You can call the DescribeAccounts operation to query the details about accounts that are created on an instance.

Note This operation is not supported for instances that run SQL Server 2017 (cluster edition).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeAccounts

The operation that you want to perform. Set the value to DescribeAccounts.

DBInstanceId String Yes rm-uf6wjk5*****

The ID of the instance.

Note This operation is not supported for instances that run SQL Server 2017 (cluster edition).
AccountName String No test1

The name of the account.

PageSize Integer No 30

The number of entries to return on each page. Valid value: 30 to 200. Default value: 30.

PageNumber Integer No 1

The number of the page to return. Default value: 1. Valid values: any non-zero positive integer.

Response parameters

Parameter Type Example Description
SystemAdminAccountStatus String True

Indicates whether the superuser account is enabled.

SystemAdminAccountFirstActivationTime String 2020-02-06T11:00:00Z

The first time when the superuser account was enabled. The time follows the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

PageNumber Integer 1

The page number of the returned page.

RequestId String A2E94301-D07F-4457-9B49-6AA2BB388C85

The ID of the request.

TotalRecordCount Integer 1

The total number of entries.

Accounts Array of DBInstanceAccount

Details of the account.

DBInstanceAccount
AccountStatus String Available

The state of the account. Valid values:

  • Unavailable
  • Available
AccountDescription String Test account

The description of the account.

DBInstanceId String rm-uf6wjk5*****

The ID of the instance to which the account belongs.

PrivExceeded String 0

Indicates whether the number of databases that are managed by the account exceeds the upper limit. Valid values:

  • 1: The number of databases that are managed by the account exceeds the upper limit.
  • 0: The number of databases that are managed by the account does not exceed the upper limit.
AccountType String Normal

The type of the account. Valid values:

  • Normal: standard account
  • Super: privileged account
  • Sysadmin: superuser account that has the system administrator permissions
AccountName String test1

The name of the account.

DatabasePrivileges Array of DatabasePrivilege

Details of the permissions that are granted to the account.

DatabasePrivilege
DBName String test1

The name of the database.

AccountPrivilege String ReadWrite

The type of the permissions. Valid values:

  • ReadWrite: read and write permissions
  • ReadOnly: read-only permissions
  • DDLOnly: DDL-only permissions
  • DMLOnly: DML-only permissions
  • Custom: custom permissions (which can be modified by using SQL statements)
AccountPrivilegeDetail String SELECT,INSERT

The permissions that are granted to the account. For more information, see Account permissions.

ValidUntil String 2022-10-01T00:00:00Z

The expiration time of the password. Valid values:

  • infinity: The password never expires.
  • Empty: The expiration time is not specified.
  • Actual expiration time in the format of yyyy-MM-ddTHH:mm:ssZ in UTC. Example: 2022-10-01T00:00:00Z.
Note This parameter is returned only for ApsaraDB RDS for PostgreSQL instances.
CreateDB String t

Indicates whether the account has the permissions to create databases. Valid values:

  • t: The account has the permissions to create databases.
  • f: The account does not have the permissions to create databases.
Note This parameter is returned only for ApsaraDB RDS for PostgreSQL instances.
Replication String t

Indicates whether the account has the replication permissions. Valid values:

  • t: The account has the replication permissions.
  • f: The account does not have the replication permissions.
Note This parameter is returned only for ApsaraDB RDS for PostgreSQL instances.
CreateRole String t

Indicates whether the account has the permissions to create roles. Valid values:

  • t: The account has the permissions to create roles.
  • f: The account does not have the permissions to create roles.
Note This parameter is returned only for ApsaraDB RDS for PostgreSQL instances.
BypassRLS String f

Indicates whether the account has the row-level security (RLS) permissions. Valid values:

  • t: The account has the RLS permissions.
  • f: The account does not have the RLS permissions.
Note This parameter is returned only for ApsaraDB RDS for PostgreSQL instances.

Examples

Sample requests

http(s)://rds.aliyuncs.com/?Action=DescribeAccounts
&DBInstanceId=rm-uf6wjk5*****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeAccountsResponse>
    <Accounts>
        <DBInstanceAccount>
            <DatabasePrivileges>
                <DatabasePrivilege>
                    <AccountPrivilege>ReadWrite</AccountPrivilege>
                    <AccountPrivilegeDetail>SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,REFERENCES,INDEX,ALTER,CREATE TEMPORARY TABLES,LOCK TABLES,CREATE VIEW,SHOW VIEW,CREATE ROUTINE,ALTER ROUTINE,EXECUTE,EVENT,TRIGGER</AccountPrivilegeDetail>
                    <DBName>testdb</DBName>
                </DatabasePrivilege>
            </DatabasePrivileges>
            <AccountStatus>Available</AccountStatus>
            <AccountDescription/>
            <DBInstanceId>rm-uf6wjk5*****</DBInstanceId>
            <AccountName>testacc02</AccountName>
            <PrivExceeded>0</PrivExceeded>
            <AccountType>Normal</AccountType>
        </DBInstanceAccount>
    </Accounts>
    <RequestId>A2E94301-D07F-4457-9B49-6AA2BB388C85</RequestId>
</DescribeAccountsResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Accounts" : {
    "DBInstanceAccount" : {
      "DatabasePrivileges" : {
        "DatabasePrivilege" : {
          "AccountPrivilege" : "ReadWrite",
          "AccountPrivilegeDetail" : "SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,REFERENCES,INDEX,ALTER,CREATE TEMPORARY TABLES,LOCK TABLES,CREATE VIEW,SHOW VIEW,CREATE ROUTINE,ALTER ROUTINE,EXECUTE,EVENT,TRIGGER",
          "DBName" : "testdb"
        }
      },
      "AccountStatus" : "Available",
      "AccountDescription" : "",
      "DBInstanceId" : "rm-uf6wjk5*****",
      "AccountName" : "testacc02",
      "PrivExceeded" : 0,
      "AccountType" : "Normal"
    }
  },
  "RequestId" : "A2E94301-D07F-4457-9B49-6AA2BB388C85"
}

Error codes

HTTP status code Error code Error message Description
400 IO.Exception IO exception, retry later. The error message returned because I/O errors occurred.
400 Database.ConnectError Database connect error. please check instance status and database processlist The error message returned because the database connection is abnormal. Check the instance status and the connection pool of the database.
400 Account.QueryError Query Account failed, please check your input value The error message returned because the query fails. Check the request parameters.

For a list of error codes, visit the API Error Center.