Call GetUser to query account details - Identity as a Service

Retrieves the details of an account in Identity as a Service (IDaaS) Employee IAM (EIAM).

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eiam:GetUser

get

*User

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/user/{#UserId}

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the instance.	idaas_ue2jvisn35ea5lmthk267xxxxx
UserId	string	Yes	The ID of the account.	user_d6sbsuumeta4h66ec3il7yxxxx

Response elements

Element	Type	Description	Example
	object	The response data.
RequestId	string	The ID of the request.	0441BD79-92F3-53AA-8657-F8CE4A2B912A
User	object	The data object of the account.
UserId	string	The ID of the account.	user_d6sbsuumeta4h66ec3il7yxxxx
Username	string	The username of the account.	name001
DisplayName	string	The display name of the account.	display_name001
PasswordSet	boolean	Indicates whether a password is set.	false
PhoneRegion	string	The country code of the mobile number. For example, the country code of China is 86 without 00 or +.	86
PhoneNumber	string	The mobile number of the user who owns the account.	156xxxxxxx
PhoneNumberVerified	boolean	Indicates whether the mobile number has been verified. A value of true indicates that the mobile number has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the mobile number has not been verified.	true
Email	string	The email address of the user who owns the account.	user@example.com
EmailVerified	boolean	Indicates whether the email address has been verified. A value of true indicates that the email address has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the email address has not been verified.	true
UserExternalId	string	The external ID of the account. The external ID can be used by external data to map the data of the account in IDaaS EIAM. By default, the external ID is the account ID. For accounts with the same source type and source ID, each account has a unique external ID.	user_d6sbsuumeta4h66ec3il7yxxxx
UserSourceType	string	The source type of the account. Valid values: build_in: The account was created in IDaaS. ding_talk: The account was imported from DingTalk. ad: The account was imported from Microsoft Active Directory (AD). ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.	build_in
UserSourceId	string	The source ID of the account. If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.	idaas_ue2jvisn35ea5lmthk267xxxxx
Status	string	The status of the account. Valid values: enabled: The account is enabled. disabled: The account is disabled.	enabled
AccountExpireTime	integer	The time when the account expires. This value is a UNIX timestamp. Unit: milliseconds.	1652085686179
PasswordExpireTime	integer	The time when the password of the account expires. This value is a UNIX timestamp. Unit: milliseconds. If the value -1 is returned, the password does not expire. If no value is returned, the password does not expire. If a UNIX timestamp is returned, the password expires at the indicated point of time.	1652085686179
RegisterTime	integer	The time when the account was registered. This value is a UNIX timestamp. Unit: milliseconds.	1652085686179
LockExpireTime	integer	The time when the account lock expires. This value is a UNIX timestamp. Unit: milliseconds.	1652085686179
CreateTime	integer	The time when the account was created. This value is a UNIX timestamp. Unit: milliseconds.	1652085686179
UpdateTime	integer	The time when the account was last updated. The value is a UNIX timestamp. Unit: milliseconds.	1652085686179
Description	string	The description of the account.	Test account
OrganizationalUnits	array<object>	The organizational units to which the account belongs.
	object	The data object of the organizational unit.
OrganizationalUnitId	string	The ID of the organizational unit.	ou_wovwffm62xifdziem7an7xxxxx
OrganizationalUnitName	string	The name of the organizational unit.	test_ou_name
Primary	boolean	Indicates whether the organization is the primary organization.	true
PrimaryOrganizationalUnitId	string	The ID of the primary organizational unit to which the account belongs.	ou_wovwffm62xifdziem7an7xxxxx
CustomFields	array<object>	The list of custom fields that describe the account.
	object	The data object of the custom field.
FieldName	string	The identifier of the custom field.	age
FieldValue	string	The value of the custom field.	10
Groups	array<object>	The organizational units to which the account belongs.
	object
GroupId	string	The ID of the organizational unit.	group_d6sbsuumeta4h66ec3il7yxxxx
GroupName	string	The name of the organizational unit.	group_test_name
Description	string	The description of the organizational unit.	this is a test.
InstanceId	string	The ID of the instance	idaas_ue2jvisn35ea5lmthk267xxxxx
PreferredLanguage	string	Preferred language	en-US

Examples

Success response

JSON format

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "User": {
    "UserId": "user_d6sbsuumeta4h66ec3il7yxxxx",
    "Username": "name001",
    "DisplayName": "display_name001",
    "PasswordSet": false,
    "PhoneRegion": "86",
    "PhoneNumber": "156xxxxxxx",
    "PhoneNumberVerified": true,
    "Email": "user@example.com",
    "EmailVerified": true,
    "UserExternalId": "user_d6sbsuumeta4h66ec3il7yxxxx",
    "UserSourceType": "build_in",
    "UserSourceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
    "Status": "enabled",
    "AccountExpireTime": 1652085686179,
    "PasswordExpireTime": 1652085686179,
    "RegisterTime": 1652085686179,
    "LockExpireTime": 1652085686179,
    "CreateTime": 1652085686179,
    "UpdateTime": 1652085686179,
    "Description": "Test account",
    "OrganizationalUnits": [
      {
        "OrganizationalUnitId": "ou_wovwffm62xifdziem7an7xxxxx",
        "OrganizationalUnitName": "test_ou_name",
        "Primary": true
      }
    ],
    "PrimaryOrganizationalUnitId": "ou_wovwffm62xifdziem7an7xxxxx",
    "CustomFields": [
      {
        "FieldName": "age",
        "FieldValue": "10"
      }
    ],
    "Groups": [
      {
        "GroupId": "group_d6sbsuumeta4h66ec3il7yxxxx",
        "GroupName": "group_test_name",
        "Description": "this is a test."
      }
    ],
    "InstanceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
    "PreferredLanguage": "en-US"
  }
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.