All Products
Search
Document Center

Data Management:ListUserPermissions

Last Updated:Nov 28, 2024

Queries the permissions of a user on databases and tables.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
dms:ListUserPermissionslist
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
TidlongNo

The ID of the tenant.

Note To view the ID of the tenant, move the pointer over the profile picture in the upper-right corner of the Data Management (DMS) console. For more information, see the "View information about the current tenant" section of the Manage DMS tenants topic.
3***
PermTypestringYes

The permissions on a specific type of resources that you want to query. Valid values:

  • DATABASE: permissions on databases
  • TABLE: permissions on tables
  • COLUMN: permissions on fields
  • INSTANCE: permissions on instances
DATABASE
UserIdstringYes

The ID of the user. You can call the GetUser or ListUsers operation to query the ID of the user.

Note The user ID is different from the ID of your Alibaba Cloud account.
51****
DatabaseNamestringNo

The name of the database.

db_name
SearchKeystringNo

The keyword used in the query. For example, if you want to query permissions on an instance, you can specify the endpoint of the instance, such as rm-bp144d5ky4l4r****.

rm-bp144d5ky4l4r****
LogicbooleanNo

Specifies whether the database is a logical database. Valid values:

  • true: The database is a logical database.
  • false: The database is a physical database.
false
EnvTypestringNo

The type of the environment to which the database belongs. Valid values:

  • product: production environment
  • dev: development environment
  • pre: staging environment
  • test: test environment
  • sit: SIT environment
  • uat: user acceptance testing (UAT) environment
  • pet: stress testing environment
  • stag: STAG environment
dev
DbTypestringNo

The type of the database. For more information about the valid values of this parameter, see DbType parameter.

polardb
PageNumberintegerNo

The number of the page to return.

1
PageSizeintegerNo

The number of entries to return on each page.

5

Response parameters

ParameterTypeDescriptionExample
object
TotalCountlong

The total number of entries that meet the query conditions.

1
RequestIdstring

The ID of the request.

C51420E3-144A-4A94-B473-8662FCF4AD10
ErrorCodestring

The error code.

UnknownError
ErrorMessagestring

The error message.

UnknownError
UserPermissionsarray<object>

The details of the permissions that the user has.

UserPermissionobject
DbIdstring

The ID of the database.

1860****
TableNamestring

The name of the table.

test_table
UserIdstring

The ID of the user.

51****
SchemaNamestring

The name of the database.

test_db
Logicboolean

Indicates whether the database is a logical database. Valid values:

  • true: The database is a logical database.
  • false: The database is a physical database.
false
UserNickNamestring

The nickname of the user.

nick_name
InstanceIdstring

The ID of the instance.

174****
PermDetailsarray<object>

The details of permissions.

PermDetailobject
OriginFromstring

The user who grants the permissions.

xxx authorization
PermTypestring

The type of the permissions. Valid values:

  • QUERY: the query permissions
  • EXPORT: the export permissions
  • CORRECT: the change permissions
QUERY
ExpireDatestring

The time when the permissions expire.

2020-12-12 00:00:00
CreateDatestring

The time when the permissions were granted.

2019-12-12 00:00:00
UserAccessIdstring

The ID of the authorization record.

758****
ExtraDatastring

This parameter is reserved.

xxx
EnvTypestring

The type of the environment to which the database belongs. Valid values:

  • product: production environment
  • dev: development environment
  • pre: staging environment
  • test: test environment
  • sit: SIT environment
  • uat: UAT environment
  • pet: stress testing environment
  • stag: STAG environment
dev
ColumnNamestring

The name of the field.

column_name
DbTypestring

The type of the database. For more information about the valid values of this parameter, see DbType parameter.

polardb
DsTypestring

The permissions on a specific type of objects that are granted to the user. Valid values:

  • DATABASE: permissions on physical databases
  • LOGIC_DATABASE: permissions on logical databases
  • TABLE: permissions on physical tables
  • LOGIC_TABLE: permissions on logical tables
DATABASE
TableIdstring

The ID of the table.

13434
SearchNamestring

The name that is used to search for the database.

test_db@xxx:3306
Aliasstring

The alias of the instance.

instance_alias
Hoststring

The endpoint that is used to connect the database.

rm-bp144d5ky4l4r****
Portlong

The port that is used to connect to the instance.

3306
Successboolean

Indicates whether the request is successful. Valid values:

  • true: The request is successful.
  • false: The request fails.
true

Examples

Sample success responses

JSONformat

{
  "TotalCount": 1,
  "RequestId": "C51420E3-144A-4A94-B473-8662FCF4AD10",
  "ErrorCode": "UnknownError",
  "ErrorMessage": "UnknownError",
  "UserPermissions": {
    "UserPermission": [
      {
        "DbId": "1860****",
        "TableName": "test_table",
        "UserId": "51****",
        "SchemaName": "test_db",
        "Logic": false,
        "UserNickName": "nick_name",
        "InstanceId": "174****",
        "PermDetails": {
          "PermDetail": [
            {
              "OriginFrom": "xxx authorization",
              "PermType": "QUERY",
              "ExpireDate": "2020-12-12 00:00:00",
              "CreateDate": "2019-12-12 00:00:00",
              "UserAccessId": "758****",
              "ExtraData": "xxx"
            }
          ]
        },
        "EnvType": "dev",
        "ColumnName": "column_name",
        "DbType": "polardb",
        "DsType": "DATABASE",
        "TableId": "13434",
        "SearchName": "test_db@xxx:3306",
        "Alias": "instance_alias",
        "Host": "rm-bp144d5ky4l4r****",
        "Port": 3306
      }
    ]
  },
  "Success": true
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history