【Upgrade】Notification of RAM policy grammar verification upgrade
Aug 15, 2023
Resource Access Management
Upgrade window: From August 28, 2023 10:00 to August 31, 2023 23:59, GMT/UTC+8
Upgrade Impact:
To prevent unexpected behavior in customer's permission control, RAM will upgrade the syntax verification capabilities for permission policies. The system will verify whether the policy content contains invalid global condition keywords or reserved policy variable identification elements. After the upgrade, when creating or modifying permission policies (including the Resource Directory control policy and RAM role trust policy), if the policy document does not match the grammar specification, the "MalformedPolicyDocument" errors will be returned. If you receive this error, please check and modify your policy content according to the error message returned.
This upgrade will not affect your currently granted permissions. Based on the best practices, it is recommended that you follow the permission policy syntax rules and use policy-supported elements and condition keywords to build your custom policy. For more information, please refer to the documentation: https://www.alibabacloud.com/help/en/ram/user-guide/policy-elements
Involved OpenAPI:
- Resource Access Management: CreatePolicy, CreatePolicyVersion, CreateRole, UpdateRole
- Resource Management - resource group: CreatePolicy, CreatePolicyVersion, CreateRole, UpdateRole
- Resource management - resource directory: CreateControlPolicy, UpdateControlPolicy
If you have any questions or need further assistance, please feel free to contact us via work order or service hotline.
Thank you for your understanding and cooperation.
Upgrade Impact:
To prevent unexpected behavior in customer's permission control, RAM will upgrade the syntax verification capabilities for permission policies. The system will verify whether the policy content contains invalid global condition keywords or reserved policy variable identification elements. After the upgrade, when creating or modifying permission policies (including the Resource Directory control policy and RAM role trust policy), if the policy document does not match the grammar specification, the "MalformedPolicyDocument" errors will be returned. If you receive this error, please check and modify your policy content according to the error message returned.
This upgrade will not affect your currently granted permissions. Based on the best practices, it is recommended that you follow the permission policy syntax rules and use policy-supported elements and condition keywords to build your custom policy. For more information, please refer to the documentation: https://www.alibabacloud.com/help/en/ram/user-guide/policy-elements
Involved OpenAPI:
- Resource Access Management: CreatePolicy, CreatePolicyVersion, CreateRole, UpdateRole
- Resource Management - resource group: CreatePolicy, CreatePolicyVersion, CreateRole, UpdateRole
- Resource management - resource directory: CreateControlPolicy, UpdateControlPolicy
If you have any questions or need further assistance, please feel free to contact us via work order or service hotline.
Thank you for your understanding and cooperation.