ListUsers - Identity as a Service - Alibaba Cloud Documentation Center

Queries a paginated list of EIAM accounts.

Operation description

This operation queries only applications that are directly assigned to an organization. You can use the ApplicationIds parameter to filter the applications.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eiam:ListUsers

list

*User

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/user/*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the instance.	idaas_ue2jvisn35ea5lmthk267xxxxx
PageNumber	integer	No	The page number. The default value is 1.	1
PageSize	integer	No	The number of entries per page. The default value is 20. The maximum value is 100.	20
UserIds	array	No	A list of account IDs.
	string	No	The account ID.	user_d6sbsuumeta4h66ec3il7yxxxx
UsernameStartsWith	string	No	The prefix of the username. The system performs a prefix-based search using this parameter.	name_001
DisplayNameStartsWith	string	No	The prefix of the account's display name. The system performs a prefix-based search using this parameter.	name
PhoneRegion	string	No	The country code for the mobile phone number. For example, the country code for the Chinese mainland is 86. Do not prefix the code with 00 or a plus sign (+).	86
PhoneNumber	string	No	The mobile phone number of the account.	156xxxxxxx
Email	string	No	The email address of the account.	user@example.com
UserExternalId	string	No	The external ID. This ID is used to map data from an external source to the IDaaS account. Note: The external ID must be unique for the same source type and source ID.	id_wovwffm62xifdziem7an7xxxxx
UserSourceId	string	No	The source ID of the account. For a self-built account, the default value is the instance ID. For other account types, this parameter is the enterprise ID from the source. For example, for an account from DingTalk, this parameter is the corpId of the DingTalk enterprise.	idaas_ue2jvisn35ea5lmthk267xxxxx
UserSourceType	string	No	The source type of the account. Valid values: build_in: The account is created in IDaaS. ding_talk: The account is imported from DingTalk. ad: The account is imported from Active Directory (AD). ldap: The account is imported from LDAP. we_com: The account is imported from WeCom.	build_in
Status	string	No	The status of the account. Valid values: enabled: The account is enabled. disabled: The account is disabled.	enable
OrganizationalUnitId	string	No	The ID of the organization.	ou_wovwffm62xifdziem7an7xxxxx

Response elements

Element	Type	Description	Example
	object	The response object.
RequestId	string	The request ID.	0441BD79-92F3-53AA-8657-F8CE4A2B912A
TotalCount	integer	The total number of entries returned.	100
Users	array<object>	The list of accounts.
	object	The information about the account.
UserId	string	The account ID.	user_d6sbsuumeta4h66ec3il7yxxxx
Username	string	The username.	name001
DisplayName	string	The display name of the account.	display_name001
PasswordSet	boolean	Indicates whether a password is set.	false
PhoneRegion	string	The country code for the mobile phone number. For example, the country code for the Chinese mainland is 86. Do not prefix the code with 00 or a plus sign (+).	86
PhoneNumber	string	The mobile phone number of the account.	156xxxxxxx
PhoneNumberVerified	boolean	Indicates whether the mobile phone number is verified. A value of true indicates that the mobile phone number is verified by the user or set as verified by an administrator. A value of false indicates that the mobile phone number is not verified.	true
Email	string	The email address of the account.	user@example.com
EmailVerified	boolean	Indicates whether the email address is verified. A value of true indicates that the email address is verified by the user or set as verified by an administrator. A value of false indicates that the email address is not verified.	true
UserExternalId	string	The external ID of the account. This ID is used to map data from an external source to the IDaaS account. By default, this parameter uses the IDaaS account ID. Note: The external ID must be unique for the same source type and source ID.	user_d6sbsuumeta4h66ec3il7yxxxx
UserSourceType	string	The source of the account. Valid values: build_in: The account is created in IDaaS. ding_talk: The account is imported from DingTalk. ad: The account is imported from AD. ldap: The account is imported from LDAP.	build_in
UserSourceId	string	The source ID of the account. For a self-built account, the default value is the instance ID. For other account types, this parameter is the enterprise ID from the source. For example, for an account from DingTalk, this parameter is the corpId of the DingTalk enterprise.	idaas_ue2jvisn35ea5lmthk267xxxxx
Status	string	The status of the account. Valid values: enabled: The account is enabled. disabled: The account is disabled.	enabled
AccountExpireTime	integer	The time when the account expires. This value is a UNIX timestamp that is measured in milliseconds.	1652085686179
PasswordExpireTime	integer	The time when the password expires. This value is a UNIX timestamp that is measured in milliseconds.	1652085686179
RegisterTime	integer	The time when the account was registered. This value is a UNIX timestamp that is measured in milliseconds.	1652085686179
LockExpireTime	integer	The time when the account lock expires. This value is a UNIX timestamp that is measured in milliseconds.	1652085686179
CreateTime	integer	The time when the account was created. This value is a UNIX timestamp that is measured in milliseconds.	1652085686179
UpdateTime	integer	The time when the account was last updated. This value is a UNIX timestamp that is measured in milliseconds.	1652085686179
Description	string	The description of the account.	xxxx
InstanceId	string	The ID of the instance.	idaas_ue2jvisn35ea5lmthk267xxxxx

Examples

Success response

JSON format

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "TotalCount": 100,
  "Users": [
    {
      "UserId": "user_d6sbsuumeta4h66ec3il7yxxxx",
      "Username": "name001",
      "DisplayName": "display_name001",
      "PasswordSet": false,
      "PhoneRegion": "86",
      "PhoneNumber": "156xxxxxxx",
      "PhoneNumberVerified": true,
      "Email": "user@example.com",
      "EmailVerified": true,
      "UserExternalId": "user_d6sbsuumeta4h66ec3il7yxxxx",
      "UserSourceType": "build_in",
      "UserSourceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
      "Status": "enabled",
      "AccountExpireTime": 1652085686179,
      "PasswordExpireTime": 1652085686179,
      "RegisterTime": 1652085686179,
      "LockExpireTime": 1652085686179,
      "CreateTime": 1652085686179,
      "UpdateTime": 1652085686179,
      "Description": "xxxx",
      "InstanceId": "idaas_ue2jvisn35ea5lmthk267xxxxx"
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.