All Products
Search

This Product

    Resource Access Management:Call examples of RAM SDK for Python

    Document Center

    Resource Access Management:Call examples of RAM SDK for Python

    Last Updated:Dec 02, 2025

    This topic describes how to use Resource Access Management (RAM) SDK for Python to call the GetRole operation to query the details of a specific RAM role.

    Step 1: View the API documentation

    To query the details of a specific RAM role, call the GetRole operation. For more information, see List of operations by function. For more information about the information and permissions that are required to call this operation, see GetRole. You can obtain information such as request parameters and permissions in the API reference.

    Step 2: Create a RAM user and grant permissions to the RAM user

    Identities

    You can use an Alibaba Cloud account, a RAM user, or a RAM role to call this operation. For more information about the differences among the identities, see Identity.

    In this example, a RAM user is used to call this operation.

    Log on to the RAM console and create a RAM user. For more information about how to create a RAM user, see Create a RAM user.

    Credentials

    Go to the details page of the RAM user. In the AccessKey section of the Authentication tab, click Create AccessKey to create an AccessKey pair. For more information, see Create an AccessKey pair.

    Important

    The AccessKey secret of a RAM user is displayed only when the RAM user is created. You cannot view the AccessKey secret after the RAM user is created. Store the AccessKey secret in a secure location.

    Authorization

    1. Go to the Users page in the RAM console, find the RAM user that you want to manage, and click Add Permissions in the Actions column.

    2. Enter the keyword ram in the search box of the Policy section and select a policy based on the principle of least privilege.

      • AliyunRAMFullAccess: grants the required permissions to manage RAM.

      • AliyunRAMReadOnlyAccess: grants read-only permissions on RAM.

      Note

      If system policies do not meet your requirements, you can create a custom policy. For more information, see Create custom policies and RAM authorization.

      In this example, the AliyunRAMReadOnlyAccess system policy is selected.

    3. Click Grant permissions to complete the authorization.

    Step 3: Call the operation

    In this topic, RAM SDK for Python is used to call this operation. You can use SDKs for other programming languages in a similar way. For more information, see RAM SDKs. In addition to ROS SDK, you can use other methods based on your business requirements to call the operation. For more information, see Overview.

    Prepare a Python environment

    Download and install Python 3.

    After you install Python 3, run the python3 --version command in the terminal to check the version of Python 3.

    Configure environment variables

    In this example, environment variables are configured to manage the AccessKey pair and prevent security risks that are caused by hard-coding the AccessKey pair into your business code. For more information, see Configure environment variables in Linux, macOS, and Windows.

    Download the sample code

    1. In OpenAPI Explorer, call the GetRole operation.

    2. Specify the request parameters, click Initiate Call, and then check whether the call is successful.

    3. On the Python tab of the SDK Sample Code tab, click Download Project to download the sample code package of RAM SDK for Python.

    4. Decompress the sample code package on your computer and go to the alibabacloud_sample directory.

    Install dependencies

    It is recommended to create a virtual Python environment within your project directory and install the dependencies inside that environment.

    Bash

    cd alibabacloud_sample
# Create virtual environment
python3 -m venv .venv
# Activate virtual environment
source .venv/bin/activate
# Install dependencies
pip install alibabacloud_credentials
pip install alibabacloud_ram20150501
pip install alibabacloud_tea_console

    PowerShell

    cd alibabacloud_sample
# Create virtual environment
python3 -m venv .venv
# Activate virtual environment
.\.venv\Scripts\Activate.ps1
# Install dependencies
pip install alibabacloud_credentials
pip install alibabacloud_ram20150501
pip install alibabacloud_tea_console

    Run the sample code

    Run the following command:

    python3 sample.py

    The following command output is displayed:

    {
	"headers": {
		"date": "Thu, 17 Aug 2023 09:51:21 GMT",
		"content-type": "application/json;charset=utf-8",
		"content-length": "541",
		"connection": "keep-alive",
		"keep-alive": "timeout=25",
		"access-control-allow-origin": "*",
		"access-control-expose-headers": "*",
		"x-acs-request-id": "7970371F-BADA-50A5-AA51-30E80A994F98",
		"x-acs-trace-id": "6853c1607c7a59f156b84f77926df218",
		"etag": "59sNsxjTg3R+qgFD/KOl/tQ1"
	},
	"statusCode": 200,
	"body": {
		"RequestId": "7970371F-BADA-50A5-AA51-30E80A994F98",
		"Role": {
			"Arn": "acs:ram::151266687691****:role/test",
			"AssumeRolePolicyDocument": "{\n    \"Statement\": [{\n            \"Action\": \"sts:AssumeRole\",\n            \"Effect\": \"Allow\",\n            \"Principal\": {\"Service\": [\"fc.aliyuncs.com\"]}}],\n    \"Version\": \"1\"}",
			"CreateDate": "2020-10-21T06:41:25Z",
			"Description": "Service Role for FC to operate other resource",
			"MaxSessionDuration": 3600,
			"RoleId": "32852457160891****",
			"RoleName": "test",
			"UpdateDate": "2020-10-21T06:41:25Z"
		}
	}
}