RAM authorization - Enterprise Distributed Application Service

Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM to prevent RAM users from sharing the AccessKey pairs of your Alibaba Cloud account. You can also use RAM to grant minimum permissions to RAM users. RAM uses policies to define permissions.

This topic describes the elements, such as Action, Resource, and Condition, which are defined by EDAS. You can use the elements to create policies in RAM. The code (RamCode) in RAM that is used to indicate EDAS is edas. You can grant permissions on EDAS at the RESOURCE.

General structure of a policy

Policies can be stored as JSON files. The following code provides an example on the general structure of a policy:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

The following list describes the fields in the policy:

Effect: specifies the authorization effect. Valid values: Allow, Deny.
Action: specifies one or more API operations that are allowed or denied. For more information, see the Action section of this topic.
Resource: specifies one or more resources to which the policy applies. You can use an Alibaba Cloud Resource Name (ARN) to specify a resource. For more information, see the Resource section of this topic.
Condition: specifies one or more conditions that are required for the policy to take effect. This is an optional field. For more information, see the Condition section of this topic.
- Condition_operator: specifies the conditional operators. Different types of conditions support different conditional operators. For more information, see Policy elements.
- Condition_key: specifies the condition keys.
- Condition_value: specifies the condition values.

Action

EDAS defines the values that you can use in the Action element of a policy statement. The following table describes the values.

Operation: the value that you can use in the Action element to specify the operation on a resource.
API operation: the API operation that you can call to perform the operation.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition key: the condition keys that are defined by the Alibaba Cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Generic Condition Keyword.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Actions	API operation	Access level	Resource type	Condition key	Associated operation
edas:ManageApplication	BindSlb	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:InsertServiceGroup	InsertServiceGroup	create	All Resources *	None	None
edas:ReadService	ListMethods	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	DescribeAppInstanceList	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:InsertSwimmingLaneGroup	InsertSwimmingLaneGroup	create	All Resources *	None	None
edas:ListTagResources	ListTagResources	list	All Resources *	None	None
edas:ManageCluster	CreateK8sSecret	create	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageApplication	UpdateContainerConfiguration	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	ListApplicationEcu	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	RetryChangeOrderTask	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	DeleteClusterMember	Write	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ReadApplication	GetJvmConfiguration	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	UpdateK8sIngressRule	update	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageApplication	EnableApplicationScalingRule	update	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	GetWebContainerConfig	get	All Resources *	None	None
edas:ManageApplication	CreateK8sService	create	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NamespaceId}/application/{#AppId}	None	None
edas:SynchronizeResource	SynchronizeResource	none	All Resources *	None	None
edas:ManageCluster	InsertClusterMember	Write	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ReadCluster	StartK8sAppPrecheck	none	All Resources *	None	None
edas:ManageCluster	TransformClusterMember	Write	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:CreateNamespace	InsertOrUpdateRegion	Write	All Resources *	None	None
edas:ManageCluster	CreateK8sConfigMap	create	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageApplication	DeleteApplicationScalingRule	delete	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	UpdateK8sResource	Write	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:UpdateAccountInfo	UpdateAccountInfo	update	All Resources *	None	None
edas:ManageApplication	UpdateHookConfiguration	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	DeleteK8sConfigMap	delete	All Resources *	None	None
edas:ManageApplication	ScaleOutApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:CreateApplication	InsertApplication	Write	NameSpace acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}	None	None
edas:ConfigApplication	UpdateK8sApplicationConfig	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadCluster	GetK8sCluster	get	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageApplication	StopK8sApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageTraffic	UpdateSwimmingLaneGroup	update	All Resources *	None	None
edas:ReadApplication	GetK8sApplication	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	CreateIDCImportCommand	Write	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageTraffic	InsertSwimmingLane	create	All Resources *	None	None
edas:QueryMigrateEcuList	QueryMigrateEcuList	list	All Resources *	None	None
edas:CreateConfigTemplate	CreateConfigTemplate	create	All Resources *	None	None
edas:ManageApplication	RollbackChangeOrder	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadCluster	ListScaleOutEcu	get	All Resources *	None	None
edas:ManageApplication	UpdateApplicationScalingRule	update	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	GetChangeOrderInfo	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ECSPurchase	ScaleoutApplicationWithNewInstances	update	All Resources *	None	None
edas:ReadApplication	GetAppDeployment	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadService	GetServiceConsumersPage	get	All Resources *	None	None
edas:ReadApplication	GetK8sServices	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:QueryMigrateRegionList	QueryMigrateRegionList	none	All Resources *	None	None
edas:ReadApplication	QuerySlsLogStoreList	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ListEcsNotInCluster	ListEcsNotInCluster	get	All Resources *	None	None
edas:ManageApplication	StartApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	ScaleInApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageAppLog	AddLogPath	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	DisableApplicationScalingRule	update	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadCluster	ListConvertableEcu	get	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageApplication	ScaleK8sApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:InsertRole	InsertRole	create	All Resources *	None	None
edas:UpdateRole	UpdateRole	update	All Resources *	None	None
edas:ManageTraffic	UpdateSwimmingLane	update	All Resources *	None	None
edas:ReadService	GetServiceDetail	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadService	ListConsumedServices	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NamespaceId}/application/{#AppId}	None	None
edas:AuthorizeApplication	AuthorizeApplication	none	All Resources *	None	None
edas:ConfigApplication	UpdateApplicationBaseInfo	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:DeleteEcu	DeleteEcu	delete	All Resources *	None	None
edas:ListVpc	ListVpc	list	All Resources *	None	None
edas:ConfigApplication	UpdateK8sApplicationBaseInfo	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ListSlb	ListSlb	list	All Resources *	None	None
edas:ListSubAccount	ListSubAccount	get	All Resources *	None	None
edas:ReadService	GetServiceListPage	get	NameSpace acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}	None	None
edas:ReadCluster	ListClusterMembers	get	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageApplication	DeleteK8sService	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	ResetApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadCluster	ListK8sSecrets	get	All Resources *	None	None
edas:DeleteRole	DeleteRole	delete	All Resources *	None	None
edas:ReadApplication	ListRecentChangeOrder	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	DeleteK8sIngressRule	delete	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ReadApplication	QueryApplicationStatus	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageAppLog	UpdateSlsLogStore	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	RestartApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageAppLog	DeleteLogPath	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadCluster	ListCluster		All Resources *	None	None
edas:ReadCluster	ListK8sNamespaces		All Resources *	None	None
edas:DeleteServiceGroup	DeleteServiceGroup	delete	All Resources *	None	None
edas:ManageApplication	DeleteDeployGroup	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	SwitchAdvancedMonitoring	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:AuthorizeResourceGroup	AuthorizeResourceGroup	none	All Resources *	None	None
edas:ManageApplication	ChangeDeployGroup	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	DeployApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	ListDeployGroup	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	DescribeApplicationScalingRules	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	DeleteK8sSecret	delete	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:UpdateConfigTemplate	UpdateConfigTemplate	update	All Resources *	None	None
edas:ListEcuByRegion	ListEcuByRegion	list	All Resources *	None	None
edas:ManageApplication	UpdateK8sService	update	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ListServiceGroups	ListServiceGroups	get	All Resources *	None	None
edas:ReadCluster	GetK8sAppPrecheckResult	get	All Resources *	None	None
edas:ReadService	ListPublishedServices	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:DeleteConfigTemplate	DeleteConfigTemplate	delete	All Resources *	None	None
edas:ReadApplication	ListHistoryDeployVersion	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:MigrateEcu	MigrateEcu	update	All Resources *	None	None
edas:ManageApplication	UpdateHealthCheckUrl	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	UnbindSlb	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadCluster	GetCluster	get	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageApplication	CreateApplicationScalingRule	create	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ListAuthority	ListAuthority	list	All Resources *	None	None
edas:ManageApplication	ContinuePipeline	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	ListApplication		All Resources *	None	None
edas:ReadApplication	GetContainerConfiguration	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:AuthorizeRole	AuthorizeRole	none	All Resources *	None	None
edas:ReadService	GetServiceMethodPage	get	NameSpace acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}	None	None
edas:CreateCluster	ImportK8sCluster	Write	NameSpace acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}	None	None
edas:ReadCluster	ListK8sConfigMaps	get	All Resources *	None	None
edas:TagResources	TagResources	update	All Resources *	None	None
edas:ListRole	ListRole	get	All Resources *	None	None
edas:ReadNamespace	GetSecureToken	get	NameSpace acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}	None	None
edas:ReadApplication	GetApplication	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	InsertDeployGroup	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	BindK8sSlb	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:CreateCluster	InsertCluster	Write	All Resources *	None	None
edas:DeleteNamespace	DeleteUserDefineRegion	get	All Resources *	None	None
edas:ManageCluster	InstallAgent	Write	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:DeleteApplication	DeleteApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	GetScalingRules	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ConfigApplication	BindEcsSlb	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	UpdateContainer	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:DeleteApplication	DeleteK8sApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	GetJavaStartUpConfig	get	All Resources *	None	None
edas:ManageCluster	UpdateK8sSecret	update	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageTraffic	DeleteSwimmingLane	delete	All Resources *	None	None
edas:ManageApplication	RestartK8sApplication	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	edas:tag	None
edas:ManageApplication	ModifyScalingRule	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	UpdateK8sSlb	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:CreateApplication	InsertK8sApplication		All Resources *	None	None
edas:ManageApplication	UnbindK8sSlb	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	UpdateK8sConfigMap	update	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ManageCluster	CreateK8sIngressRule	create	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:UntagResources	UntagResources	update	All Resources *	None	None
edas:ManageApplication	AbortAndRollbackChangeOrder	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ListResourceGroup	ListResourceGroup	list	All Resources *	None	None
edas:ManageApplication	DeployK8sApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadService	GetServiceProvidersPage	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	StopApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	RollbackApplication	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageApplication	StartK8sApplication	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ConfigApplication	UpdateJvmConfiguration	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ManageCluster	ConvertK8sResource	get	Cluster acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}	None	None
edas:ReadCluster	ListK8sIngressRules	get	All Resources *	None	None
edas:ManageApplication	AbortChangeOrder	Write	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}	None	None
edas:ReadApplication	QueryEccInfo	get	Application acs:edas:{#regionId}:{#accountId}:namespace/{#NamespaceId}/application/{#AppId}	None	None
edas:DeleteCluster	DeleteCluster	Write	All Resources *	None	None

Resource

EDAS defines the values that you can use in the Resource. You can attach the policy to a RAM user or a RAM role so that the RAM user or the RAM role can perform a specific operation on a specific resource. The ARN is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:

{#}indicates a variable. {#} must be replaced with an actual value. For example, {#ramcode} must be replaced with the actual code of an Alibaba Cloud service in RAM.
An asterisk (*) is used as a wildcard. Examples:
- {#resourceType} is set to *, all resources are specified.
- {#regionId} is set to *, all regions are specified.
- {#accountId} is set to *, all Alibaba Cloud accounts are specified.

Resource type	ARN
Application	acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/application/{#AppId}
Application	acs:edas:{#regionId}:{#accountId}:namespace/{#NamespaceId}/application/{#AppId}
NameSpace	acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}
Cluster	acs:edas:{#regionId}:{#accountId}:namespace/{#NameSpaceId}/cluster/{#ClusterId}
Application	acs:edas:{#regionId}:{#accountId}:application/{#AppId}
Cluster	acs:edas:{#regionId}:{#accountId}:cluster/{#ClusterId}
Cluster	acs:edas:{#regionId}:{#accountId}:cluster/*
Cluster	acs:edas:{#regionId}:{#accountId}:namespace/{#NamespaceId}/cluster/{#ClusterId}
Cluster	acs:edas:{#regionId}:{#accountId}:Cluster/{#ClusterId}

Condition

EDAS defines the values that you can use in the Condition element of a policy statement. The following table describes the values. The following table describes the service-specific condition keys. The common condition keys that are defined by Alibaba Cloud also apply to EDAS. For more information about the common condition keys, see Generic Condition Keyword.

The data type determines the conditional operators that you can use to compare the value in a request with the value in a policy statement. You must use conditional operators that are supported by the data type. Otherwise, you cannot compare the value in the request with the value in the policy statement. In this case, the authorization is invalid. For more information about the conditional operators that are supported by each data type, see Policy elements.

Condition key	Description	Data type
edas:tag		String

What to do next

You can create a custom policy and attach the policy to a RAM user, RAM user group, or RAM role. For more information, see the following topics: