RAM authorization - Data Management - Alibaba Cloud Documentation Center

Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. Using RAM helps you avoid sharing your Alibaba Cloud account keys with other users and allows you to grant users the least privilege access. RAM uses permission policies to define authorizations. This topic describes the general structure of a RAM policy, and the policy statement elements (Action, Resource, and Condition) defined by Data Management for RAM permission policies. The RAM code (RamCode) for Data Management is dms,dms-console , and the supported authorization granularity is OPERATION .

General structure of a policy

Permission policies support JSON format with the following general structure:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

The following list describes the fields in the policy:

Version: Specifies the policy version number. It is fixed at 1.
Statement:
- Effect: Specifies the authorization result. Valid values: Allow and Deny.
- Action: Specifies one or more operations that are allowed or denied.
- Resource: Specifies the specific objects affected by the operations. You can use Alibaba Cloud Resource Names (ARNs) to describe specific resources.
- Condition: Specifies the conditions for the authorization to take effect. This field is optional.
  - Condition operator: Specifies the conditional operators. Different types of conditions support different conditional operators.
  - Condition_key: Specifies the condition keys.
  - Condition_value: Specifies the condition values.

Action

The following table lists the actions defined by Data Management. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding ARN in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys that are applicable across all RAM-integrated services. For more information, see Common condition keys.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action	API	Access level	Resource type	Condition key	Dependent action
dms:ListAuthorizedUsersForDatabase	ListAuthorizedUsersForDatabase	none	All Resource ``	None	None
dms:ListLogicTableRouteConfig	ListLogicTableRouteConfig	list	All Resource ``	None	None
dms:RemoveTableFromCategory	RemoveTableFromCategory	none	All Resource ``	None	None
dms:UpdateWorkspace	UpdateWorkspace	update	All Resource ``	None	None
dms:UpdateTaskFlowTimeVariables	UpdateTaskFlowTimeVariables	update	All Resource ``	None	None
dms:StopTaskFlowInstance	StopTaskFlowInstance	none	All Resource ``	None	None
dms:GetProxy	GetProxy	get	All Resource ``	None	None
dms:GetOpLog	GetOpLog	get	All Resource ``	None	None
dms:ListTaskFlow	ListTaskFlow	list	All Resource ``	None	None
dms:CreateProxyAccess	CreateProxyAccess	create	All Resource ``	None	None
dms:GetTaskInstanceRelation	GetTaskInstanceRelation	get	All Resource ``	None	None
dms:ListUsers	ListUsers	list	All Resource ``	None	None
dms:RevokeTemplateAuthority	RevokeTemplateAuthority	none	All Resource ``	None	None
dms:ListDataLakeFunctionName	ListDataLakeFunctionName	get	All Resource ``	None	None
dms:RegisterUser	RegisterUser	create	All Resource ``	None	None
dms:ListDBTaskSQLJobDetail	ListDBTaskSQLJobDetail	list	All Resource ``	None	None
dms:ListSensitiveColumnInfo	ListSensitiveColumnInfo	list	All Resource ``	None	None
dms:EditLogicDatabase	EditLogicDatabase	update	All Resource ``	None	None
dms:ChangeLhDagOwner	ChangeLhDagOwner	update	All Resource ``	None	None
dms:GetWorkspace	GetWorkspace	get	All Resource ``	None	None
dms:GetPhysicalDatabase	GetPhysicalDatabase	get	All Resource ``	None	None
dms:BatchCreateDataLakePartitions	BatchCreateDataLakePartitions	create	All Resource ``	None	None
dms:ListInstances	ListInstances	list	All Resource ``	None	None
dms:UpdateAuthorityTemplate	UpdateAuthorityTemplate	update	All Resource ``	None	None
dms:OfflineTaskFlow	OfflineTaskFlow	none	All Resource ``	None	None
dms:GetDataLakeDatabase	GetDataLakeDatabase	get	All Resource ``	None	None
dms:CheckBatchTableAccessPermission	CheckBatchTableAccessPermission	none	All Resource ``	None	None
dms:CreateOrder	CreateOrder	create	All Resource ``	None	None
dms:SyncDatabaseMeta	SyncDatabaseMeta	update	All Resource ``	None	None
dms:GetStructSyncExecSqlDetail	GetStructSyncExecSqlDetail	get	All Resource ``	None	None
dms:SetOwners	SetOwners	update	All Resource ``	None	None
dms:GetDataImportSQL	GetDataImportSQL	none	All Resource ``	None	None
dms:RetryDataCorrectPreCheck	RetryDataCorrectPreCheck	update	All Resource ``	None	None
dms:SubmitStructSyncOrderApproval	SubmitStructSyncOrderApproval	update	All Resource ``	None	None
dms:SubmitOrderApproval	SubmitOrderApproval	update	All Resource ``	None	None
dms:GetDataTrackJobTableMeta	GetDataTrackJobTableMeta	none	All Resource ``	None	None
dms:ListIndexes	ListIndexes	list	All Resource ``	None	None
dms:ListLhTaskFlowAndScenario	ListLhTaskFlowAndScenario	list	All Resource ``	None	None
dms:GetStandardGroup	GetStandardGroup	get	All Resource ``	None	None
dms:CreateLogicDatabase	CreateLogicDatabase	create	All Resource ``	None	None
dms:SyncInstanceMeta	SyncInstanceMeta	update	All Resource ``	None	None
dms:ExecuteDataExport	ExecuteDataExport	update	All Resource ``	None	None
dms:ListColumns	ListColumns	list	All Resource ``	None	None
dms:ListDataLakeTableName	ListDataLakeTableName	get	All Resource ``	None	None
dms:GetUserActiveTenant	GetUserActiveTenant	get	All Resource ``	None	None
dms:DeleteInstance	DeleteInstance	delete	All Resource ``	None	None
dms:ExecuteStructSync	ExecuteStructSync	update	All Resource ``	None	None
dms:ListSQLReviewOriginSQL	ListSQLReviewOriginSQL	list	All Resource ``	None	None
dms:ListEffectiveOrders	ListEffectiveOrders	list	All Resource ``	None	None
dms:GetDataArchiveCount	GetDataArchiveCount	none	All Resource ``	None	None
dms:ListUserTenants	ListUserTenants	list	All Resource ``	None	None
dms:ModifyDesensitizationStrategy	ModifyDesensitizationStrategy	update	All Resource ``	None	None
dms:GetUser	GetUser	get	All Resource ``	None	None
dms:ListInstanceLoginAuditLog	ListInstanceLoginAuditLog	list	All Resource ``	None	None
dms:GetTableDBTopology	GetTableDBTopology	get	All Resource ``	None	None
dms:CreateStandardGroup	CreateStandardGroup	create	All Resource ``	None	None
dms:GetLogicDatabase	GetLogicDatabase	get	All Resource ``	None	None
dms:CreateDataLakeFunction	CreateDataLakeFunction	create	All Resource ``	None	None
dms:ListDDLPublishRecords	ListDDLPublishRecords	list	All Resource ``	None	None
dms:GetTaskFlowGraph	GetTaskFlowGraph	get	All Resource ``	None	None
dms:ListOrders	ListOrders	list	All Resource ``	None	None
dms:UpdateTaskFlowConstants	UpdateTaskFlowConstants	update	All Resource ``	None	None
dms:ListAuthorizedUsersForInstance	ListAuthorizedUsersForInstance	none	All Resource ``	None	None
dms:AnalyzeSQLLineage	AnalyzeSQLLineage	get	All Resource ``	None	None
dms:GetDBTopology	GetDBTopology	get	All Resource ``	None	None
dms:DeleteWorkspace	DeleteWorkspace	delete	All Resource ``	None	None
dms:RevokeUserPermission	RevokeUserPermission	delete	All Resource ``	None	None
dms:GetTableTopology	GetTableTopology	get	All Resource ``	None	None
dms:GetDataLakeCatalog	GetDataLakeCatalog	get	All Resource ``	None	None
dms:CloseOrder	CloseOrder	update	All Resource ``	None	None
dms:ListSQLExecAuditLog	ListSQLExecAuditLog	list	All Resource ``	None	None
dms:DeleteDataLakeDatabase	DeleteDataLakeDatabase	delete	All Resource ``	None	None
dms:ListDataLakePartitionByFilter	ListDataLakePartitionByFilter	get	All Resource ``	None	None
dms:BuyPayAsYouGoOrder	BuyPayAsYouGoOrder	create	All Resource ``	None	None
dms:GetTableDesignProjectInfo	GetTableDesignProjectInfo	get	All Resource ``	None	None
dms:UpdateDataLakePartition	UpdateDataLakePartition	update	All Resource ``	None	None
dms:GetDataCorrectTaskDetail	GetDataCorrectTaskDetail	get	All Resource ``	None	None
dms:CreateDataCorrectOrder	CreateDataCorrectOrder	create	All Resource ``	None	None
dms:ListTaskFlowsByPage	ListTaskFlowsByPage	list	All Resource ``	None	None
dms:DeleteUser	DeleteUser	delete	All Resource ``	None	None
dms:DownloadDataTrackResult	DownloadDataTrackResult	none	All Resource ``	None	None
dms:ListWorkspaces	ListWorkspaces	list	All Resource ``	None	None
dms:AddAuthorityTemplateItems	AddAuthorityTemplateItems	update	All Resource ``	None	None
dms:ListTasksInTaskFlow	ListTasksInTaskFlow	list	All Resource ``	None	None
dms:GetAbacPolicy	GetAbacPolicy	none	All Resource ``	None	None
dms:GetTableKnowledgeInfo	GetTableKnowledgeInfo	get	All Resource ``	None	None
dms:GetLhSpaceByName	GetLhSpaceByName	get	All Resource ``	None	None
dms:GetTableDesignProjectFlow	GetTableDesignProjectFlow	get	All Resource ``	None	None
dms:DeleteLogicDatabase	DeleteLogicDatabase	delete	All Resource ``	None	None
dms:CreateDataImportOrder	CreateDataImportOrder	create	All Resource ``	None	None
dms:GetDataTrackOrderDetail	GetDataTrackOrderDetail	none	All Resource ``	None	None
dms:ListScenarios	ListScenarios	list	All Resource ``	None	None
dms:CreateMetaCategory	CreateMetaCategory	create	All Resource ``	None	None
dms:GetInstance	GetInstance	get	All Resource ``	None	None
dms:GetDataCorrectBackupFiles	GetDataCorrectBackupFiles	get	All Resource ``	None	None
dms:CreateFreeLockCorrectOrder	CreateFreeLockCorrectOrder	create	All Resource ``	None	None
dms:ListDatabases	ListDatabases	list	All Resource ``	None	None
dms:ListDatabaseUserPermssions	ListDatabaseUserPermssions	list	All Resource ``	None	None
dms:ListTaskFlowInstance	ListTaskFlowInstance	list	All Resource ``	None	None
dms:GetRuleNumLimitOfSLA	GetRuleNumLimitOfSLA	get	All Resource ``	None	None
dms:ListProxySQLExecAuditLog	ListProxySQLExecAuditLog	list	All Resource ``	None	None
dms:ModifyDataCorrectExecSQL	ModifyDataCorrectExecSQL	update	All Resource ``	None	None
dms:CreateDatabaseExportOrder	CreateDatabaseExportOrder	create	All Resource ``	None	None
dms:GetSQLReviewCheckResultStatus	GetSQLReviewCheckResultStatus	get	All Resource ``	None	None
dms:CreateDataExportOrder	CreateDataExportOrder	create	All Resource ``	None	None
dms:ListLogicDatabases	ListLogicDatabases	list	All Resource ``	None	None
dms:UpdateUser	UpdateUser	update	All Resource ``	None	None
dms:UpdateDataLakeFunction	UpdateDataLakeFunction	create	All Resource ``	None	None
dms:InspectProxyAccessSecret	InspectProxyAccessSecret	get	All Resource ``	None	None
dms:SearchDataTrackResult	SearchDataTrackResult	none	All Resource ``	None	None
dms:GetDataTrackJobDegree	GetDataTrackJobDegree	none	All Resource ``	None	None
dms:CreateTask	CreateTask	create	All Resource ``	None	None
dms:ListInstanceUserPermissions	ListInstanceUserPermissions	list	All Resource ``	None	None
dms:ListUserOwnedResources	ListUserOwnedResources	list	All Resource ``	None	None
dms:GetUserUploadFileJob	GetUserUploadFileJob	get	All Resource ``	None	None
dms:CreateStructSyncOrder	CreateStructSyncOrder	create	All Resource ``	None	None
dms:ListDataCorrectPreCheckSQL	ListDataCorrectPreCheckSQL	list	All Resource ``	None	None
dms:PublishAndDeployTaskFlow	PublishAndDeployTaskFlow	none	All Resource ``	None	None
dms:PauseDataCorrectSQLJob	PauseDataCorrectSQLJob	update	All Resource ``	None	None
dms:ListDataImportSQLPreCheckDetail	ListDataImportSQLPreCheckDetail	list	All Resource ``	None	None
dms:ListDataLakePartition	ListDataLakePartition	get	All Resource ``	None	None
dms:UpdateDataLakeDatabase	UpdateDataLakeDatabase	update	All Resource ``	None	None
dms:GetStructSyncJobAnalyzeResult	GetStructSyncJobAnalyzeResult	get	All Resource ``	None	None
dms:GrantUserPermission	GrantUserPermission	create	All Resource ``	None	None
dms:EnableUser	EnableUser	update	All Resource ``	None	None
dms:CreateDataLakeTable	CreateDataLakeTable	create	All Resource ``	None	None
dms:GetDataCorrectRollbackFile	GetDataCorrectRollbackFile	get	All Resource ``	None	None
dms:UpdateTaskTimeVariables	UpdateTaskTimeVariables	update	All Resource ``	None	None
dms:ListTableColumns	ListTableColumns	get	All Resource ``	None	None
dms:CreateDataTrackOrder	CreateDataTrackOrder	none	All Resource ``	None	None
dms:UpdateTaskFlowNotification	UpdateTaskFlowNotification	update	All Resource ``	None	None
dms:AddTaskFlowEdges	AddTaskFlowEdges	create	All Resource ``	None	None
dms:ListSensitivityLevel	ListSensitivityLevel	list	All Resource ``	None	None
dms:ListSLARules	ListSLARules	list	All Resource ``	None	None
dms:QueryDataTrackResultDownloadStatus	QueryDataTrackResultDownloadStatus	none	All Resource ``	None	None
dms:GetPermApplyOrderDetail	GetPermApplyOrderDetail	get	All Resource ``	None	None
dms:GenerateSqlFromNL	GenerateSqlFromNL	none	All Resource ``	None	None
dms:UpdateStandardGroup	UpdateStandardGroup	update	All Resource ``	None	None
dms:GetStructSyncOrderDetail	GetStructSyncOrderDetail	get	All Resource ``	None	None
dms:CreateDataLakePartition	CreateDataLakePartition	create	All Resource ``	None	None
dms:UpdateTaskContent	UpdateTaskContent	update	All Resource ``	None	None
dms:UpdateTaskOutput	UpdateTaskOutput	update	All Resource ``	None	None
dms:GetApprovalDetail	GetApprovalDetail	get	All Resource ``	None	None
dms:UpdateScenario	UpdateScenario	update	All Resource ``	None	None
dms:ListDataLakePartitionName	ListDataLakePartitionName	get	All Resource ``	None	None
dms:DeleteProxyAccess	DeleteProxyAccess	delete	All Resource ``	None	None
dms:GetAuthorityTemplate	GetAuthorityTemplate	get	All Resource ``	None	None
dms:DeleteLhMembers	DeleteLhMembers	delete	All Resource ``	None	None
dms:ListAuthorityTemplate	ListAuthorityTemplate	list	All Resource ``	None	None
dms:GetOwnerApplyOrderDetail	GetOwnerApplyOrderDetail	get	All Resource ``	None	None
dms:ListDataLakeTablebaseInfo	ListDataLakeTablebaseInfo	get	All Resource ``	None	None
dms:ListTaskFlowCooperators	ListTaskFlowCooperators	list	All Resource ``	None	None
dms:ListTablesInCategory	ListTablesInCategory	get	All Resource ``	None	None
dms:GetMetaTableColumn	GetMetaTableColumn	get	All Resource ``	None	None
dms:ListUserPermissions	ListUserPermissions	list	All Resource ``	None	None
dms:GetDataCronClearConfig	GetDataCronClearConfig	get	All Resource ``	None	None
dms:RefundPayAsYouGoOrder	RefundPayAsYouGoOrder	update	All Resource ``	None	None
dms:EditMetaKnowledgeAsset	EditMetaKnowledgeAsset	get	All Resource ``	None	None
dms:CreateProcCorrectOrder	CreateProcCorrectOrder	create	All Resource ``	None	None
dms:AddLhMembers	AddLhMembers	update	All Resource ``	None	None
dms:AddDesensitizationRule	AddDesensitizationRule	create	All Resource ``	None	None
dms:GetDatabase	GetDatabase	get	All Resource ``	None	None
dms:ListTables	ListTables	list	All Resource ``	None	None
dms:ListSensitiveDataAuditLog	ListSensitiveDataAuditLog	list	All Resource ``	None	None
dms:ListDBTaskSQLJob	ListDBTaskSQLJob	list	All Resource ``	None	None
dms:GetDataCorrectSQLFile	GetDataCorrectSQLFile	get	All Resource ``	None	None
dms:DeleteAuthorityTemplate	DeleteAuthorityTemplate	delete	All Resource ``	None	None
dms:DeleteDataLakePartition	DeleteDataLakePartition	delete	All Resource ``	None	None
dms:GetDataLakeTable	GetDataLakeTable	get	All Resource ``	None	None
dms:RestartDataExportJob	RestartDataExportJob	update	All Resource ``	None	None
dms:RemoveDataExportJob	RemoveDataExportJob	delete	All Resource ``	None	None
dms:CreateUploadFileJob	CreateUploadFileJob	create	All Resource ``	None	None
dms:GetDataExportDownloadURL	GetDataExportDownloadURL	get	All Resource ``	None	None
dms:ListDataImportSQLType	ListDataImportSQLType	list	All Resource ``	None	None
dms:ResumeTaskFlowInstance	ResumeTaskFlowInstance	none	All Resource ``	None	None
dms:UpdateTaskFlowCooperators	UpdateTaskFlowCooperators	update	All Resource ``	None	None
dms:GetDataCorrectOrderDetail	GetDataCorrectOrderDetail	get	All Resource ``	None	None
dms:SuspendDataExportJob	SuspendDataExportJob	update	All Resource ``	None	None
dms:ListAuthorizedDatabasesForUser	ListAuthorizedDatabasesForUser	none	All Resource ``	None	None
dms:GetStructSyncJobDetail	GetStructSyncJobDetail	get	All Resource ``	None	None
dms:SimplyAddInstance	SimplyAddInstance	create	All Resource ``	None	None
dms:ListLogicTables	ListLogicTables	list	All Resource ``	None	None
dms:DeleteAbacAuthorization	DeleteAbacAuthorization	delete	All Resource ``	None	None
dms:UpdateMetaCategory	UpdateMetaCategory	update	All Resource ``	None	None
dms:CreateScenario	CreateScenario	create	All Resource ``	None	None
dms:GrantTemplateAuthority	GrantTemplateAuthority	none	All Resource ``	None	None
dms:ListDataLakeDatabase	ListDataLakeDatabase	get	All Resource ``	None	None
dms:UpdateTaskFlowSchedule	UpdateTaskFlowSchedule	update	All Resource ``	None	None
dms:DeleteTask	DeleteTask	delete	All Resource ``	None	None
dms:UpdateInstance	UpdateInstance	update	All Resource ``	None	None
dms:ListProxies	ListProxies	get	All Resource ``	None	None
dms:ListTaskFlowTimeVariables	ListTaskFlowTimeVariables	list	All Resource ``	None	None
dms:GetDatabaseExportOrderDetail	GetDatabaseExportOrderDetail	get	All Resource ``	None	None
dms:ListAbacAuthorizations	ListAbacAuthorizations	get	All Resource ``	None	None
dms:SearchTable	SearchTable	get	All Resource ``	None	None
dms:ListMetaCategory	ListMetaCategory	get	All Resource ``	None	None
dms:PreviewWorkflow	PreviewWorkflow	get	All Resource ``	None	None
dms:SkipDataCorrectRowCheck	SkipDataCorrectRowCheck	none	All Resource ``	None	None
dms:GetProxyAccess	GetProxyAccess	get	All Resource ``	None	None
dms:GetAuthorityTemplateItem	GetAuthorityTemplateItem	list	All Resource ``	None	None
dms:GetDbExportDownloadURL	GetDbExportDownloadURL	get	All Resource ``	None	None
dms:PauseDataExportJob	PauseDataExportJob	update	All Resource ``	None	None
dms:MakeTaskFlowInstanceSuccess	MakeTaskFlowInstanceSuccess	update	All Resource ``	None	None
dms:MoveTaskFlowToScenario	MoveTaskFlowToScenario	update	All Resource ``	None	None
dms:DeleteLogicTableRouteConfig	DeleteLogicTableRouteConfig	delete	All Resource ``	None	None
dms:DeleteProxy	DeleteProxy	get	All Resource ``	None	None
dms:BatchUpdateDataLakePartitions	BatchUpdateDataLakePartitions	update	All Resource ``	None	None
dms:CreateAbacAuthorization	CreateAbacAuthorization	create	All Resource ``	None	None
dms:GetDataLakeFunction	GetDataLakeFunction	create	All Resource ``	None	None
dms:GetOrderBaseInfo	GetOrderBaseInfo	get	All Resource ``	None	None
dms:GetIntervalLimitOfSLA	GetIntervalLimitOfSLA	get	All Resource ``	None	None
dms:ListDAGVersions	ListDAGVersions	list	All Resource ``	None	None
dms:ReRunTaskFlowInstance	ReRunTaskFlowInstance	none	All Resource ``	None	None
dms:CreateLakeHouseSpace	CreateLakeHouseSpace	create	All Resource ``	None	None
dms:AddInstance	AddInstance	create	All Resource ``	None	None
dms:CreateDataLakeDatabase	CreateDataLakeDatabase	create	All Resource ``	None	None
dms:GetClassificationTemplate	GetClassificationTemplate	get	All Resource ``	None	None
dms:CreateSQLReviewOrder	CreateSQLReviewOrder	create	All Resource ``	None	None
dms:BatchDeleteDataLakePartitions	BatchDeleteDataLakePartitions	delete	All Resource ``	None	None
dms:ChangeColumnSecLevel	ChangeColumnSecLevel	update	All Resource ``	None	None
dms:SetWorkflowExtraInfo	SetWorkflowExtraInfo	update	All Resource ``	None	None
dms:ListSensitiveColumnsDetail	ListSensitiveColumnsDetail	list	All Resource ``	None	None
dms:CreatePublishGroupTask	CreatePublishGroupTask	create	All Resource ``	None	None
dms:UpdateTaskContentV2	UpdateTaskContentV2	update	All Resource ``	None	None
dms:ListAbacPolicies	ListAbacPolicies	none	All Resource ``	None	None
dms:SearchDatabase	SearchDatabase	list	All Resource ``	None	None
dms:GetPagedInstance	GetPagedInstance	get	All Resource ``	None	None
dms:UpdateTaskName	UpdateTaskName	update	All Resource ``	None	None
dms:RestartDataCorrectSQLJob	RestartDataCorrectSQLJob	update	All Resource ``	None	None
dms:DeleteStandardGroup	DeleteStandardGroup	delete	All Resource ``	None	None
dms:DeleteDataLakeTable	DeleteDataLakeTable	delete	All Resource ``	None	None
dms:CreateWorkspace	CreateWorkspace	create	All Resource ``	None	None
dms:ListWorkFlowNodes	ListWorkFlowNodes	list	All Resource ``	None	None
dms:CreateProxy	CreateProxy	create	All Resource ``	None	None
dms:DeleteLakeHouseSpace	DeleteLakeHouseSpace	delete	All Resource ``	None	None
dms:UpdateAbacPolicy	UpdateAbacPolicy	update	All Resource ``	None	None
dms:DeleteTaskFlow	DeleteTaskFlow	delete	All Resource ``	None	None
dms:DeleteMetaCategory	DeleteMetaCategory	delete	All Resource ``	None	None
dms:ListDesensitizationRule	ListDesensitizationRule	list	All Resource ``	None	None
dms:GetDataExportOrderDetail	GetDataExportOrderDetail	get	All Resource ``	None	None
dms:DeleteAbacPolicy	DeleteAbacPolicy	none	All Resource ``	None	None
dms:CreateAbacPolicy	CreateAbacPolicy	create	All Resource ``	None	None
dms:RegisterInstance	RegisterInstance	create	All Resource ``	None	None
dms:DeleteDataLakeFunction	DeleteDataLakeFunction	create	All Resource ``	None	None
dms:ListAuthorizedInstancesForUser	ListAuthorizedInstancesForUser	none	All Resource ``	None	None
dms:ChangeColumnSecurityLevel	ChangeColumnSecurityLevel	update	All Resource ``	None	None
dms:OptimizeSqlByMetaAgent	OptimizeSqlByMetaAgent	none	All Resource ``	None	None
dms:CreateUploadOSSFileJob	CreateUploadOSSFileJob	create	All Resource ``	None	None
dms:FixSqlByMetaAgent	FixSqlByMetaAgent	none	All Resource ``	None	None
dms:UpdateTaskFlowNameAndDesc	UpdateTaskFlowNameAndDesc	update	All Resource ``	None	None
dms:DeleteScenario	DeleteScenario	delete	All Resource ``	None	None
dms:ExecuteDataCorrect	ExecuteDataCorrect	update	All Resource ``	None	None
dms:GetTaskFlowNotification	GetTaskFlowNotification	get	All Resource ``	None	None
dms:GetDataArchiveOrderDetail	GetDataArchiveOrderDetail	get	All Resource ``	None	None
dms:CreateDataCronClearOrder	CreateDataCronClearOrder	create	All Resource ``	None	None
dms:ListTaskFlowEdgesByCondition	ListTaskFlowEdgesByCondition	list	All Resource ``	None	None
dms:ExecuteScript	ExecuteScript	update	All Resource ``	None	None
dms:GetDBTaskSQLJobLog	GetDBTaskSQLJobLog	get	All Resource ``	None	None
dms:GetDataCronClearTaskDetailList	GetDataCronClearTaskDetailList	get	All Resource ``	None	None
dms:UpdateTaskConfig	UpdateTaskConfig	update	All Resource ``	None	None
dms:ModifyInstance	ModifyInstance	update	All Resource ``	None	None
dms:ListStandardGroups	ListStandardGroups	list	All Resource ``	None	None
dms:CreateAuthorityTemplate	CreateAuthorityTemplate	create	All Resource ``	None	None
dms:ListSensitiveColumns	ListSensitiveColumns	list	All Resource ``	None	None
dms:ListDataLakeCatalog	ListDataLakeCatalog	get	All Resource ``	None	None
dms:ApproveOrder	ApproveOrder	update	All Resource ``	None	None
dms:CreateDataArchiveOrder	CreateDataArchiveOrder	create	All Resource ``	None	None
dms:ListDataCorrectPreCheckDB	ListDataCorrectPreCheckDB	list	All Resource ``	None	None
dms:ChatWithDesensitize	ChatWithDesensitize	none	All Resource ``	None	None
dms:ListDataLakeFunction	ListDataLakeFunction	get	All Resource ``	None	None
dms:UpdateDataLakeTable	UpdateDataLakeTable	update	All Resource ``	None	None
dms:GetOnlineDDLProgress	GetOnlineDDLProgress	get	All Resource ``	None	None
dms:ListDefaultSLARules	ListDefaultSLARules	list	All Resource ``	None	None
dms:ListWorkFlowTemplates	ListWorkFlowTemplates	list	All Resource ``	None	None
dms:GetSQLReviewOptimizeDetail	GetSQLReviewOptimizeDetail	get	All Resource ``	None	None
dms:AnswerSqlSyntaxByMetaAgent	AnswerSqlSyntaxByMetaAgent	none	All Resource ``	None	None
dms:GetTask	GetTask	get	All Resource ``	None	None
dms:TryRunTaskFlow	TryRunTaskFlow	get	All Resource ``	None	None
dms:CreateTaskFlow	CreateTaskFlow	create	All Resource ``	None	None
dms:ReDeployLhDagVersion	ReDeployLhDagVersion	none	All Resource ``	None	None
dms:ListTaskFlowConstants	ListTaskFlowConstants	list	All Resource ``	None	None
dms:GetMetaTableDetailInfo	GetMetaTableDetailInfo	get	All Resource ``	None	None
dms:DisableUser	DisableUser	update	All Resource ``	None	None
dms:BackFill	BackFill	none	All Resource ``	None	None
dms:UpdateTaskFlowEdges	UpdateTaskFlowEdges	update	All Resource ``	None	None
dms:UpdateSLARules	UpdateSLARules	update	All Resource ``	None	None
dms:ListDataLakeTable	ListDataLakeTable	get	All Resource ``	None	None
dms:GetOrderAttachmentFile	GetOrderAttachmentFile	get	All Resource ``	None	None
dms:DeleteTaskFlowEdgesByCondition	DeleteTaskFlowEdgesByCondition	delete	All Resource ``	None	None
dms:ListClassificationTemplates	ListClassificationTemplates	list	All Resource ``	None	None
dms:AddTableToCategory	AddTableToCategory	none	All Resource ``	None	None
dms:GetDataExportPreCheckDetail	GetDataExportPreCheckDetail	get	All Resource ``	None	None
dms:UpdateTaskFlowOwner	UpdateTaskFlowOwner	update	All Resource ``	None	None
dms:SuspendTaskFlowInstance	SuspendTaskFlowInstance	none	All Resource ``	None	None
dms:AddLogicTableRouteConfig	AddLogicTableRouteConfig	create	All Resource ``	None	None
dms:UpdateTaskFlowRelations	UpdateTaskFlowRelations	update	All Resource ``	None	None
dms:GetDataLakePartition	GetDataLakePartition	get	All Resource ``	None	None
dms:ListProxyAccesses	ListProxyAccesses	get	All Resource ``	None	None

Resource

The following table lists the resources defined by Data Management. Specify them in the Resource element of RAM policy statements to grant permissions for specific operations. They are uniquely identified by ARNs. Format: acs:{#ramcode}:{#regionId}:{#accountId}:{#resourceType}:

acs: The initialism of Alibaba Cloud service, which indicates the public cloud of Alibaba Cloud.
{#ramcode}: The code used in RAM to indicate an Alibaba Cloud service.
{#regionId}: The region ID. If the resource covers all regions, set it to an asterisk (*).
{#accountId}: The ID of the Alibaba Cloud account. If the resource covers all Alibaba Cloud accounts, set it to an asterisk (*).
{#resourceType}: The service-defined resource identifier. It supports a hierarchical structure, which is similar to a file path. If the statement covers global resources, set it to an asterisk (*).

Resource type	ARN
TaskFlow	acs:dms,dms-console:{#regionId}:{#accountId}:taskflow/{#TaskFlowId}
Order	acs:dmsenterprise:{#regionId}:{#accountId}:order/{#OrderId} acs:dmsenterprise::{#accountId}:order/{#OrderId} acs:dmsenterprise:{#Region}:{#AccountId}:order/{#OrderId}
Database	acs:dmsenterprise:{#regionId}:{#accountId}:database/{#DatabaseId}
Instance	acs:dms:*:{#accountId}:instance/{#Host}/{#Port}

Condition

Data Management does not define product-level condition keys. However, you can use Alibaba Cloud common condition keys for access control. For more information, see Common condition keys.

How to create custom RAM policies?

You can create custom policies and grant them to RAM users, RAM user groups, or RAM roles. For instructions, see: