DecodeDiagnosticMessage
Decodes the permission diagnostic information from the response body of a request that was denied due to missing RAM permissions.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
ram:DecodeDiagnosticMessage |
get |
*All Resource
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| EncodedDiagnosticMessage |
string |
No |
The encoded diagnostic message obtained from the |
AQEAAAAAZBgxr0U1MjA1NTM1LUM4BBktMzE5RS1CODgxLUU1QTI0RDNFQTM1**** |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The response. |
||
| RequestId |
string |
The request ID. |
D2331703-AADF-5564-BA9B-26CD51A33BA0 |
| DecodedDiagnosticMessage |
object |
The decoded diagnostic message. |
|
| ExplicitDeny |
boolean |
Indicates whether the denial is explicit. Valid values:
|
true |
| NoPermissionPolicyType |
string |
The policy type that caused the permission denial. Valid values:
|
AccountLevelIdentityBasedPolicy |
| AuthAction |
string |
The action used for authentication in the user request. |
ram:DecodeDiagnosticMessage |
| AuthResource |
string |
The resource used for authentication in the user request. |
* |
| AuthPrincipal |
object |
The principal used for authentication in the user request. |
|
| AuthPrincipalType |
string |
The identity type used for authentication in the user request. Valid values:
|
SubUser |
| AuthPrincipalOwnerId |
string |
The Alibaba Cloud account UID of the identity used for authentication in the user request. |
196813200012**** |
| AuthPrincipalDisplayName |
string |
The identity identifier used for authentication in the user request, as follows:
|
28877424437521**** |
| AuthConditions |
array<object> |
The list of conditions used for authentication in the user request. |
|
|
object |
An authentication condition. |
||
| ConditionKey |
string |
The key of the authentication condition. |
acs:SourceIp |
| ConditionValues |
array |
The list of values corresponding to the authentication condition key. |
|
|
string |
A condition value corresponding to the authentication condition key. |
172.16.215.218 |
|
| MatchedPolicies |
array<object> |
The list of policies matched during authentication. |
|
|
object |
A policy matched during authentication. |
||
| Effect |
string |
The policy effect. Valid values:
|
Deny |
| PolicyIdentifier |
string |
The policy name, as follows:
|
MyPolicyName |
| PolicyType |
string |
The policy type. Valid values:
|
Custom |
| PolicyVersion |
string |
The policy version number. Note
Only custom policies have version numbers. |
v1 |
| AttachedEntityType |
string |
The entity type to which the policy is attached. Valid values:
|
RamUser |
| AttachedScope |
string |
The scope to which the policy is attached. Valid values:
|
Account |
Examples
Success response
JSON format
{
"RequestId": "D2331703-AADF-5564-BA9B-26CD51A33BA0",
"DecodedDiagnosticMessage": {
"ExplicitDeny": true,
"NoPermissionPolicyType": "AccountLevelIdentityBasedPolicy",
"AuthAction": "ram:DecodeDiagnosticMessage",
"AuthResource": "*",
"AuthPrincipal": {
"AuthPrincipalType": "SubUser",
"AuthPrincipalOwnerId": "196813200012****",
"AuthPrincipalDisplayName": "28877424437521****"
},
"AuthConditions": [
{
"ConditionKey": "acs:SourceIp",
"ConditionValues": [
"172.16.215.218"
]
}
],
"MatchedPolicies": [
{
"Effect": "Deny",
"PolicyIdentifier": "MyPolicyName",
"PolicyType": "Custom",
"PolicyVersion": "v1",
"AttachedEntityType": "RamUser",
"AttachedScope": "Account"
}
]
}
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | NotSupport | This method can only be invoked by customer, sub user and assumed role user. | |
| 400 | EncodedMessageExpire | The EncodedDiagnosticMessage is expired. | |
| 403 | NoPermission | You do not have the required permissions. | |
| 404 | SearchInaccurate | The search result is inaccurate, please retry later. | |
| 404 | EntityNotExist | The specific DecodedDiagnosticMessage cannot be found. | |
| 429 | TooManyRequests | Too many search requests at same time, please retry later. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.