Queries the security preferences for Resource Access Management (RAM) users.
Debugging
Request parameter
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | GetSecurityPreference | The operation that you want to perform. Set the value to GetSecurityPreference. |
For more information about common request parameters, see Common parameters.
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| SecurityPreference | Object | The details of security preferences. |
|
| AccessKeyPreference | Object | The AccessKey pair preference. |
|
| AllowUserToManageAccessKeys | Boolean | false | Specifies whether RAM users can manage their AccessKey pairs. Valid values:
|
| LoginProfilePreference | Object | The logon preference. |
|
| EnableSaveMFATicket | Boolean | false | Specifies whether to remember the multi-factor authentication (MFA) devices for seven days. Valid values:
|
| LoginSessionDuration | Integer | 6 | The validity period of the logon session of RAM users. Unit: hours. |
| LoginNetworkMasks | String | 10.0.0.0/8 | The subnet mask. |
| AllowUserToChangePassword | Boolean | true | Specifies whether RAM users can change their passwords. Valid values:
|
| OperationForRiskLogin | String | autonomous | Specifies whether to enable MFA for RAM users who initiated unusual logons. Valid values:
|
| MFAOperationForLogin | String | adaptive | Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console. This parameter is used to replace the EnforceMFAForLogin parameter. The EnforceMFAForLogin parameter is still valid. However, we recommend that you use the MFAOperationForLogin parameter. Valid values:
|
| MFAPreference | Object | The MFA preference. |
|
| AllowUserToManageMFADevices | Boolean | false | Indicates whether RAM users can manage their MFA devices. Valid values:
|
| PersonalInfoPreference | Object | The personal information preference. |
|
| AllowUserToManagePersonalDingTalk | Boolean | true | Specifies whether RAM users can manage their personal DingTalk accounts, such as binding and unbinding of the accounts. Valid values:
|
| RequestId | String | 30C9068D-FBAA-4998-9986-8A562FED0BC3 | The ID of the request. |
Examples
Sample requests
https://[Endpoint]/?Action=GetSecurityPreference
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<GetSecurityPreferenceResponse>
<SecurityPreference>
<AccessKeyPreference>
<AllowUserToManageAccessKeys>false</AllowUserToManageAccessKeys>
</AccessKeyPreference>
<LoginProfilePreference>
<EnableSaveMFATicket>false</EnableSaveMFATicket>
<LoginSessionDuration>6</LoginSessionDuration>
<LoginNetworkMasks>10.0.0.0/8</LoginNetworkMasks>
<AllowUserToChangePassword>true</AllowUserToChangePassword>
<OperationForRiskLogin>autonomous</OperationForRiskLogin>
<MFAOperationForLogin>adaptive</MFAOperationForLogin>
</LoginProfilePreference>
<MFAPreference>
<AllowUserToManageMFADevices>false</AllowUserToManageMFADevices>
</MFAPreference>
<PersonalInfoPreference>
<AllowUserToManagePersonalDingTalk>true</AllowUserToManagePersonalDingTalk>
</PersonalInfoPreference>
</SecurityPreference>
<RequestId>30C9068D-FBAA-4998-9986-8A562FED0BC3</RequestId>
</GetSecurityPreferenceResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"SecurityPreference" : {
"AccessKeyPreference" : {
"AllowUserToManageAccessKeys" : false
},
"LoginProfilePreference" : {
"EnableSaveMFATicket" : false,
"LoginSessionDuration" : 6,
"LoginNetworkMasks" : "10.0.0.0/8",
"AllowUserToChangePassword" : true,
"OperationForRiskLogin" : "autonomous",
"MFAOperationForLogin" : "adaptive"
},
"MFAPreference" : {
"AllowUserToManageMFADevices" : false
},
"PersonalInfoPreference" : {
"AllowUserToManagePersonalDingTalk" : true
}
},
"RequestId" : "30C9068D-FBAA-4998-9986-8A562FED0BC3"
}Error codes
For a list of error codes, see Service error codes.