Assigns access permissions on an account in your resource directory to a user or a group by using an access configuration.

Usage notes

When you call this operation, an asynchronous task is created. You can call the GetTask operation to query the progress of task execution by using the value of the TaskId response parameter.

For more information about how to assign permissions on an account in your resource directory, see Overview of multi-account authorization.

This topic provides an example on how to assign access permissions on the account 114240524784**** in your resource directory to the CloudSSO user u-00q8wbq42wiltcrk**** by using the access configuration ac-00jhtfl8thteu6uj****. After the call is successful, the CloudSSO user can access resources within the account in the resource directory.

Limits

You can call this operation up to 20 times per second per account. This operation is globally limited to 100 times per second across all accounts. If the number of the calls per second exceeds a limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limits when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateAccessAssignment

The operation that you want to perform. Set the value to CreateAccessAssignment.

DirectoryId String Yes d-00fc2p61****

The ID of the directory.

AccessConfigurationId String Yes ac-00jhtfl8thteu6uj****

The ID of the access configuration.

TargetType String Yes RD-Account

The type of the task object. Set the value to RD-Account, which indicates an account in your resource directory.

TargetId String Yes 114240524784****

The ID of the task object.

PrincipalType String Yes User

The type of the CloudSSO identity. Valid values:

  • User
  • Group
PrincipalId String Yes u-00q8wbq42wiltcrk****

The ID of the CloudSSO identity.

  • If you set PrincipalType to User, set PrincipalId to the ID of the CloudSSO user.
  • If you set PrincipalType to Group, set PrincipalId to the ID of the CloudSSO group.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
Task Object

The information about the task.

Status String InProgress

The status of the task. Valid values:

  • InProgress: The task is running.
  • Success: The task is successful.
  • Failed: The task failed.
TaskId String t-sh6tceylhvgejpip****

The ID of the task.

PrincipalId String u-00q8wbq42wiltcrk****

The ID of the CloudSSO identity.

TargetPath String rd-3G****/r-Wm****/114240524784****

The path ID of the task object in your resource directory.

PrincipalName String Alice

The name of the CloudSSO identity.

TargetName String dev-test

The name of the task object.

TargetId String 114240524784****

The ID of the task object.

AccessConfigurationName String ECS-Admin

The name of the access configuration.

TargetPathName String rd-3G****/root/dev-test

The path name of the task object in your resource directory.

TaskType String CreateAccessAssignment

The type of the task. The value is fixed as CreateAccessAssignment, which indicates that access permissions on an account in your resource directory are assigned.

TargetType String RD-Account

The type of the task object. The value is fixed as RD-Account, which indicates an account in your resource directory.

AccessConfigurationId String ac-00jhtfl8thteu6uj****

The ID of the access configuration.

PrincipalType String User

The type of the CloudSSO identity. Valid values:

  • User
  • Group
RequestId String 4726AA56-E138-5C99-85E4-F493536D042F

The ID of the request.

Examples

Sample requests

https://[Endpoint]/?Action=CreateAccessAssignment
&DirectoryId=d-00fc2p61****
&AccessConfigurationId=ac-00jhtfl8thteu6uj****
&TargetType=RD-Account
&TargetId=114240524784****
&PrincipalType=User
&PrincipalId=u-00q8wbq42wiltcrk****
&<Common request parameters>

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateAccessAssignmentResponse>
    <Task>
        <Status>InProgress</Status>
        <TaskId>t-sh6tceylhvgejpip****</TaskId>
        <PrincipalId>u-00q8wbq42wiltcrk****</PrincipalId>
        <TargetPath>rd-3G****/r-Wm****/114240524784****</TargetPath>
        <PrincipalName>Alice</PrincipalName>
        <TargetName>dev-test</TargetName>
        <TargetId>114240524784****</TargetId>
        <AccessConfigurationName>ECS-Admin</AccessConfigurationName>
        <TargetPathName>rd-3G****/root/dev-test</TargetPathName>
        <TaskType>CreateAccessAssignment</TaskType>
        <TargetType>RD-Account</TargetType>
        <AccessConfigurationId>ac-00jhtfl8thteu6uj****</AccessConfigurationId>
        <PrincipalType>User</PrincipalType>
    </Task>
    <RequestId>4726AA56-E138-5C99-85E4-F493536D042F</RequestId>
</CreateAccessAssignmentResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Task" : {
    "Status" : "InProgress",
    "TaskId" : "t-sh6tceylhvgejpip****",
    "PrincipalId" : "u-00q8wbq42wiltcrk****",
    "TargetPath" : "rd-3G****/r-Wm****/114240524784****",
    "PrincipalName" : "Alice",
    "TargetName" : "dev-test",
    "TargetId" : "114240524784****",
    "AccessConfigurationName" : "ECS-Admin",
    "TargetPathName" : "rd-3G****/root/dev-test",
    "TaskType" : "CreateAccessAssignment",
    "TargetType" : "RD-Account",
    "AccessConfigurationId" : "ac-00jhtfl8thteu6uj****",
    "PrincipalType" : "User"
  },
  "RequestId" : "4726AA56-E138-5C99-85E4-F493536D042F"
}

Error codes

For a list of error codes, visit the API Error Center.