All Products
Search
Document Center

ApsaraDB RDS:DescribeAccounts

Last Updated:May 22, 2024

Queries the details about the accounts that are created on an ApsaraDB RDS instance.

Operation description

Supported database engines

  • RDS MySQL
  • RDS PostgreSQL
  • RDS SQL Server
  • RDS MariaDB

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
rds:DescribeAccountsRead
  • DBInstance
    acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
  • rds:ResourceTag
none

Request parameters

ParameterTypeRequiredDescriptionExample
DBInstanceIdstringYes

The instance ID. You can call the DescribeDBInstances operation to query the instance ID.

Note This parameter is not supported for RDS instances that run SQL Server 2017 on RDS Cluster Edition.
rm-uf6wjk5*****
AccountNamestringNo

The name of the database account.

test1
PageSizeintegerNo

The number of entries to return on each page. Valid value: 30 to 200. Default value: 30.

30
PageNumberintegerNo

The page number. Default value: 1. Valid values: any non-zero positive integer.

1

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

SystemAdminAccountStatusstring

Indicates whether the system admin account was enabled. Valid values:

  • true: The system admin account was enabled.
  • false: The system admin account was disabled.
Note The system admin account is supported only for the instances that run SQL Server. If the instance runs SQL Server, a value is returned for this parameter. If the instance runs a different database engine, no value is returned for this parameter.
True
SystemAdminAccountFirstActivationTimestring

The first time when the system admin account was enabled. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

Note This parameter is returned only for instances that run SQL Server.
2020-02-06T11:00:00Z
PageNumberinteger

The page number.

1
RequestIdstring

The request ID.

A2E94301-D07F-4457-9B49-6AA2BB388C85
TotalRecordCountinteger

The total number of entries that are returned.

1
Accountsobject []

The details about the account.

AccountStatusstring

The status of the account. Valid values:

  • Unavailable
  • Available
Available
AccountDescriptionstring

The description of the account.

Test account
DBInstanceIdstring

The ID of the instance to which the account belongs.

rm-uf6wjk5*****
PrivExceededstring

Indicates whether the number of databases that are managed by the account exceeds the upper limit. Valid values:

  • 1: The number of databases that are managed by the account exceeds the upper limit.
  • 0: The number of databases that are managed by the account does not exceed the upper limit.
0
AccountTypestring

The type of the account. Valid values:

  • Normal: standard account
  • Super: privileged account
  • Sysadmin: system admin account, which is supported only for instances running SQL Server
Normal
AccountNamestring

The name of the database account.

test1
DatabasePrivilegesobject []

The details about the permissions that are granted to the account.

DBNamestring

The name of the database.

test1
AccountPrivilegestring

The type of the permissions. Valid values:

  • ReadWrite: read and write permissions.
  • ReadOnly: read-only permissions.
  • DDLOnly: DDL-only permissions.
  • DMLOnly: DML-only permissions.
  • Custom: custom permissions. You can modify the permissions of the account by using SQL commands.
ReadWrite
AccountPrivilegeDetailstring

The permissions that are granted to the account. For more information, see Account permissions.

SELECT,INSERT
ValidUntilstring

The expiration time of the password. Valid values:

  • infinity: The password never expires.
  • Empty: The expiration time is not specified.
  • Actual expiration time: in the format of yyyy-MM-ddTHH:mm:ssZ in UTC. Example: 2022-10-01T00:00:00Z.
Note This parameter is returned only for instances that run PostgreSQL.
2022-10-01T00:00:00Z
CreateDBstring

Indicates whether the account has the permissions to create databases. Valid values:

  • t: The account has the permissions to create databases.
  • f: The account does not have the permissions to create databases.
Note This parameter is returned only for instances that run PostgreSQL.
t
Replicationstring

Indicates whether the account has the replication permissions. Valid values:

  • t: The account has the replication permissions.
  • f: The account does not have the replication permissions.
Note This parameter is returned only for instances that run PostgreSQL.
t
CreateRolestring

Indicates whether the account has the permissions to create roles. Valid values:

  • t: The account has the permissions to create roles.
  • f: The account does not have the permissions to create roles.
Note This parameter is returned only for instances that run PostgreSQL.
t
BypassRLSstring

Indicates whether the account has the row-level security (RLS) permissions. Valid values:

  • t: The account has the RLS permissions.
  • f: The account does not have the RLS permissions.
Note This parameter is returned only for instances that run PostgreSQL.
f

Examples

Sample success responses

JSONformat

{
  "SystemAdminAccountStatus": "True",
  "SystemAdminAccountFirstActivationTime": "2020-02-06T11:00:00Z",
  "PageNumber": 1,
  "RequestId": "A2E94301-D07F-4457-9B49-6AA2BB388C85",
  "TotalRecordCount": 1,
  "Accounts": {
    "DBInstanceAccount": [
      {
        "AccountStatus": "Available",
        "AccountDescription": "Test account\n",
        "DBInstanceId": "rm-uf6wjk5*****",
        "PrivExceeded": "0",
        "AccountType": "Normal",
        "AccountName": "test1",
        "DatabasePrivileges": {
          "DatabasePrivilege": [
            {
              "DBName": "test1",
              "AccountPrivilege": "ReadWrite",
              "AccountPrivilegeDetail": "SELECT,INSERT"
            }
          ]
        },
        "ValidUntil": "2022-10-01T00:00:00Z",
        "CreateDB": "t",
        "Replication": "t",
        "CreateRole": "t",
        "BypassRLS": "f"
      }
    ]
  }
}

Error codes

HTTP status codeError codeError messageDescription
400IO.ExceptionIO exception, retry later.An I/O error occurred.
400Database.ConnectErrorDatabase connect error. please check instance status and database processlistA database connection error occurred. Check the instance state and the database connection pool.
400InvalidDBInstanceStatus.NotSupportThe Specified instance status is not supported to query account list.-
400InvalidEngine.MalformedSpecified engine is not valid.The database engine is invalid. Specify a valid database engine.
400Account.QueryErrorQuery Account failed, please check your input value.Failed to query the account. Check the specified parameters.
400SqlExcutionFailedDatabase is already open and can only have one user at a time.-
403IncorrectDBInstanceStateCurrent DB instance state does not support this operation.-
404InvalidDBInstanceName.NotFoundThe database instance does not exist.The name of the RDS instance cannot be found. Check the name of the RDS instance.
404IncorrectDBInstanceLockModeCurrent DB instance lock mode does not support this operation.The operation failed. The RDS instance is locked.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-09-08The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change
    delete Error Codes: 403
    delete Error Codes: 404
2023-03-24The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change
    delete Error Codes: 403
    delete Error Codes: 404
2022-10-28The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change
    Added Error Codes: 403
    Added Error Codes: 404
2022-09-15The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
Output ParametersThe response structure of the API has changed.
2022-09-15The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
Output ParametersThe response structure of the API has changed.
2022-07-08The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change