A service-linked role (SLR) is a RAM role whose trusted entity is an Alibaba Cloud service. SLRs can implement authorized access across Alibaba Cloud services. If you want to use Hologres to access MaxCompute, you must create the SLR AliyunServiceRoleForHologresIdentityMgmt.
For more information, see Service-linked roles.
Scenarios
You can use the AliyunServiceRoleForHologresIdentityMgmt role in Hologres to access associated cloud resources. For example, you can use the role in Hologres to access MaxCompute. For more information about how to create the AliyunServiceRoleForHologresIdentityMgmt role, grant permissions to the role, and view and delete the role, see Service-linked role for Hologres.
Required permissions for a RAM user to use an SLR
If you want to use a RAM user to create or delete an SLR, you must use an Alibaba Cloud account to grant permissions to the RAM user.
Method 1: Attach the AliyunHologresFullAccess policy to the RAM user. This policy includes the permissions to create and delete the AliyunServiceRoleForHologresIdentityMgmt role.
Method 2: Add the following permissions to the RAM user in the
Actionstatement of the custom policy:Permissions required to create an SLR:
ram:CreateServiceLinkedRolePermissions required to delete an SLR:
ram:DeleteServiceLinkedRole
For more information, see Permissions required to create and delete a service-linked role in the "Service-linked roles" topic.