DescribeAccountAllPrivileges - AnalyticDB - Alibaba Cloud Documentation Center

Queries the permissions of a database account on all permission levels.

Operation description

For information about the endpoints of AnalyticDB for MySQL, see Endpoints .

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
adb:DescribeAccountAllPrivileges	list	All Resources ``	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID of the cluster.	cn-hangzhou
DBClusterId	string	Yes	The ID of the AnalyticDB for MySQL Data Lakehouse Edition (V3.0) cluster.	amv-bp14t95lun0w****
AccountName	string	Yes	The name of the database account.	account1
Marker	string	No	Specifies the start position marker from which to return results. If you receive a response indicating that the results are truncated, set this parameter to the value of the `Marker` parameter in the response that you received.	EXAMPLE

Response parameters

Parameter	Type	Description	Example
	object	BaseResponse
RequestId	string	The ID of the request.	3BB185E9-BB54-1727-B876-13243E4C0EB5
Data	object	Details of the permissions.
Result	array<object>	The permissions.
result	object
PrivilegeType	string	The permission level of the database account. You can call the `DescribeEnabledPrivileges` operation to query the permission level of the database account.	Global
PrivilegeObject	object	The objects on which the permission takes effect, including databases, tables, and columns. If Global is returned for the PrivilegeType parameter, an empty string is returned for this parameter.
Database	string	The name of the database.	tdb1
Table	string	The name of the table.	table1
Column	string	The name of the column.	id
Description	string	The description of the permission object.	id of table
Privileges	array	The name of the permission, which is the same as the permission name returned by the `DescribeEnabledPrivileges` operation.
privilege	string		select
Marker	string	Indicates the position where the results are truncated. When a value of `true` is returned for the `Truncated` parameter, this parameter is present and contains the value to use for the Marker parameter in a subsequent call.	0573e74fd1ccb01739993a691e876074db6e1b6ad79f54115f0e98528432ba6a523cfec5780ade5189299cc3396f6ff7
Truncated	boolean	Indicates whether the results are truncated. If the results are truncated, a value of `true` is returned. In this case, you must call this operation again to obtain all the results until a value of `false` is returned for this parameter.	true

Examples

Sample success responses

JSONformat

{
  "RequestId": "3BB185E9-BB54-1727-B876-13243E4C0EB5",
  "Data": {
    "Result": [
      {
        "PrivilegeType": "Global",
        "PrivilegeObject": {
          "Database": "tdb1",
          "Table": "table1",
          "Column": "id",
          "Description": "id of table"
        },
        "Privileges": [
          "select"
        ]
      }
    ],
    "Marker": "0573e74fd1ccb01739993a691e876074db6e1b6ad79f54115f0e98528432ba6a523cfec5780ade5189299cc3396f6ff7",
    "Truncated": true
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	ACS.Account.NotExist	The account is not found.	The specified RAM user does not exist.
400	ACS.InvalidParameter.%s	Parameter %s is invalid.	The specified parameter is invalid.
400	InvalidDBCluster.NotFound	The DBClusterId provided does not exist in our records.	The specified DBClusterId parameter does not exist. Make sure that the DBClusterId value is valid.
400	ACS.User.NotBindDatabaseAccount	The user has not been associated with a database account.	The user is not associated with the database account.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-04-09	The Error code has changed	View Change Details
2023-12-06	The Error code has changed	View Change Details
2023-04-20	The Error code has changed	View Change Details
2023-03-24	The internal configuration of the API is changed, but the call is not affected	View Change Details