All Products
Search

This Product

    Resource Access Management:Example of using IMS API

    Document Center

    Resource Access Management:Example of using IMS API

    Last Updated:Oct 11, 2023

    This topic describes how to call an Identity Management Service (IMS) operation to query the details of a specific Resource Access Management (RAM) user.

    Step 1: View the API documentation

    To query the details of a specific RAM user, call the GetUser operation. For more information, see List of operations by function. For more information about the information and permissions that are required to call this operation, see GetUser. You can obtain information such as request parameters and permissions in the API reference.

    Step 2: Create a RAM user and grant permissions to the RAM user

    Identities

    You can use an Alibaba Cloud account, a RAM user, or a RAM role to call this operation. For information about the differences among the three methods, see the "Identity, credential, and authorization" section of the Overview topic.

    In this example, a RAM user is used to call this operation.

    Log on to the RAM console and create a RAM user. For more information, see Create a RAM user.

    Credentials

    Go to the details page of the RAM user. In the User AccessKeys section of the Authentication tab, click Create AccessKey to create an AccessKey pair. For more information, see Create an AccessKey pair.

    Important

    The AccessKey secret of a RAM user is displayed only when the RAM user is created. You cannot view the AccessKey secret after the RAM user is created. Store the AccessKey secret in a secure location.

    Authorization

    1. On the Users page in the RAM console, find the RAM user that you want to manage and click Add Permissions in the Actions column.

    2. Enter the keyword ram in the search box and select the required system policy.

      • AliyunRAMFullAccess: grants the required permissions to manage RAM.

      • AliyunRAMReadOnlyAccess: grants read-only permissions on RAM.

      Note

      If system policies do not meet your requirements, you can create a custom policy. For more information, see Create a custom policy and RAM authorization.

      In this example, the AliyunRAMReadOnlyAccess system policy is selected.

    3. Click OK to complete the authorization.

    Step 3: Call the operation

    In this example, IMS SDK for Python is used to call this operation. You can use SDKs for other programming languages in a similar way. For more information, see IMS SDKs. You can use other methods to call operations based on your business requirements. For more information, see Overview.

    Prepare a Python environment

    Download and install Python 3.

    After you install Python 3, enter python --version in the terminal to check the version of Python 3.

    Configure environment variables

    In this example, environment variables are configured to manage the AccessKey pair and prevent security risks that are caused by hard-coding the AccessKey pair into your business code.

    • Linux and macOS

      Replace <access_key_id> and <access_key_secret> in the following command with your actual AccessKey ID and AccessKey secret. 

      • export ALIBABA_CLOUD_ACCESS_KEY_ID=<access_key_id>
export ALIBABA_CLOUD_ACCESS_KEY_SECRET=<access_key_secret>

    • Windows

      Create the following system environment variables: ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET. Set the ALIBABA_CLOUD_ACCESS_KEY_ID variable to your actual AccessKey ID and the ALIBABA_CLOUD_ACCESS_KEY_SECRET variable to your actual AccessKey secret. Then, restart the Windows operating system.

    Install dependencies

    pip install alibabacloud_credentials
pip install alibabacloud_ims20190815==3.0.1
pip install alibabacloud_tea_console

    Download the sample code

    1. In OpenAPI Explorer, call the GetUser operation.

    2. Enter the request parameters and click Initiate Call to check whether the debugging is successful.

    3. On the Python tab of the SDK Sample Code tab, click Download Project to download the sample code package of IMS SDK for Python.

    4. Decompress the sample code package on your computer and go to the alibabacloud_sample directory.

    Run the sample code

    Run the following command:

    python sample.py

    The following command output is displayed:

    {
	"headers": {
		"date": "Thu, 17 Aug 2023 09:07:54 GMT",
		"content-type": "application/json;charset=utf-8",
		"content-length": "344",
		"connection": "keep-alive",
		"keep-alive": "timeout=25",
		"access-control-allow-origin": "*",
		"access-control-expose-headers": "*",
		"x-acs-request-id": "CCDC0D83-7A3E-59F1-9A27-F04F267591DB",
		"x-acs-trace-id": "d98639642df3407007b84a6dc3f8bb0f",
		"etag": "316nsRQdGEB/4H8NITW6C/w4"
	},
	"statusCode": 200,
	"body": {
		"RequestId": "CCDC0D83-7A3E-59F1-9A27-F04F267591DB",
		"User": {
			"Comments": "This is a cloud computing engineer.",
			"CreateDate": "2021-05-06T07:37:48Z",
			"DisplayName": "vpc-dev",
			"Email": "",
			"LastLoginDate": "2022-05-06T07:37:48Z",
			"MobilePhone": "",
			"ProvisionType": "Manual",
			"Tags": {
				"Tag": []
			},
			"UpdateDate": "2021-05-06T07:37:48Z",
			"UserId": "22718132028666****",
			"UserPrincipalName": "vpc-dev@151266687691****.onaliyun.com"
		}
	}
}