Remove the access permissions on an account in a resource directory.
Usage notes
When you call this operation, an asynchronous task is created. You can call the GetTask operation to query the progress of the task based on the value of the TaskId
response parameter.
This topic provides an example on how to remove the access permissions on the account
114240524784****
in the resource directory from the CloudSSO user u-00q8wbq42wiltcrk****
. The access permissions are assigned by using the access configuration ac-00jhtfl8thteu6uj****
.
Limits
You can call this operation up to 20 times per second per account. This operation is globally limited to 100 times per second across all accounts. If the number of the calls per second exceeds a limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limits when you call this operation.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | DeleteAccessAssignment |
The operation that you want to perform. Set the value to DeleteAccessAssignment. |
DirectoryId | String | Yes | d-00fc2p61**** |
The ID of the directory. |
AccessConfigurationId | String | Yes | ac-00jhtfl8thteu6uj**** |
The ID of the access configuration. |
TargetType | String | Yes | RD-Account |
The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory. |
TargetId | String | Yes | 114240524784**** |
The ID of the task object. |
PrincipalType | String | Yes | User |
The type of the CloudSSO identity. Valid values:
|
PrincipalId | String | Yes | u-00q8wbq42wiltcrk**** |
The ID of the CloudSSO identity.
|
DeprovisionStrategy | String | No | None |
Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. The access configuration is used to assign the access permissions, and the identity is the only one that uses the access configuration and is associated with the account. Valid values:
|
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
Task | Object |
The information about the task. |
|
Status | String | InProgress |
The status of the task. Valid values:
|
TaskId | String | t-shfqw1u1edszvxw5**** |
The ID of the task. |
PrincipalId | String | u-00q8wbq42wiltcrk**** |
The ID of the CloudSSO identity. |
TargetPath | String | rd-3G****/r-Wm****/114240524784**** |
The path ID of the task object in the resource directory. |
PrincipalName | String | Alice |
The name of the CloudSSO identity. |
TargetName | String | dev-test |
The name of the task object. |
TargetId | String | 114240524784**** |
The ID of the task object. |
AccessConfigurationName | String | ECS-Admin |
The name of the access configuration. |
TargetPathName | String | rd-3G****/root/dev-test |
The path name of the task object in the resource directory. |
TaskType | String | DeleteAccessAssignment |
The type of the task. The value is fixed as DeleteAccessAssignment, which indicates that access permissions on an account in your resource directory are removed. |
TargetType | String | RD-Account |
The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory. |
AccessConfigurationId | String | ac-00jhtfl8thteu6uj**** |
The ID of the access configuration. |
PrincipalType | String | User |
The type of the CloudSSO identity. Valid values:
|
RequestId | String | 5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007 |
The ID of the request. |
Examples
Sample requests
https://[Endpoint]/?Action=DeleteAccessAssignment
&DirectoryId=d-00fc2p61****
&AccessConfigurationId=ac-00jhtfl8thteu6uj****
&TargetType=RD-Account
&TargetId=114240524784****
&PrincipalType=User
&PrincipalId=u-00q8wbq42wiltcrk****
&DeprovisionStrategy=None
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<DeleteAccessAssignmentResponse>
<Task>
<Status>InProgress</Status>
<TaskId>t-shfqw1u1edszvxw5****</TaskId>
<PrincipalId>u-00q8wbq42wiltcrk****</PrincipalId>
<TargetPath>rd-3G****/r-Wm****/114240524784****</TargetPath>
<PrincipalName>Alice</PrincipalName>
<TargetName>dev-test</TargetName>
<TargetId>114240524784****</TargetId>
<AccessConfigurationName>ECS-Admin</AccessConfigurationName>
<TargetPathName>rd-3G****/root/dev-test</TargetPathName>
<TaskType>DeleteAccessAssignment</TaskType>
<TargetType>RD-Account</TargetType>
<AccessConfigurationId>ac-00jhtfl8thteu6uj****</AccessConfigurationId>
<PrincipalType>User</PrincipalType>
</Task>
<RequestId>5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007</RequestId>
</DeleteAccessAssignmentResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"Task" : {
"Status" : "InProgress",
"TaskId" : "t-shfqw1u1edszvxw5****",
"PrincipalId" : "u-00q8wbq42wiltcrk****",
"TargetPath" : "rd-3G****/r-Wm****/114240524784****",
"PrincipalName" : "Alice",
"TargetName" : "dev-test",
"TargetId" : "114240524784****",
"AccessConfigurationName" : "ECS-Admin",
"TargetPathName" : "rd-3G****/root/dev-test",
"TaskType" : "DeleteAccessAssignment",
"TargetType" : "RD-Account",
"AccessConfigurationId" : "ac-00jhtfl8thteu6uj****",
"PrincipalType" : "User"
},
"RequestId" : "5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007"
}
Error codes
For a list of error codes, visit the API Error Center.