CleanUserPermissions - Container Service for Kubernetes - Alibaba Cloud Documentation Center

You can call the CleanUserPermissions operation to delete the kubeconfig files of the specified users and revoke the relevant Role-Based Access Control (RBAC) permissions. This API operation is suitable for scenarios where employees have resigned or the accounts of employees are locked.

Operation description

Note

To call this operation, make sure that you have the AliyunCSFullAccess permission.

You cannot revoke the permissions of an Alibaba Cloud account.

You cannot revoke the permissions of the account that you use to call this operation.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
cs:CleanUserPermissions	none	All Resources ``	none	none

Request syntax

DELETE /users/{Uid}/permissions HTTP/1.1

Request parameters

Parameter	Type	Required	Description	Example
Uid	string	Yes	The ID of the specified Resource Access Management (RAM) user or RAM role within the Alibaba Cloud account.	26562443851650****
Force	boolean	No	Specifies whether to forcefully delete the specified kubeconfig files. Valid values: false (default): checks the cluster access records within the previous seven days before deleting the kubeconfig files. The kubeconfig files are not deleted if cluster access records are found or fail to be retrieved. true: forcefully deletes the kubeconfig files without checking the cluster access records.	false
ClusterIds	array	No	The cluster IDs. If you specify a list of cluster IDs, only the kubeconfig files and RBAC permissions of the clusters that belong to the current user in the list are revoked.
	string	No	The ID of the cluster.	cd53c3a9ee12a494c9a0451e2ffc11c65

Response parameters

Parameter	Type	Description	Example
	object
request_id	string	The request ID.	687C5BAA-D103-4993-884B-C35E4314****
task_id	string	The task ID.	clean-user-permissions-2085266204******-6694c16e6ae07*********

Examples

Sample success responses

JSONformat

{
  "request_id": "687C5BAA-D103-4993-884B-C35E4314****",
  "task_id": "clean-user-permissions-2085266204********-6694c16e6ae07***********"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history