ListUsers - Bastionhost - Alibaba Cloud Documentation Center

Queries a list of users of a bastion host.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-bastionhost:ListUsers

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the bastion host whose users you want to query. Note You can call the DescribeInstances operation to query the bastion host ID.	bastionhost-cn-st220aw****
RegionId	string	No	The region ID of the bastion host whose users you want to query. Note For more information about the mapping between region IDs and region names, see Regions and zones.	cn-hangzhou
PageNumber	string	No	The page number. Default value: 1.	1
PageSize	string	No	The number of entries per page. Valid values: 1 to 100. Default value: 20. If you leave this parameter empty, 20 entries are returned on each page. Note We recommend that you do not leave this parameter empty.	20
UserName	string	No	The logon name of the user that you want to query. Only exact match is supported.	abc
DisplayName	string	No	The display name of the user that you want to query. Only exact match is supported.	用户
Source	string	No	The type of the user that you want to query. Valid values: Local: a local user. Ram: a Resource Access Management (RAM) user. AD: an Active Directory (AD)-authenticated user. LDAP: a Lightweight Directory Access Protocol (LDAP)-authenticated user.	Local
Mobile	string	No	The mobile phone number of the user that you want to query. Only exact match is supported.	1359999****
UserState	string	No	The state of the user that you want to query. Valid values: Normal: The user is in normal state. Frozen: The user is locked. Expired: The user has expired.	Normal
SourceUserId	string	No	The unique ID of the user that you want to query. Only exact match is supported. Note This parameter uniquely identifies a RAM user of the bastion host. This parameter is valid if Source is set to Ram. You can call the ListUsers operation in RAM to obtain the unique ID of the user from the UserId response parameter.	122748924538****
UserGroupId	string	No	The ID of the user group to which the user you want to query belongs. Note You can call the ListUserGroups operation to query the user group ID.	1

All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common request parameters. For more information about sample requests, see Sample requests.

Response elements

Element	Type	Description	Example
	object	The returned data.
TotalCount	integer	The total number of users returned.	1
RequestId	string	The request ID.	EC9BF0F4-8983-491A-BC8C-1B4DD94976DE
Users	array<object>	The users returned.
	object
DisplayName	string	The display name of the user.	Bob
Email	string	The email address of the user.	1099**@qq.com
Comment	string	The remarks of the user.	comment
MobileCountryCode	string	The location where the mobile phone number of the user is registered. Valid values: CN: the Chinese mainland, whose international dialing code is +86. HK: Hong Kong (China), whose international dialing code is +852. MO: Macao (China), whose international dialing code is +853. TW: Taiwan (China), whose international dialing code is +886. RU: Russia, whose international dialing code is +7. SG: Singapore, whose international dialing code is +65. MY: Malaysia, whose international dialing code is +60. ID: Indonesia, whose international dialing code is +62. DE: Germany, whose international dialing code is +49. AU: Australia, whose international dialing code is +61. US: US, whose international dialing code is +1. AE: United Arab Emirates, whose international dialing code is +971. JP: Japan, whose international dialing code is +81. GB: UK, whose international dialing code is +44. IN: India, whose international dialing code is +91. KR: Republic of Korea, whose international dialing code is +82. PH: Philippines, whose international dialing code is +63. CH: Switzerland, whose international dialing code is +41. SE: Sweden, whose international dialing code is +46.	CN
Mobile	string	The mobile phone number of the user.	1359999****
UserId	string	The user ID.	1
Source	string	The type of the user. Valid values: Local: a local user. Ram: a RAM user. AD: an AD-authenticated user. LDAP: an LDAP-authenticated user.	Local
UserName	string	The logon name of the user.	abc_def
SourceUserId	string	The unique ID of the user. Note This parameter uniquely identifies a RAM user of the bastion host. A value is returned for this parameter if Source is set to Ram. No value is returned for this parameter if Source is set to Local.	122748924538****
UserState	array	An array that lists the states of users.
	string	The state of the user. Valid values: Normal: The user is in normal state. Frozen: The user is locked. Expired: The user has expired.	["Normal"]
EffectiveStartTime	integer	The start time of the validity period of the user. The value is a UNIX timestamp. Unit: seconds.	1669630029
EffectiveEndTime	integer	The end time of the validity period of the user. The value is a UNIX timestamp. Unit: seconds.	1672502400
NeedResetPassword	boolean	Indicates whether password reset is required upon the next logon. Valid values: true false	true
TwoFactorStatus	string	Indicates whether two-factor authentication is enabled for the user. Valid values: Global: The global setting applies. Disable: Two-factor authentication is disabled. Enable: Two-factor authentication is enabled. The user-specific setting for the authentication method applies.	Enable
TwoFactorMethods	array	An array of the enabled two-factor authentication methods.
	string	The enabled two-factor authentication method. Only one method is supported for each user. Valid values: sms: text message-based two-factor authentication. email: email-based two-factor authentication. dingtalk: DingTalk-based two-factor authentication. totp: one-time password (OTP) token-based two-factor authentication. gmusbkey: two-factor authentication based on the SM-based USB key.	[ "sms" ]
LanguageStatus	string	Indicates whether notifications are sent in the language specified in the global settings or a custom language. Global Custom	Custom
Language	string	This parameter is required if LanguageStatus is set to Custom. Valid values: zh-cn: simplified Chinese. en: English.	en

Examples

Success response

JSON format

{
  "TotalCount": 1,
  "RequestId": "EC9BF0F4-8983-491A-BC8C-1B4DD94976DE",
  "Users": [
    {
      "DisplayName": "Bob",
      "Email": "1099**@qq.com",
      "Comment": "comment",
      "MobileCountryCode": "CN",
      "Mobile": "1359999****",
      "UserId": "1",
      "Source": "Local",
      "UserName": "abc_def",
      "SourceUserId": "122748924538****",
      "UserState": [
        "[\"Normal\"]"
      ],
      "EffectiveStartTime": 1669630029,
      "EffectiveEndTime": 1672502400,
      "NeedResetPassword": true,
      "TwoFactorStatus": "Enable",
      "TwoFactorMethods": [
        "[\n      \"sms\"\n]"
      ],
      "LanguageStatus": "Custom",
      "Language": "en"
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter	The argument is invalid.	The argument is invalid.
500	InternalError	An unknown error occurred.	An unknown error occurred.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.