Query the permissions that are granted to a RAM user or RAM role to manage ACK clusters -

You can call the DescribeUserPermission operation to query the permissions that are granted to a Resource Access Management (RAM) user or RAM role to manage Container Service for Kubernetes (ACK) clusters.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request syntax

GET /permissions/users/uid HTTP/1.1
Content-Type:application/json

Request parameters

Table 1. Request path parameters
Parameter	Type	Required	Example	Description
uid	String	Yes	21175****	The ID of the RAM user or RAM role. Note If you want to query the permissions of a RAM role, specify the ID of the RAM role.

Response syntax

HTTP/1.1 200 OK
Content-Type:application/json

[ {
  "resource_id" : "String",
  "resource_type" : "String",
  "role_name" : "String",
  "role_type" : "String",
  "is_owner" : Long,
  "is_ram_role" : Long
} ]

Response parameters

Table 2. Response body parameters
Parameter	Type	Example	Description
	Array		The response body parameters.
resource_id	String	c1b542****	The authorization setting. Valid values: `{cluster_id}` is returned if the permissions are scoped to a cluster. `{cluster_id}/{namespace}` is returned if the permissions are scoped to a namespace of a cluster. `all-clusters` is returned if the permissions are scoped to all clusters.
resource_type	String	cluster	The authorization type. Valid values: `cluster`: indicates that the permissions are scoped to a cluster. `namespace`: indicates that the permissions are scoped to a namespace of a cluster. `console`: indicates that the permissions are scoped to all clusters. This value was displayed only in the console.
role_name	String	view	The name of the custom role. If a custom role is assigned, the value is the name of the assigned custom role.
role_type	String	admin	The type of predefined role. Valid values: `admin`: administrator `ops`: O&M engineer `dev`: developer `restricted`: restricted user `custom`: custom role
is_owner	Long	1	Indicates whether the permissions are granted to the cluster owner. `0`: indicates that the permissions are not granted to the cluster owner. `1`: indicates that the permissions are granted to the cluster owner. The cluster owner is the administrator.
is_ram_role	Long	1	Indicates whether the permissions are granted to the RAM role. Valid values: `0`: indicates that the permissions are not granted to the RAM role. `1`: indicates that the permissions are granted to the RAM role.

The parent_id parameter is deprecated. Do not use this parameter.

Examples

GET /permissions/users/21175**** HTTP/1.1 
Host:cs.aliyuncs.com 
Content-Type:application/json

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<0>
    <resource_id>c1b542**</resource_id>
    <resource_type>cluster</resource_type>
    <role_name>view</role_name>
    <role_type>admin</role_type>
    <is_owner>1</is_owner>
    <is_ram_role>1</is_ram_role>
</0>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

[ {
  "resource_id" : "c1b542**",
  "resource_type" : "cluster",
  "role_name" : "view",
  "role_type" : "admin",
  "is_owner" : 1,
  "is_ram_role" : 1
} ]

Error codes

For a list of error codes, see Service error codes.