DescribeAccountPrivileges - AnalyticDB - Alibaba Cloud Documentation Center

Queries the permissions of a specified database account at a specific level.

Operation description

For more information about the endpoints of this service, see Endpoints.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

adb:DescribeAccountPrivileges

list

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID.	cn-hangzhou
DBClusterId	string	Yes	The ID of the cluster. The cluster can be an Enterprise Edition, Basic Edition, or Data Lakehouse Edition cluster.	amv-bp1k5p066e1a****
AccountName	string	Yes	The name of the database account.	account1
PrivilegeType	string	No	The permission level. You can obtain the value of this parameter by calling the `DescribeEnabledPrivileges` operation.	Global
DatabasePrivilegeObject	string	No	The name of the database used to filter permissions. This parameter is available only when the permission level is `Database`, `Table`, or `Column`.	db1
TablePrivilegeObject	string	No	The name of the table used to filter permissions. You can use this parameter with the database name for combined filtering. This parameter is available only when the permission level is `Table` or `Column`.	table1
PageNumber	string	No	The page number. Pages start from page 1. The default value is 1.	1
PageSize	string	No	The number of entries to return on each page. The default value is 20.	10
ColumnPrivilegeObject	string	No	The name of the column used to filter permissions. This parameter is available only when the permission level is `Column`.	col1

Response elements

Element	Type	Description	Example
	object	The response.
RequestId	string	The request ID.	DA32480A-E3E5-1BE7-BA98-724551DC04C8
Data	array<object>	A list of permission details.
	array<object>	The permission details.
PrivilegeType	string	The permission level. Valid values: `Global`, `Database`, `Table`, and `Column`. You can obtain the value of this parameter by calling the `DescribeEnabledPrivileges` operation.	Column
PrivilegeObject	object	The permission object. It is a trituple that consists of the database, table, and column, and includes a description.
Database	string	The database name.	db1
Table	string	The table name.	tabl1
Column	string	The column name.	column1
Description	string	The description.	a test column
Privileges	array	A list of permissions.
	string	The name of the permission. You can obtain the value of this parameter by calling the `DescribeEnabledPrivileges` operation.	insert,select
TotalCount	integer	The total number of permissions that the account has at the specified permission level.	100
PageNumber	integer	The page number. This value is the same as the `PageNumber` request parameter.	1
PageSize	integer	The number of entries per page. This value is the same as the `PageSize` request parameter.	20

Examples

Success response

JSON format

{
  "RequestId": "DA32480A-E3E5-1BE7-BA98-724551DC04C8",
  "Data": [
    {
      "PrivilegeType": "Column",
      "PrivilegeObject": {
        "Database": "db1",
        "Table": "tabl1",
        "Column": "column1",
        "Description": "a test column"
      },
      "Privileges": [
        "insert,select"
      ]
    }
  ],
  "TotalCount": 100,
  "PageNumber": 1,
  "PageSize": 20
}

Error codes

HTTP status code	Error code	Error message	Description
400	ACS.Account.NotExist	The account is not found.	The specified RAM user does not exist.
400	InvalidDBClusterId.Malformed	The specified parameter DBClusterId is not valid.	The DBClusterId parameter is invalid. Check the parameter.
400	ACS.InvalidParameter.%s	Parameter %s is invalid.	The specified parameter is invalid.
400	InvalidDBCluster.NotFound	The DBClusterId provided does not exist in our records.
400	ACS.User.NotBindDatabaseAccount	The user has not been associated with a database account.	The user is not associated with the database account.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.