Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Ibm Provider
  3. API Docs
  4. getIamEffectiveAccountSettings
ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
ibm-cloud/terraform-provider-ibm

ibm.getIamEffectiveAccountSettings

Explore with Pulumi AI

ibm logo
ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
ibm-cloud/terraform-provider-ibm

    Provides a read-only data source to retrieve information about iam_effective_account_settings. You can then reference the fields of the data source in other resources within the same configuration by using interpolation syntax.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamEffectiveAccountSettings = ibm.getIamEffectiveAccountSettings({
    accountId: "account_id",
});

    import pulumi
import pulumi_ibm as ibm

iam_effective_account_settings = ibm.get_iam_effective_account_settings(account_id="account_id")

    package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.GetIamEffectiveAccountSettings(ctx, &ibm.GetIamEffectiveAccountSettingsArgs{
			AccountId: "account_id",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamEffectiveAccountSettings = Ibm.GetIamEffectiveAccountSettings.Invoke(new()
    {
        AccountId = "account_id",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetIamEffectiveAccountSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var iamEffectiveAccountSettings = IbmFunctions.getIamEffectiveAccountSettings(GetIamEffectiveAccountSettingsArgs.builder()
            .accountId("account_id")
            .build());

    }
}

    variables:
  iamEffectiveAccountSettings:
    fn::invoke:
      function: ibm:getIamEffectiveAccountSettings
      arguments:
        accountId: account_id

    Using getIamEffectiveAccountSettings

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getIamEffectiveAccountSettings(args: GetIamEffectiveAccountSettingsArgs, opts?: InvokeOptions): Promise<GetIamEffectiveAccountSettingsResult>
function getIamEffectiveAccountSettingsOutput(args: GetIamEffectiveAccountSettingsOutputArgs, opts?: InvokeOptions): Output<GetIamEffectiveAccountSettingsResult>
    def get_iam_effective_account_settings(account_id: Optional[str] = None,
                                       id: Optional[str] = None,
                                       include_history: Optional[bool] = None,
                                       resolve_user_mfa: Optional[bool] = None,
                                       opts: Optional[InvokeOptions] = None) -> GetIamEffectiveAccountSettingsResult
def get_iam_effective_account_settings_output(account_id: Optional[pulumi.Input[str]] = None,
                                       id: Optional[pulumi.Input[str]] = None,
                                       include_history: Optional[pulumi.Input[bool]] = None,
                                       resolve_user_mfa: Optional[pulumi.Input[bool]] = None,
                                       opts: Optional[InvokeOptions] = None) -> Output[GetIamEffectiveAccountSettingsResult]
    func GetIamEffectiveAccountSettings(ctx *Context, args *GetIamEffectiveAccountSettingsArgs, opts ...InvokeOption) (*GetIamEffectiveAccountSettingsResult, error)
func GetIamEffectiveAccountSettingsOutput(ctx *Context, args *GetIamEffectiveAccountSettingsOutputArgs, opts ...InvokeOption) GetIamEffectiveAccountSettingsResultOutput

    > Note: This function is named GetIamEffectiveAccountSettings in the Go SDK.

    public static class GetIamEffectiveAccountSettings 
{
    public static Task<GetIamEffectiveAccountSettingsResult> InvokeAsync(GetIamEffectiveAccountSettingsArgs args, InvokeOptions? opts = null)
    public static Output<GetIamEffectiveAccountSettingsResult> Invoke(GetIamEffectiveAccountSettingsInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetIamEffectiveAccountSettingsResult> getIamEffectiveAccountSettings(GetIamEffectiveAccountSettingsArgs args, InvokeOptions options)
public static Output<GetIamEffectiveAccountSettingsResult> getIamEffectiveAccountSettings(GetIamEffectiveAccountSettingsArgs args, InvokeOptions options)

    fn::invoke:
  function: ibm:index/getIamEffectiveAccountSettings:getIamEffectiveAccountSettings
  arguments:
    # arguments dictionary

    The following arguments are supported:

    AccountId string
    Unique ID of the account.
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    ResolveUserMfa bool
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    AccountId string
    Unique ID of the account.
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    ResolveUserMfa bool
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    accountId String
    Unique ID of the account.
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolveUserMfa Boolean
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    accountId string
    Unique ID of the account.
    id string
    The unique identifier of the iam_effective_account_settings.
    includeHistory boolean
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolveUserMfa boolean
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    account_id str
    Unique ID of the account.
    id str
    The unique identifier of the iam_effective_account_settings.
    include_history bool
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolve_user_mfa bool
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.
    accountId String
    Unique ID of the account.
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    Defines if the entity history is included in the response.

    • Constraints: The default value is false.
    resolveUserMfa Boolean
    Enrich MFA exemptions with user information.

    • Constraints: The default value is false.

    getIamEffectiveAccountSettings Result

    The following output properties are available:

    AccountId string
    (String) Unique ID of the account.
    Accounts List<GetIamEffectiveAccountSettingsAccount>
    (List) Nested schema for account:
    AssignedTemplates List<GetIamEffectiveAccountSettingsAssignedTemplate>
    (List) assigned template section. Nested schema for assigned_templates:
    Contexts List<GetIamEffectiveAccountSettingsContext>
    (List) Context with key properties for problem determination. Nested schema for context:
    Effectives List<GetIamEffectiveAccountSettingsEffective>
    (List) Nested schema for effective:
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    ResolveUserMfa bool
    AccountId string
    (String) Unique ID of the account.
    Accounts []GetIamEffectiveAccountSettingsAccount
    (List) Nested schema for account:
    AssignedTemplates []GetIamEffectiveAccountSettingsAssignedTemplate
    (List) assigned template section. Nested schema for assigned_templates:
    Contexts []GetIamEffectiveAccountSettingsContext
    (List) Context with key properties for problem determination. Nested schema for context:
    Effectives []GetIamEffectiveAccountSettingsEffective
    (List) Nested schema for effective:
    Id string
    The unique identifier of the iam_effective_account_settings.
    IncludeHistory bool
    ResolveUserMfa bool
    accountId String
    (String) Unique ID of the account.
    accounts List<GetIamEffectiveAccountSettingsAccount>
    (List) Nested schema for account:
    assignedTemplates List<GetIamEffectiveAccountSettingsAssignedTemplate>
    (List) assigned template section. Nested schema for assigned_templates:
    contexts List<GetIamEffectiveAccountSettingsContext>
    (List) Context with key properties for problem determination. Nested schema for context:
    effectives List<GetIamEffectiveAccountSettingsEffective>
    (List) Nested schema for effective:
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    resolveUserMfa Boolean
    accountId string
    (String) Unique ID of the account.
    accounts GetIamEffectiveAccountSettingsAccount[]
    (List) Nested schema for account:
    assignedTemplates GetIamEffectiveAccountSettingsAssignedTemplate[]
    (List) assigned template section. Nested schema for assigned_templates:
    contexts GetIamEffectiveAccountSettingsContext[]
    (List) Context with key properties for problem determination. Nested schema for context:
    effectives GetIamEffectiveAccountSettingsEffective[]
    (List) Nested schema for effective:
    id string
    The unique identifier of the iam_effective_account_settings.
    includeHistory boolean
    resolveUserMfa boolean
    account_id str
    (String) Unique ID of the account.
    accounts Sequence[GetIamEffectiveAccountSettingsAccount]
    (List) Nested schema for account:
    assigned_templates Sequence[GetIamEffectiveAccountSettingsAssignedTemplate]
    (List) assigned template section. Nested schema for assigned_templates:
    contexts Sequence[GetIamEffectiveAccountSettingsContext]
    (List) Context with key properties for problem determination. Nested schema for context:
    effectives Sequence[GetIamEffectiveAccountSettingsEffective]
    (List) Nested schema for effective:
    id str
    The unique identifier of the iam_effective_account_settings.
    include_history bool
    resolve_user_mfa bool
    accountId String
    (String) Unique ID of the account.
    accounts List<Property Map>
    (List) Nested schema for account:
    assignedTemplates List<Property Map>
    (List) assigned template section. Nested schema for assigned_templates:
    contexts List<Property Map>
    (List) Context with key properties for problem determination. Nested schema for context:
    effectives List<Property Map>
    (List) Nested schema for effective:
    id String
    The unique identifier of the iam_effective_account_settings.
    includeHistory Boolean
    resolveUserMfa Boolean

    Supporting Types

    GetIamEffectiveAccountSettingsAccount

    AccountId string
    Unique ID of the account.
    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    Histories List<GetIamEffectiveAccountSettingsAccountHistory>
    (List) History of the Account Settings. Nested schema for history:
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas List<GetIamEffectiveAccountSettingsAccountUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    AccountId string
    Unique ID of the account.
    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    Histories []GetIamEffectiveAccountSettingsAccountHistory
    (List) History of the Account Settings. Nested schema for history:
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas []GetIamEffectiveAccountSettingsAccountUserMfa
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    accountId String
    Unique ID of the account.
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    histories List<GetIamEffectiveAccountSettingsAccountHistory>
    (List) History of the Account Settings. Nested schema for history:
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<GetIamEffectiveAccountSettingsAccountUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    accountId string
    Unique ID of the account.
    allowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    histories GetIamEffectiveAccountSettingsAccountHistory[]
    (List) History of the Account Settings. Nested schema for history:
    maxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas GetIamEffectiveAccountSettingsAccountUserMfa[]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    account_id str
    Unique ID of the account.
    allowed_ip_addresses str
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    histories Sequence[GetIamEffectiveAccountSettingsAccountHistory]
    (List) History of the Account Settings. Nested schema for history:
    max_sessions_per_identity str
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa str
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrict_create_platform_apikey str
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_create_service_id str
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    session_expiration_in_seconds str
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    session_invalidation_in_seconds str
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    system_access_token_expiration_in_seconds str
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    system_refresh_token_expiration_in_seconds str
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    user_mfas Sequence[GetIamEffectiveAccountSettingsAccountUserMfa]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    accountId String
    Unique ID of the account.
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    histories List<Property Map>
    (List) History of the Account Settings. Nested schema for history:
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<Property Map>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:

    GetIamEffectiveAccountSettingsAccountHistory

    Action string
    (String) Action of the history entry.
    IamId string
    (String) The iam_id of the user.
    IamIdAccount string
    (String) Account of the identity which triggered the action.
    Message string
    (String) Message which summarizes the executed action.
    Params List<string>
    (List) Params of the history entry.
    Timestamp string
    (String) Timestamp when the action was triggered.
    Action string
    (String) Action of the history entry.
    IamId string
    (String) The iam_id of the user.
    IamIdAccount string
    (String) Account of the identity which triggered the action.
    Message string
    (String) Message which summarizes the executed action.
    Params []string
    (List) Params of the history entry.
    Timestamp string
    (String) Timestamp when the action was triggered.
    action String
    (String) Action of the history entry.
    iamId String
    (String) The iam_id of the user.
    iamIdAccount String
    (String) Account of the identity which triggered the action.
    message String
    (String) Message which summarizes the executed action.
    params List<String>
    (List) Params of the history entry.
    timestamp String
    (String) Timestamp when the action was triggered.
    action string
    (String) Action of the history entry.
    iamId string
    (String) The iam_id of the user.
    iamIdAccount string
    (String) Account of the identity which triggered the action.
    message string
    (String) Message which summarizes the executed action.
    params string[]
    (List) Params of the history entry.
    timestamp string
    (String) Timestamp when the action was triggered.
    action str
    (String) Action of the history entry.
    iam_id str
    (String) The iam_id of the user.
    iam_id_account str
    (String) Account of the identity which triggered the action.
    message str
    (String) Message which summarizes the executed action.
    params Sequence[str]
    (List) Params of the history entry.
    timestamp str
    (String) Timestamp when the action was triggered.
    action String
    (String) Action of the history entry.
    iamId String
    (String) The iam_id of the user.
    iamIdAccount String
    (String) Account of the identity which triggered the action.
    message String
    (String) Message which summarizes the executed action.
    params List<String>
    (List) Params of the history entry.
    timestamp String
    (String) Timestamp when the action was triggered.

    GetIamEffectiveAccountSettingsAccountUserMfa

    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.
    description string
    (String) optional description.
    email string
    (String) email of the user.
    iamId string
    (String) The iam_id of the user.
    mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name string
    (String) name of the user account.
    userName string
    (String) userName of the user.
    description str
    (String) optional description.
    email str
    (String) email of the user.
    iam_id str
    (String) The iam_id of the user.
    mfa str
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name str
    (String) name of the user account.
    user_name str
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.

    GetIamEffectiveAccountSettingsAssignedTemplate

    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    TemplateId string
    (String) Template Id.
    TemplateName string
    (String) Template name.
    TemplateVersion double
    (Integer) Template version.
    UserMfas List<GetIamEffectiveAccountSettingsAssignedTemplateUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    TemplateId string
    (String) Template Id.
    TemplateName string
    (String) Template name.
    TemplateVersion float64
    (Integer) Template version.
    UserMfas []GetIamEffectiveAccountSettingsAssignedTemplateUserMfa
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    templateId String
    (String) Template Id.
    templateName String
    (String) Template name.
    templateVersion Double
    (Integer) Template version.
    userMfas List<GetIamEffectiveAccountSettingsAssignedTemplateUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    templateId string
    (String) Template Id.
    templateName string
    (String) Template name.
    templateVersion number
    (Integer) Template version.
    userMfas GetIamEffectiveAccountSettingsAssignedTemplateUserMfa[]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowed_ip_addresses str
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    max_sessions_per_identity str
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa str
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrict_create_platform_apikey str
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_create_service_id str
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    session_expiration_in_seconds str
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    session_invalidation_in_seconds str
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    system_access_token_expiration_in_seconds str
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    system_refresh_token_expiration_in_seconds str
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    template_id str
    (String) Template Id.
    template_name str
    (String) Template name.
    template_version float
    (Integer) Template version.
    user_mfas Sequence[GetIamEffectiveAccountSettingsAssignedTemplateUserMfa]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    templateId String
    (String) Template Id.
    templateName String
    (String) Template name.
    templateVersion Number
    (Integer) Template version.
    userMfas List<Property Map>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:

    GetIamEffectiveAccountSettingsAssignedTemplateUserMfa

    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.
    description string
    (String) optional description.
    email string
    (String) email of the user.
    iamId string
    (String) The iam_id of the user.
    mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name string
    (String) name of the user account.
    userName string
    (String) userName of the user.
    description str
    (String) optional description.
    email str
    (String) email of the user.
    iam_id str
    (String) The iam_id of the user.
    mfa str
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name str
    (String) name of the user account.
    user_name str
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.

    GetIamEffectiveAccountSettingsContext

    ClusterName string
    (String) The cluster name.
    ElapsedTime string
    (String) The elapsed time in msec.
    EndTime string
    (String) The finish time of the request.
    Host string
    (String) The host of the server instance processing the request.
    InstanceId string
    (String) The instance ID of the server instance processing the request.
    Operation string
    (String) The operation of the inbound REST request.
    StartTime string
    (String) The start time of the request.
    ThreadId string
    (String) The thread ID of the server instance processing the request.
    TransactionId string
    (String) The transaction ID of the inbound REST request.
    Url string
    (String) The URL of that cluster.
    UserAgent string
    (String) The user agent of the inbound REST request.
    ClusterName string
    (String) The cluster name.
    ElapsedTime string
    (String) The elapsed time in msec.
    EndTime string
    (String) The finish time of the request.
    Host string
    (String) The host of the server instance processing the request.
    InstanceId string
    (String) The instance ID of the server instance processing the request.
    Operation string
    (String) The operation of the inbound REST request.
    StartTime string
    (String) The start time of the request.
    ThreadId string
    (String) The thread ID of the server instance processing the request.
    TransactionId string
    (String) The transaction ID of the inbound REST request.
    Url string
    (String) The URL of that cluster.
    UserAgent string
    (String) The user agent of the inbound REST request.
    clusterName String
    (String) The cluster name.
    elapsedTime String
    (String) The elapsed time in msec.
    endTime String
    (String) The finish time of the request.
    host String
    (String) The host of the server instance processing the request.
    instanceId String
    (String) The instance ID of the server instance processing the request.
    operation String
    (String) The operation of the inbound REST request.
    startTime String
    (String) The start time of the request.
    threadId String
    (String) The thread ID of the server instance processing the request.
    transactionId String
    (String) The transaction ID of the inbound REST request.
    url String
    (String) The URL of that cluster.
    userAgent String
    (String) The user agent of the inbound REST request.
    clusterName string
    (String) The cluster name.
    elapsedTime string
    (String) The elapsed time in msec.
    endTime string
    (String) The finish time of the request.
    host string
    (String) The host of the server instance processing the request.
    instanceId string
    (String) The instance ID of the server instance processing the request.
    operation string
    (String) The operation of the inbound REST request.
    startTime string
    (String) The start time of the request.
    threadId string
    (String) The thread ID of the server instance processing the request.
    transactionId string
    (String) The transaction ID of the inbound REST request.
    url string
    (String) The URL of that cluster.
    userAgent string
    (String) The user agent of the inbound REST request.
    cluster_name str
    (String) The cluster name.
    elapsed_time str
    (String) The elapsed time in msec.
    end_time str
    (String) The finish time of the request.
    host str
    (String) The host of the server instance processing the request.
    instance_id str
    (String) The instance ID of the server instance processing the request.
    operation str
    (String) The operation of the inbound REST request.
    start_time str
    (String) The start time of the request.
    thread_id str
    (String) The thread ID of the server instance processing the request.
    transaction_id str
    (String) The transaction ID of the inbound REST request.
    url str
    (String) The URL of that cluster.
    user_agent str
    (String) The user agent of the inbound REST request.
    clusterName String
    (String) The cluster name.
    elapsedTime String
    (String) The elapsed time in msec.
    endTime String
    (String) The finish time of the request.
    host String
    (String) The host of the server instance processing the request.
    instanceId String
    (String) The instance ID of the server instance processing the request.
    operation String
    (String) The operation of the inbound REST request.
    startTime String
    (String) The start time of the request.
    threadId String
    (String) The thread ID of the server instance processing the request.
    transactionId String
    (String) The transaction ID of the inbound REST request.
    url String
    (String) The URL of that cluster.
    userAgent String
    (String) The user agent of the inbound REST request.

    GetIamEffectiveAccountSettingsEffective

    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas List<GetIamEffectiveAccountSettingsEffectiveUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    AllowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    MaxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    RestrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    RestrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    SessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    SessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    SystemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    SystemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    UserMfas []GetIamEffectiveAccountSettingsEffectiveUserMfa
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<GetIamEffectiveAccountSettingsEffectiveUserMfa>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses string
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity string
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey string
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId string
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds string
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds string
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds string
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds string
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas GetIamEffectiveAccountSettingsEffectiveUserMfa[]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowed_ip_addresses str
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    max_sessions_per_identity str
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa str
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrict_create_platform_apikey str
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrict_create_service_id str
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    session_expiration_in_seconds str
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    session_invalidation_in_seconds str
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    system_access_token_expiration_in_seconds str
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    system_refresh_token_expiration_in_seconds str
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    user_mfas Sequence[GetIamEffectiveAccountSettingsEffectiveUserMfa]
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:
    allowedIpAddresses String
    (String) Defines the IP addresses and subnets from which IAM tokens can be created for the account.
    maxSessionsPerIdentity String
    (String) Defines the max allowed sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    restrictCreatePlatformApikey String
    (String) Defines whether or not creating platform API keys is access controlled. Valid values: * RESTRICTED - to apply access control * NOT_RESTRICTED - to remove access control * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    restrictCreateServiceId String
    (String) Defines whether or not creating a service ID is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value.

    • Constraints: The default value is NOT_SET. Allowable values are: RESTRICTED, NOT_RESTRICTED, NOT_SET.
    sessionExpirationInSeconds String
    (String) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 86400.
    sessionInvalidationInSeconds String
    (String) Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values: * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 7200.
    systemAccessTokenExpirationInSeconds String
    (String) Defines the access token expiration in seconds. Valid values: * Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 3600.
    systemRefreshTokenExpirationInSeconds String
    (String) Defines the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default.

    • Constraints: The default value is 259200.
    userMfas List<Property Map>
    (List) List of users that are exempted from the MFA requirement of the account. Nested schema for user_mfa:

    GetIamEffectiveAccountSettingsEffectiveUserMfa

    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    Description string
    (String) optional description.
    Email string
    (String) email of the user.
    IamId string
    (String) The iam_id of the user.
    Mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    Name string
    (String) name of the user account.
    UserName string
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.
    description string
    (String) optional description.
    email string
    (String) email of the user.
    iamId string
    (String) The iam_id of the user.
    mfa string
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name string
    (String) name of the user account.
    userName string
    (String) userName of the user.
    description str
    (String) optional description.
    email str
    (String) email of the user.
    iam_id str
    (String) The iam_id of the user.
    mfa str
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name str
    (String) name of the user account.
    user_name str
    (String) userName of the user.
    description String
    (String) optional description.
    email String
    (String) email of the user.
    iamId String
    (String) The iam_id of the user.
    mfa String
    (String) Defines the MFA requirement for the user. Valid values: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users * TOTP4ALL - For all users * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users.

    • Constraints: Allowable values are: NONE, NONE_NO_ROPC, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.
    name String
    (String) name of the user account.
    userName String
    (String) userName of the user.

    Package Details

    Repository
    ibm ibm-cloud/terraform-provider-ibm
    License
    Notes
    This Pulumi package is based on the ibm Terraform Provider.
    ibm logo
    ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
    ibm-cloud/terraform-provider-ibm