Get user information

Prev Next

Available in Classic and VPC

Get the user information of sub accounts that has been granted permissions to an account, such as sub accounts, deleted sub accounts, or role users.

Request

This section describes the request format. The method and URI are as follows:

Method URI
GET /api/v1/users/{subAccountId}

Request headers

For information about the headers common to all Sub Account APIs, see Sub Account request headers.

Request path parameters

You can use the following path parameters with your request:

Field Type Required Description
subAccountId String Required Sub account ID

Request query parameters

You can use the following query parameters with your request:

Field Type Required Description
includeDeleted Boolean Optional Whether to include deleted accounts
  • true | false (default)
    • true: include
    • false: exclude

Request example

The request example is as follows:

curl --location --request GET 'https://subaccount.apigw.ntruss.com/api/v1/users/dfafe250-****-****-****-246e96591594?includeDeleted=true' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
subAccountId String - Sub account ID
loginId String - Sub account login ID
name String - Sub account username
groups Array - List of groups affiliated with sub account
active Boolean - Sub account status
  • true | false
    • true: enabled
    • false: disabled
deleted Boolean - Whether it is a deleted account
  • true | false
    • true: deleted account
    • false: Undeleted account
createTime String - Sub account creation date and time
  • ISO 8601 format
principalType String - Sub account type
  • IamUser | IamRole
    • IamUser: sub account
    • IamRole: role user
sourceIdentity Object - Role user information
  • Display if principalType is IamRole
sourceIdentity.type String - Role user type
  • IamUser | Server | FederatedUser | NcloudService
    • IamUser: Account role
    • Server: Server role
    • FederatedUser: Single Sign-On role
    • NcloudService: Service role
  • Display if principalType is IamRole
sourceIdentity.id String - Role user ID
  • Information displayed by role type
    • Account role: sub account ID
    • Server role: not applicable
    • Single Sign-On role: SSO user ID
    • Service role: service resource ID
  • Display if principalType is IamRole
sourceIdentity.provider String - Role user's affiliation type
  • Information displayed by role type
    • Account role: member ID
    • Server role: not applicable
    • Single Sign-On role: SSO tenant ID
    • Service role: service ID
  • Display if principalType is IamRole
roleNrn String - NAVER Cloud Platform resource identification value for the converted role
  • Display if principalType is IamRole

groups

The following describes groups.

Field Type Required Description
groupId String - Group ID
groupName String - Group name
nrn String - NAVER Cloud Platform resource identification value for group

Response status codes

For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

Response example

The response example is as follows:

{
    "subAccountId": "dfafe250-****-****-****-246e96591594",
    "loginId": "user000",
    "name": "user000",
    "groups": [
        {
            "groupId": "50b77400-****-****-****-246e96591a38",
            "groupName": "group002",
            "nrn": "nrn:PUB:IAM::*******:Group/50b77400-****-****-****-246e96591a38"
        }
    ],
    "active": true,
    "deleted": false,
    "createTime": "2024-12-10T00:15:34Z",
    "principalType": "IamUser"
}