All Products
Search
Document Center

Identity as a Service:GetConditionalAccessPolicy

Last Updated:Apr 14, 2025
This topic is generated by a machine translation engine without any human intervention. ALIBABA CLOUD DOES NOT GUARANTEE THE ACCURACY OF MACHINE TRANSLATED CONTENT. To request a human-translated version of this topic or provide feedback on this translation, please include it in the feedback form.

Get Conditional Access Policy

Operation description

Query Conditional Access Policy

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • For mandatory resource types, indicate with a prefix of * .
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
eiam:GetConditionalAccessPolicyget
*ConditionalAccessPolicy
acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/conditionalaccesspolicy/{#ConditionalAccessPolicyId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
InstanceIdstringYes

Instance ID.

idaas_ue2jvisn35ea5lmthk267xxxxx
ConditionalAccessPolicyIdstringYes

Conditional Access Policy ID

cap_11111

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

Request ID.

0441BD79-92F3-53AA-8657-F8CE4A2B912A
ConditionalAccessPolicyobject

Details of the conditional access policy

InstanceIdstring

Instance ID

idaas_qnx6fbrinlecptl5hld23lfkvy
ConditionalAccessPolicyIdstring

Conditional Access Policy ID

cp_xxxxx
ConditionalAccessPolicyNamestring

Conditional Access Policy Name

My Policy
Descriptionstring

Description of the conditional access policy

ga access port for ecs: internal-cn-hangzhou-docker-builder-2(i-bp19g1pheaailkk1xvr6)
ConditionalAccessPolicyTypestring

Type of the conditional access policy

arn:alibaba:idaas:authn:access:policy:system
Statusstring

Enable or disable status of the conditional access policy

enabled
DecisionTypestring

Execution type of the conditional access policy

enforcement
EvaluateAtstring

Execution point of the conditional access policy

arn:alibaba:idaas:authn:access:rule:eval_at:after_step1
DecisionConfigobject

Action of the conditional access policy

Effectstring

Decision action of the conditional access policy

allow
MfaTypestring

MFA authentication type of the conditional access policy

directly_access
MfaAuthenticationIntervalSecondslong

Re-authentication interval (in seconds) for the conditional access policy

300
MfaAuthenticationMethodsarray

Allowed MFA types for the conditional access policy

MfaAuthenticationMethodstring
ia_otp_sms
ActiveSessionReuseStatusstring

Whether to enable session reuse

enabled
ConditionsConfigobject

Conditional access policy content

Applicationsobject

Target applications of the conditional access policy

IncludeApplicationsarray

Selected applications

IncludeApplicationstring

Application ID

app_xxxx
ExcludeApplicationsarray

Excluded applications

ExcludeApplicationstring

Application ID

app_xxxx
Usersobject

Target users of the conditional access policy

IncludeUsersarray

Selected users

IncludeUserstring

User ID

user_xxxxx
ExcludeUsersarray

Excluded users

ExcludeUserstring

User ID

user_xxxxx
IncludeGroupsarray

Selected user groups

IncludeGroupstring

User group ID

group_xxxxx
ExcludeGroupsarray

Excluded user groups

ExcludeGroupstring

User group ID

group_xxxxx
IncludeOrganizationalUnitsarray

Included organizations

IncludeOrganizationalUnitstring

Organization ID

ou_xxxxx
ExcludeOrganizationalUnitsarray

Excluded organizations

ExcludeOrganizationalUnitstring

Organization ID

ou_xxxxx
NetworkZonesobject

Network zones for the conditional access policy

IncludeNetworkZonesarray

Included network zones

IncludeNetworkZonstring

Network zone ID

network_xxxxx
ExcludeNetworkZonesarray

Excluded network zones

ExcludeNetworkZonstring

Network zone ID

network_xxxxx
Priorityinteger

Priority

5
CreateTimelong

Creation time

1741857554000
LastUpdatedTimelong

Last updated time

1741857554000

Examples

Sample success responses

JSONformat

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "ConditionalAccessPolicy": {
    "InstanceId": "idaas_qnx6fbrinlecptl5hld23lfkvy",
    "ConditionalAccessPolicyId": "cp_xxxxx",
    "ConditionalAccessPolicyName": "My Policy",
    "Description": "ga access port for ecs: internal-cn-hangzhou-docker-builder-2(i-bp19g1pheaailkk1xvr6)",
    "ConditionalAccessPolicyType": "arn:alibaba:idaas:authn:access:policy:system",
    "Status": "enabled",
    "DecisionType": "enforcement",
    "EvaluateAt": "arn:alibaba:idaas:authn:access:rule:eval_at:after_step1",
    "DecisionConfig": {
      "Effect": "allow",
      "MfaType": "directly_access",
      "MfaAuthenticationIntervalSeconds": 300,
      "MfaAuthenticationMethods": [
        "ia_otp_sms"
      ],
      "ActiveSessionReuseStatus": "enabled"
    },
    "ConditionsConfig": {
      "Applications": {
        "IncludeApplications": [
          "app_xxxx"
        ],
        "ExcludeApplications": [
          "app_xxxx\n"
        ]
      },
      "Users": {
        "IncludeUsers": [
          "user_xxxxx"
        ],
        "ExcludeUsers": [
          "user_xxxxx"
        ],
        "IncludeGroups": [
          "group_xxxxx"
        ],
        "ExcludeGroups": [
          "group_xxxxx"
        ],
        "IncludeOrganizationalUnits": [
          "ou_xxxxx"
        ],
        "ExcludeOrganizationalUnits": [
          "ou_xxxxx"
        ]
      },
      "NetworkZones": {
        "IncludeNetworkZones": [
          "network_xxxxx"
        ],
        "ExcludeNetworkZones": [
          "network_xxxxx"
        ]
      }
    },
    "Priority": 5,
    "CreateTime": 1741857554000,
    "LastUpdatedTime": 1741857554000
  }
}

Error codes

For a list of error codes, visit the Service error codes.