DeleteAccessAssignment - API Reference| Alibaba Cloud Documentation Center

Usage notes

When you call this operation, an asynchronous task is created. You can call the GetTask operation to query the progress of the task based on the value of the TaskId response parameter.

This topic provides an example on how to remove the access permissions on the account 114240524784**** in the resource directory from the CloudSSO user u-00q8wbq42wiltcrk****. The access permissions are assigned by using the access configuration ac-00jhtfl8thteu6uj****.

Limits

You can call this operation up to 20 times per second per account. This operation is globally limited to 100 times per second across all accounts. If the number of the calls per second exceeds a limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limits when you call this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	DeleteAccessAssignment	The operation that you want to perform. Set the value to DeleteAccessAssignment.
DirectoryId	String	Yes	d-00fc2p61****	The ID of the directory.
AccessConfigurationId	String	Yes	ac-00jhtfl8thteu6uj****	The ID of the access configuration.
TargetType	String	Yes	RD-Account	The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.
TargetId	String	Yes	114240524784****	The ID of the task object.
PrincipalType	String	Yes	User	The type of the CloudSSO identity. Valid values: User Group
PrincipalId	String	Yes	u-00q8wbq42wiltcrk****	The ID of the CloudSSO identity. If you set `PrincipalType` to `User`, set `PrincipalId` to the ID of the CloudSSO user. If you set `PrincipalType` to `Group`, set `PrincipalId` to the ID of the CloudSSO group.
DeprovisionStrategy	String	No	None	Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. The access configuration is used to assign the access permissions, and the identity is the only one that uses the access configuration and is associated with the account. Valid values: DeprovisionForLastAccessAssignmentOnAccount: de-provisions the access configuration. None: does not de-provision the access configuration. This is the default value.

For more information about common request parameters, see Common parameters.

Response parameters


Parameter	Type	Example	Description
Task	Object		The information about the task.
Status	String	InProgress	The status of the task. Valid values: InProgress: The task is running. Success: The task is successful. Failed: The task failed.
TaskId	String	t-shfqw1u1edszvxw5****	The ID of the task.
PrincipalId	String	u-00q8wbq42wiltcrk****	The ID of the CloudSSO identity.
TargetPath	String	rd-3G**/r-Wm/114240524784**	The path ID of the task object in the resource directory.
PrincipalName	String	Alice	The name of the CloudSSO identity.
TargetName	String	dev-test	The name of the task object.
TargetId	String	114240524784****	The ID of the task object.
AccessConfigurationName	String	ECS-Admin	The name of the access configuration.
TargetPathName	String	rd-3G****/root/dev-test	The path name of the task object in the resource directory.
TaskType	String	DeleteAccessAssignment	The type of the task. The value is fixed as DeleteAccessAssignment, which indicates that access permissions on an account in your resource directory are removed.
TargetType	String	RD-Account	The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.
AccessConfigurationId	String	ac-00jhtfl8thteu6uj****	The ID of the access configuration.
PrincipalType	String	User	The type of the CloudSSO identity. Valid values: User Group
RequestId	String	5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007	The ID of the request.

Examples

Sample requests

https://[Endpoint]/?Action=DeleteAccessAssignment
&DirectoryId=d-00fc2p61****
&AccessConfigurationId=ac-00jhtfl8thteu6uj****
&TargetType=RD-Account
&TargetId=114240524784****
&PrincipalType=User
&PrincipalId=u-00q8wbq42wiltcrk****
&DeprovisionStrategy=None
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DeleteAccessAssignmentResponse>
    <Task>
        <Status>InProgress</Status>
        <TaskId>t-shfqw1u1edszvxw5****</TaskId>
        <PrincipalId>u-00q8wbq42wiltcrk****</PrincipalId>
        <TargetPath>rd-3G****/r-Wm****/114240524784****</TargetPath>
        <PrincipalName>Alice</PrincipalName>
        <TargetName>dev-test</TargetName>
        <TargetId>114240524784****</TargetId>
        <AccessConfigurationName>ECS-Admin</AccessConfigurationName>
        <TargetPathName>rd-3G****/root/dev-test</TargetPathName>
        <TaskType>DeleteAccessAssignment</TaskType>
        <TargetType>RD-Account</TargetType>
        <AccessConfigurationId>ac-00jhtfl8thteu6uj****</AccessConfigurationId>
        <PrincipalType>User</PrincipalType>
    </Task>
    <RequestId>5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007</RequestId>
</DeleteAccessAssignmentResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Task" : {
    "Status" : "InProgress",
    "TaskId" : "t-shfqw1u1edszvxw5****",
    "PrincipalId" : "u-00q8wbq42wiltcrk****",
    "TargetPath" : "rd-3G****/r-Wm****/114240524784****",
    "PrincipalName" : "Alice",
    "TargetName" : "dev-test",
    "TargetId" : "114240524784****",
    "AccessConfigurationName" : "ECS-Admin",
    "TargetPathName" : "rd-3G****/root/dev-test",
    "TaskType" : "DeleteAccessAssignment",
    "TargetType" : "RD-Account",
    "AccessConfigurationId" : "ac-00jhtfl8thteu6uj****",
    "PrincipalType" : "User"
  },
  "RequestId" : "5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007"
}

Error codes

For a list of error codes, visit the API Error Center.