Grant read-only permissions on Alibaba Cloud DNS to a RAM user
Create a RAM user in the RAM console and attach the AliyunDNSReadOnlyAccess system policy to the RAM user. For more information about how to grant permissions to a RAM user, see Grant permissions to RAM users.
Grant full management permissions on Alibaba Cloud DNS to a RAM user
Attach the AliyunDNSFullAccess system policy to the RAM user in the RAM console.
Grant management permissions on a specific domain name to a RAM user
After a RAM user is granted management permissions on a specific domain name such as example.com, the RAM user has full permissions to manage the domain name.
If the domain name is bound to a paid instance, you must enter the instance ID in the Resource field when you configure the script.
If the domain name is bound to a free instance, you do not need to enter the instance ID in the Resource field when you configure the script.
Create a policy.
Configure the script.
The following example demonstrates the script configurations:
{
"Version": "1",
"Statement": [
{
"Action": "alidns:*",
"Resource": "acs:alidns:*:*:domain/example.com",
"Effect": "Allow"
},
{
"Action": "alidns:*",
"Resource": "acs:alidns:*:*:instance/dns-cn-st21yjl****(Enter the ID of the instance bound to the domain name)",
"Effect": "Allow"
},
{
"Action": [
"alidns:DescribeSiteMonitorIspInfos",
"alidns:DescribeSiteMonitorIspCityInfos",
"alidns:DescribeSupportLines",
"alidns:DescribeDomains",
"alidns:DescribeDomainNs",
"alidns:*Batch*",
"alidns:DescribeDomainGroups"
],
"Resource": "acs:alidns:*:*:*",
"Effect": "Allow"
}
]
}The preceding example shows how to configure the script of the policy attached to a domain name. The domain name is bound to a paid instance.
Definitions of other permissions on Alibaba Cloud DNS
For more information, see RAM authorization in the API documentation of Alibaba Cloud DNS.