Use GetSecurityPreference to query the global security preferences of a RAM user.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
ram:GetSecurityPreference |
get |
*All Resource
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
No parameters required.
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The returned data. |
||
| SecurityPreference |
object |
The security preferences. |
|
| AccessKeyPreference |
object |
The AccessKey preferences. |
|
| AllowUserToManageAccessKeys |
boolean |
Specifies whether RAM users can manage their own AccessKey pairs. Valid values:
|
false |
| AllowUserToManageServiceCredentials |
boolean |
Specifies whether RAM users can manage their own API keys. Valid values:
|
false |
| LoginProfilePreference |
object |
The login preferences. |
|
| EnableSaveMFATicket |
boolean |
Specifies whether to save the multi-factor authentication (MFA) status for 7 days after a RAM user passes MFA. Valid values:
|
false |
| LoginSessionDuration |
integer |
The login session duration for RAM users, in hours. |
6 |
| LoginNetworkMasks |
string |
The login network mask. |
10.0.0.0/8 |
| AllowUserToChangePassword |
boolean |
Specifies whether RAM users can manage their own passwords. Valid values:
|
true |
OperationForRiskLogin
deprecated
|
string |
Specifies whether to require multi-factor authentication (MFA) for secondary authentication during a risky logon. Valid values:
|
autonomous |
| MFAOperationForLogin |
string |
Specifies whether MFA is required for logon. This parameter replaces
|
adaptive |
| AllowUserToLoginWithPasskey |
boolean |
Specifies whether RAM users can log in with passkeys. Valid values:
|
true |
| MFAPreference |
object |
The MFA preferences. |
|
| AllowUserToManageMFADevices |
boolean |
Specifies whether RAM users can manage their own MFA devices. Valid values:
|
false |
| VerificationPreference |
object |
The preferences for MFA methods. |
|
| VerificationTypes |
array |
The MFA methods. |
|
|
string |
The MFA method. Valid values:
|
["sms","email"] |
|
| PersonalInfoPreference |
object |
The personal information preferences. |
|
| AllowUserToManagePersonalDingTalk |
boolean |
Specifies whether RAM users can bind or unbind their personal DingTalk accounts. Valid values:
|
true |
| MaxIdleDays |
object |
The settings for the maximum idle period, in days. |
|
| MaxIdleDaysForUsers |
integer |
The maximum idle period (in days) for RAM users. If a RAM user with console login enabled remains inactive (does not log in, excluding SSO logins) for this period, their console login access is automatically disabled on the following day. The default value is 730. |
730 |
| MaxIdleDaysForAccessKeys |
integer |
The maximum idle period, in days, for a RAM user's AccessKey. If an AccessKey remains unused for this period, it is automatically disabled on the following day. The default value is 730. |
730 |
| RequestId |
string |
The request ID. |
30C9068D-FBAA-4998-9986-8A562FED0BC3 |
Examples
Success response
JSON format
{
"SecurityPreference": {
"AccessKeyPreference": {
"AllowUserToManageAccessKeys": false,
"AllowUserToManageServiceCredentials": false
},
"LoginProfilePreference": {
"EnableSaveMFATicket": false,
"LoginSessionDuration": 6,
"LoginNetworkMasks": "10.0.0.0/8",
"AllowUserToChangePassword": true,
"OperationForRiskLogin": "autonomous",
"MFAOperationForLogin": "adaptive",
"AllowUserToLoginWithPasskey": true
},
"MFAPreference": {
"AllowUserToManageMFADevices": false
},
"VerificationPreference": {
"VerificationTypes": [
"[\"sms\",\"email\"]"
]
},
"PersonalInfoPreference": {
"AllowUserToManagePersonalDingTalk": true
},
"MaxIdleDays": {
"MaxIdleDaysForUsers": 730,
"MaxIdleDaysForAccessKeys": 730
}
},
"RequestId": "30C9068D-FBAA-4998-9986-8A562FED0BC3"
}
Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.