB instance mirror ins already existed. Specified DB instance mirror ins already existed.
    400 UnsupportedClassCode The specified DB instance class stops selling. The specified DB instance class stops selling.
    400 InvalidBackupSet The specified database does not exist in the backup set. The specified database does not exist in the backup set.
    400 OrdTCommodityQueryError Failed to query for product. Failed to query product.
    400 ProductInstanceReleased The instance has been released. Please check before placing the order. The instance has been released, please verify and place an order.
    400 RegionEndTimeDissolvedIndia The region is no longer supported. The region is no longer supported.
    400 ColumnEncryptionErrorCode.NOT_PURCHASED The instance has not enabled the column encryption service.
    500 ExternalFailure The request processing has failed due to external service failure. The request processing has failed due to external service failure.
    500 RequestMetaDataFailed The service request failed. Please try again later or contact service personnel. The service request failed. Please try again later or contact service personnel.
    500 InvokeProxyFailure The request processing has failed due to service failure of rds api. The request failed to be processed due to an RDS API failure.
    403 IncorrectDBInstanceState Current DB instance state does not support this operation.
    403 IncorrectMinorVersion Current engine minor version does not support operations. This operation is not supported for the current minor engine version.
    403 OrderStatus.UnPaid The specified db instance has unpaid order. The instance has an unpaid order. Please pay first and try again.
    403 InvalidReduceDiskSize The storage capacity after the scale-down must be larger than the used amount. The scale-in target capacity cannot be less than the current storage space usage
    403 CloudSSDNotSupport Cloud ssd does not support this operation, please upgrade to essd.
    403 InvalidUserOperatorPermission The user permission does not support this operation. The user is not authorized to perform this operation.
    403 InvalidVswitchId Specified conn vswitch id is not valid.
    403 OperationDenied.ZoneResource There is no available zone for inventory. There is no available zone for inventory.
    403 NotInFlowController Sorry,no permission. Sorry,no permission.
    403 InvalidKmsKey Kms key is disabled.
    403 InvalidInstanceLevel.Malformed Current DB instance level does not support this operation. The specified database instance type does not support this operation.
    404 InvalidDBInstance.NotFound The specified instance does not exist or is not supported. The RDS instance cannot be found. Check the ID or name of the RDS instance.
    404 InvalidClusterKms The current instance does not authorized to access the Key Management Service. The instance does not have permissions to access Key Management Service (KMS).
    404 Request.NotFound The requested resource is not available. The requested resources are unavailable.
    404 HostInfo.NotFound The specified host info is not found.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.