You can call this operation to specify the security preferences.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes SetSecurityPreference

The operation that you want to perform. Set the value to SetSecurityPreference.

AllowUserToChangePassword Boolean No true

Specifies whether RAM users can change their passwords.

AllowUserToManageAccessKeys Boolean No false

Specifies whether RAM users can manage their AccessKey pairs.

AllowUserToManageMFADevices Boolean No true

Specifies whether RAM users can manage their multi-factor authentication (MFA) devices.

AllowUserToManagePublicKeys Boolean No false

Specifies whether RAM users can manage their public keys.

EnableSaveMFATicket Boolean No true

Specifies whether RAM users can save MFA security codes during logon.

Note A security code is valid for seven days.
LoginNetworkMasks String No 10.0.0.0/8

The subnet mask that specifies the IP addresses from which access is allowed. This parameter is unspecified by default, which indicates that the system allows access from all IP addresses.

LoginSessionDuration Integer No 6

The validity period of a logon session. Unit: hours.

Response parameters

Parameter Type Example Description
RequestId String 04F0F334-1335-436C-A1D7-6C044FE73368

The ID of the request.

SecurityPreference N/A N/A

The security preferences.

AccessKeyPreference N/A N/A

The AccessKey pair preference.

AllowUserToManageAccessKeys Boolean false

Indicates whether RAM users can manage their AccessKey pairs.

LoginProfilePreference N/A N/A

The logon preference.

AllowUserToChangePassword Boolean true

Indicates whether RAM users can change their passwords.

EnableSaveMFATicket Boolean true

Indicates whether RAM users can save MFA security codes during logon.

Note A security code is valid for seven days.
LoginNetworkMasks String 10.0.0.0/8

The subnet mask that specifies the IP addresses from which access is allowed. This parameter is unspecified by default, which indicates that the system allows access from all IP addresses.

LoginSessionDuration Integer 6

The validity period of a session. Unit: hours.

MFAPreference N/A N/A

The MFA preference.

AllowUserToManageMFADevices Boolean true

Indicates whether RAM users can manage their multi-factor authentication (MFA) devices.

PublicKeyPreference N/A N/A

The public key preference.

AllowUserToManagePublicKeys Boolean false

Indicates whether RAM users can manage their public keys.

Examples

Sample requests


https://ram.aliyuncs.com/?Action=SetSecurityPreference
&EnableSaveMFATicket=true
&AllowUserToChangePassword=true
&AllowUserToManageAccessKeys=false
&<Common request parameters>

Sample success responses

XML format

<RequestId>04F0F334-1335-436C-A1D7-6C044FE73368</RequestId>
<SecurityPreference>
    <LoginProfilePreference>
        <EnableSaveMFATicket>true</EnableSaveMFATicket>
        <AllowUserToChangePassword>true</AllowUserToChangePassword>
        <LoginNetworkMasks>10.0.0.0/8</LoginNetworkMasks>
        <LoginSessionDuration>6</LoginSessionDuration>
    </LoginProfilePreference>
    <AccessKeyPreference>
        <AllowUserToManageAccessKeys>false</AllowUserToManageAccessKeys>
    </AccessKeyPreference>
    <MFAPreference>
        <AllowUserToManageMFADevices>true</AllowUserToManageMFADevices>
    </MFAPreference>
    <PublicKeyPreference>
        <AllowUserToManagePublicKeys>false</AllowUserToManagePublicKeys>
    </PublicKeyPreference>
</SecurityPreference>

JSON format

{
	"RequestId":"04F0F334-1335-436C-A1D7-6C044FE73368",
	"SecurityPreference":{
		"LoginProfilePreference":{
			"LoginSessionDuration":6,
			"LoginNetworkMasks":"10.0.0.0/8",
			"EnableSaveMFATicket":true,
			"AllowUserToChangePassword":true
		},
		"AccessKeyPreference":{
			"AllowUserToManageAccessKeys":false
		},
		"PublicKeyPreference":{
			"AllowUserToManagePublicKeys":false
		},
		"MFAPreference":{
			"AllowUserToManageMFADevices":true
		}
	}
}

Error codes

For a list of error codes, visit the API Error Center.