All Products
Search
Document Center

Microservices Engine:RAM authorization

Last Updated:Nov 13, 2024
Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM to prevent RAM users from sharing the AccessKey pairs of your Alibaba Cloud account. You can also use RAM to grant minimum permissions to RAM users. RAM uses policies to define permissions.
This topic describes the elements, such as Action, Resource, and Condition, which are defined by MSE. You can use the elements to create policies in RAM. The code (RamCode) in RAM that is used to indicate MSE is mse,microgw. You can grant permissions on MSE at the RESOURCE.

General structure of a policy

Policies can be stored as JSON files. The following code provides an example on the general structure of a policy:
{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}
The following list describes the fields in the policy:
  • Effect: specifies the authorization effect. Valid values: Allow, Deny.
  • Action: specifies one or more API operations that are allowed or denied. For more information, see the Action section of this topic.
  • Resource: specifies one or more resources to which the policy applies. You can use an Alibaba Cloud Resource Name (ARN) to specify a resource. For more information, see the Resource section of this topic.
  • Condition: specifies one or more conditions that are required for the policy to take effect. This is an optional field. For more information, see the Condition section of this topic.
    • Condition_operator: specifies the conditional operators. Different types of conditions support different conditional operators. For more information, see Policy elements.
    • Condition_key: specifies the condition keys.
    • Condition_value: specifies the condition values.

Action

MSE defines the values that you can use in the Action element of a policy statement. The following table describes the values.
  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • API operation: the API operation that you can call to perform the operation.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition key: the condition keys that are defined by the Alibaba Cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Generic Condition Keyword.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
ActionsAPI operationAccess levelResource typeCondition keyAssociated operation
mse:ListNacosConfigsListNacosConfigsget
All Resources
*
NoneNone
mse:UntagResourcesUntagResourcesdelete
All Resources
*
NoneNone
mse:ApplyGatewayRouteApplyGatewayRouteWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:CreatePluginConfigCreatePluginConfigcreate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetPluginsGetPluginsget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayNameUpdateGatewayNameWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QueryClusterDetailQueryClusterDetailget
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:ListServiceSourceListServiceSourceget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ApplyTagPoliciesApplyTagPoliciesupdate
All Resources
*
NoneNone
mse:ListGatewayRouteListGatewayRouteget
All Resources
*
NoneNone
mse:QueryGatewayTypeQueryGatewayTypeget
All Resources
*
NoneNone
mse:UpdateGatewayServiceTrafficPolicyUpdateGatewayServiceTrafficPolicyWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:AddGatewaySlbAddGatewaySlbWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:DeleteGatewayAuthConsumerResourceDeleteGatewayAuthConsumerResource
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayOptionUpdateGatewayOptionupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListTagResourcesListTagResourcesget
All Resources
*
NoneNone
mse:GetImportFileUrlGetImportFileUrlget
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:CreateZnodeCreateZnodeWrite
All Resources
*
NoneNone
mse:CloneSentinelRuleFromAhasCloneSentinelRuleFromAhascreate
All Resources
*
NoneNone
mse:DeleteClusterDeleteClusterdelete
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:UpdateGatewayRouteRetryUpdateGatewayRouteRetryupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListGatewayRouteOnAuthListGatewayRouteOnAuthlist
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListAppBySwimmingLaneGroupTagListAppBySwimmingLaneGroupTagget
All Resources
*
NoneNone
mse:GetLosslessRuleByAppGetLosslessRuleByAppget
All Resources
*
NoneNone
mse:UpdateAclUpdateAclupdate
All Resources
*
NoneNone
mse:GetGatewayDomainDetailGetGatewayDomainDetailget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayRouteTimeoutUpdateGatewayRouteTimeoutupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:TagResourcesTagResourcesupdate
All Resources
*
NoneNone
mse:UpdateZnodeUpdateZnodeWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:ListAuthPolicyListAuthPolicyget
All Resources
*
NoneNone
mse:DeletePluginConfigDeletePluginConfigdelete
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetGovernanceKubernetesClusterGetGovernanceKubernetesClusterget
All Resources
*
NoneNone
mse:FetchLosslessRuleListFetchLosslessRuleListget
All Resources
*
NoneNone
mse:ListGatewayAuthConsumerListGatewayAuthConsumerlist
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListZnodeChildrenListZnodeChildrenget
All Resources
*
NoneNone
mse:DeleteNacosServiceDeleteNacosServiceupdate
All Resources
*
NoneNone
mse:ImportServicesImportServicescreate
All Resources
*
NoneNone
mse:EnableHttp2EnableHttp2get
All Resources
*
NoneNone
mse:CreateEngineNamespaceCreateEngineNamespacecreate
All Resources
*
NoneNone
mse:DeleteGatewayDomainDeleteGatewayDomainWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListGatewayZoneListGatewayZonelist
All Resources
*
NoneNone
mse:UpdateGatewayRouteCORSUpdateGatewayRouteCORSupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QueryInstancesInfoQueryInstancesInfoget
All Resources
*
NoneNone
mse:RetryClusterRetryClusterWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:AddGatewayServiceVersionAddGatewayServiceVersionWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:CreateClusterCreateClustercreate
Cluster
acs:mse:{#regionId}:{#accountId}:instance/*
NoneNone
mse:ListSSLCertListSSLCertget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:CreateCircuitBreakerRuleCreateCircuitBreakerRulecreate
All Resources
*
NoneNone
mse:UpdateGatewayRouteWafStatusUpdateGatewayRouteWafStatusupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateClusterUpdateClusterWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:QueryAllSwimmingLaneQueryAllSwimmingLaneget
GovernanceNamespace
acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}
NoneNone
mse:UpdateCircuitBreakerRuleUpdateCircuitBreakerRuleupdate
All Resources
*
NoneNone
mse:GetApplicationListGetApplicationListget
All Resources
*
NoneNone
mse:GetOverviewGetOverview
All Resources
*
NoneNone
mse:ModifyGovernanceKubernetesClusterModifyGovernanceKubernetesClusterupdate
All Resources
*
NoneNone
mse:ListGatewayServiceListGatewayServiceget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayDomainUpdateGatewayDomainWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QuerySwimmingLaneByIdQuerySwimmingLaneByIdget
GovernanceNamespace
acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}
NoneNone
mse:GetNacosHistoryConfigGetNacosHistoryConfigget
All Resources
*
NoneNone
mse:ListClustersListClustersget
All Resources
*
NoneNone
mse:ListClusterConnectionTypesListClusterConnectionTypesget
All Resources
*
NoneNone
mse:AddGatewayAuthAddGatewayAuthcreate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateFlowRuleUpdateFlowRuleupdate
All Resources
*
NoneNone
mse:DeleteSecurityGroupRuleDeleteSecurityGroupRuledelete
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayAuthConsumerResourceStatusUpdateGatewayAuthConsumerResourceStatus
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:DeleteNacosConfigDeleteNacosConfigdelete
All Resources
*
NoneNone
mse:ListListenersByIpListListenersByIpget
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:ListSecurityGroupListSecurityGrouplist
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListEngineNamespacesListEngineNamespaceslist
All Resources
*
NoneNone
mse:QueryAllSwimmingLaneGroupQueryAllSwimmingLaneGroupget
GovernanceNamespace
acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}
NoneNone
mse:PullServicesPullServicesget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateNacosInstanceUpdateNacosInstanceWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:AddGatewayAddGatewaycreate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/*
NoneNone
mse:DeleteNacosInstanceDeleteNacosInstancedelete
All Resources
*
NoneNone
mse:DeleteServiceSourceDeleteServiceSourceWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayRouteHTTPRewriteUpdateGatewayRouteHTTPRewriteupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListConfigTrackListConfigTracklist
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:GetZookeeperDataImportUrlGetZookeeperDataImportUrlget
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:UpdateNacosClusterUpdateNacosClusterupdate
All Resources
*
NoneNone
mse:GetMseSourceGetMseSourceget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QueryClusterDiskSpecificationQueryClusterDiskSpecificationget
All Resources
*
NoneNone
mse:PreserveHeaderFormatPreserveHeaderFormatget
All Resources
*
NoneNone
mse:AddGatewayRouteAddGatewayRouteWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:AddSSLCertAddSSLCertWrite
All Resources
*
NoneNone
mse:UpdateGatewayRouteUpdateGatewayRouteWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayAuthConsumerStatusUpdateGatewayAuthConsumerStatus
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QueryNamespaceQueryNamespaceget
All Resources
*
NoneNone
mse:GetServiceListPageGetServiceListPageget
All Resources
*
NoneNone
mse:ListAnsServiceClustersListAnsServiceClusterslist
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:ExportNacosConfigExportNacosConfigget
Cluster
acs:mse:{#regionId}:{#AccountId}:instance/{#InstanceId}
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:ListGatewaySlbListGatewaySlbget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:RestartClusterRestartClusterWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:DeleteGatewayDeleteGatewayWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetGatewayOptionGetGatewayOptionget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:DeleteCircuitBreakerRulesDeleteCircuitBreakerRulesdelete
All Resources
*
NoneNone
mse:AddGatewayDomainAddGatewayDomaincreate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:CreateFlowRuleCreateFlowRulecreate
All Resources
*
NoneNone
mse:ListClusterHealthCheckTaskListClusterHealthCheckTaskget
All Resources
*
NoneNone
mse:GetBlackWhiteListGetBlackWhiteListget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetEngineNamepaceGetEngineNamepaceget
All Resources
*
NoneNone
mse:GatewayBlackWhiteListGatewayBlackWhiteListget
All Resources
*
NoneNone
mse:UpdateServiceSourceUpdateServiceSourceWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetPluginConfigGetPluginConfigget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListZkTrackListZkTracklist
All Resources
*
NoneNone
mse:GetGatewayRouteDetailGetGatewayRouteDetailget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:OrderClusterHealthCheckRiskNoticeOrderClusterHealthCheckRiskNoticeget
All Resources
*
NoneNone
mse:EnableProxyProtocolEnableProxyProtocolupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:CreateNacosServiceCreateNacosServiceget
All Resources
*
NoneNone
mse:DeleteFlowRulesDeleteFlowRulesdelete
All Resources
*
NoneNone
mse:AddMigrationTaskAddMigrationTaskcreate
All Resources
*
NoneNone
mse:GetServiceListGetServiceListget
All Resources
*
NoneNone
mse:DeleteSwimmingLaneGroupDeleteSwimmingLaneGroupget
All Resources
*
NoneNone
mse:QueryMonitorQueryMonitorget
All Resources
*
NoneNone
mse:UpdateGatewaySpecUpdateGatewaySpecupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListExportZookeeperDataListExportZookeeperDatalist
All Resources
*
NoneNone
mse:DeleteGatewayServiceVersionDeleteGatewayServiceVersionWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateClusterSpecUpdateClusterSpecupdate
All Resources
*
NoneNone
mse:ListListenersByConfigListListenersByConfigget
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:CreateNacosConfigCreateNacosConfigget
All Resources
*
NoneNone
mse:QueryGovernanceKubernetesClusterQueryGovernanceKubernetesClusterget
All Resources
*
NoneNone
mse:QueryGatewayRegionQueryGatewayRegionget
All Resources
*
NoneNone
mse:AddGatewayAuthConsumerAddGatewayAuthConsumercreate
All Resources
*
NoneNone
mse:UpdateEngineNamespaceUpdateEngineNamespaceupdate
All Resources
*
NoneNone
mse:AddAuthResourceAddAuthResourceWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateSSLCertUpdateSSLCertWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayServiceCheckUpdateGatewayServiceCheckupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayServiceVersionUpdateGatewayServiceVersionWrite
All Resources
*
NoneNone
mse:UpdateImageUpdateImageWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:DeleteAuthResourceDeleteAuthResourceWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListFlowRulesListFlowRuleslist
All Resources
*
NoneNone
mse:PutClusterHealthCheckTaskPutClusterHealthCheckTaskWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:ListMigrationTaskListMigrationTasklist
All Resources
*
NoneNone
mse:UpdateNacosServiceUpdateNacosServiceWrite
All Resources
*
NoneNone
mse:ListInstanceCountListInstanceCountget
All Resources
*
NoneNone
mse:GetApplicationInstanceListGetApplicationInstanceListget
All Resources
*
NoneNone
mse:UpdatePluginConfigUpdatePluginConfigupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QueryConfigQueryConfigget
All Resources
*
NoneNone
mse:ListApplicationsWithTagRulesListApplicationsWithTagRulesget
All Resources
*
NoneNone
mse:ListNamingTrackListNamingTrackget
All Resources
*
NoneNone
mse:ImportNacosConfigImportNacosConfigcreate
All Resources
*
NoneNone
mse:ListGatewayDomainListGatewayDomainget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetNacosConfigGetNacosConfigget
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:UpdateMigrationTaskUpdateMigrationTaskupdate
All Resources
*
NoneNone
mse:GetImageGetImageget
All Resources
*
NoneNone
mse:OfflineGatewayRouteOfflineGatewayRouteWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListGatewayListGatewayget
All Resources
*
NoneNone
mse:ListAnsServicesListAnsServiceslist
All Resources
*
NoneNone
mse:CreateGatewayFlowRuleCreateGatewayFlowRulecreate
All Resources
*
NoneNone
mse:ListClusterVersionsListClusterVersions
All Resources
*
NoneNone
mse:ImportZookeeperDataImportZookeeperDataWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:UpdateNacosConfigUpdateNacosConfigupdate
All Resources
*
NoneNone
mse:ListSecurityGroupRuleListSecurityGroupRulelist
All Resources
*
NoneNone
mse:SelectGatewaySlbSelectGatewaySlbget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:CloneNacosConfigCloneNacosConfigcreate
All Resources
*
NoneNone
mse:UpdateGatewayAuthConsumerResourceUpdateGatewayAuthConsumerResourceupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateGatewayRouteHeaderOpUpdateGatewayRouteHeaderOpupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QueryClusterSpecificationQueryClusterSpecification
All Resources
*
NoneNone
mse:DeleteZnodeDeleteZnodeWrite
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:UpdateAuthPolicyUpdateAuthPolicyget
All Resources
*
NoneNone
mse:ListCircuitBreakerRulesListCircuitBreakerRuleslist
All Resources
*
NoneNone
mse:ListNacosHistoryConfigsListNacosHistoryConfigsget
All Resources
*
NoneNone
mse:ListGatewayAuthConsumerResourceListGatewayAuthConsumerResource
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateMessageQueueRouteUpdateMessageQueueRouteget
All Resources
*
NoneNone
mse:DeleteGatewaySlbDeleteGatewaySlbWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:DeleteGatewayRouteDeleteGatewayRouteWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QueryZnodeDetailQueryZnodeDetailget
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
NoneNone
mse:ExportZookeeperDataExportZookeeperDataget
All Resources
*
NoneNone
mse:AddSecurityGroupRuleAddSecurityGroupRulecreate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:UpdateConfigUpdateConfigupdate
All Resources
*
NoneNone
mse:DeleteGatewayServiceDeleteGatewayServicedelete
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetGatewayGetGatewayget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:QuerySlbSpecQuerySlbSpeclist
All Resources
*
NoneNone
mse:AddServiceSourceAddServiceSourcecreate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListAnsInstancesListAnsInstanceslist
All Resources
*
NoneNone
mse:UpdateGatewayAuthConsumerUpdateGatewayAuthConsumer
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:DeleteMigrationTaskDeleteMigrationTaskdelete
All Resources
*
NoneNone
mse:ListAppBySwimmingLaneGroupTagsListAppBySwimmingLaneGroupTagslist
All Resources
*
NoneNone
mse:GetKubernetesSourceGetKubernetesSourceget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetGatewayAuthConsumerDetailGetGatewayAuthConsumerDetailget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ListClusterTypesListClusterTypes
All Resources
*
NoneNone
mse:DeleteNacosConfigsDeleteNacosConfigsdelete
All Resources
*
NoneNone
mse:CreateNacosInstanceCreateNacosInstancecreate
All Resources
*
NoneNone
mse:GetAppMessageQueueRouteGetAppMessageQueueRouteget
All Resources
*
NoneNone
mse:UpdateBlackWhiteListUpdateBlackWhiteListupdate
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:GetTagsBySwimmingLaneGroupIdGetTagsBySwimmingLaneGroupIdget
All Resources
*
NoneNone
mse:QueryClusterInfoQueryClusterInfoget
All Resources
*
NoneNone
mse:GetGatewayServiceDetailGetGatewayServiceDetailget
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:CreateMseServiceApplicationCreateMseServiceApplicationget
All Resources
*
NoneNone
mse:DeleteGatewayAuthConsumerDeleteGatewayAuthConsumer
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:ModifyLosslessRuleModifyLosslessRuleget
All Resources
*
NoneNone
mse:CreateOrUpdateSwimmingLaneGroupCreateOrUpdateSwimmingLaneGroupupdate
GovernanceNamespace
acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}
NoneNone
mse:AddBlackWhiteListAddBlackWhiteListWrite
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone
mse:DeleteSwimmingLaneDeleteSwimmingLanedelete
All Resources
*
NoneNone
mse:DeleteEngineNamespaceDeleteEngineNamespacedelete
All Resources
*
NoneNone
mse:CreateOrUpdateSwimmingLaneCreateOrUpdateSwimmingLanecreate
GovernanceNamespace
acs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}
NoneNone
mse:GetServiceListenersGetServiceListenersget
Cluster
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
EngineNamespace
acs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
NoneNone
mse:UpdateGatewayRouteAuthUpdateGatewayRouteAuth
Gateway
acs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
NoneNone

Resource

MSE defines the values that you can use in the Resource. You can attach the policy to a RAM user or a RAM role so that the RAM user or the RAM role can perform a specific operation on a specific resource. The ARN is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:
  • {#}indicates a variable. {#} must be replaced with an actual value. For example, {#ramcode} must be replaced with the actual code of an Alibaba Cloud service in RAM.
  • An asterisk (*) is used as a wildcard. Examples:
    • {#resourceType} is set to *, all resources are specified.
    • {#regionId} is set to *, all regions are specified.
    • {#accountId} is set to *, all Alibaba Cloud accounts are specified.
Resource typeARN
NacosConfigacs:mse:*:{#accountId}:nacosconfig/{#DataId}
EngineNamespaceacs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/{#NamespaceId}
Gatewayacs:mse:{#regionId}:{#accountId}:instance/{#GatewayUniqueId}
GovernanceApplicationacs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}/application/{#AppName}
Clusteracs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}
GovernanceApplicationacs:mse:{#Region}:{#AccountId}:namespace/{#Namespace}/application/{#AppName}
Gatewayacs:mse:{#regionId}:{#accountId}:instance/*
Clusteracs:mse:{#regionId}:{#accountId}:cluster/{#InstanceId}
Clusteracs:mse:{#regionId}:{#accountId}:instance/*
GovernanceNamespaceacs:mse:{#regionId}:{#accountId}:namespace/{#Namespace}
NacosServiceacs:mse:*:{#accountId}:nacosservice/{#ServiceName}
Gatewayacs:mse:{#Region}:{#AccountId}:instance/{#GatewayUniqueId}
EngineNamespaceacs:mse:{#regionId}:{#accountId}:instance/{#InstanceId}/*
GovernanceNamespaceacs:mse:{#Region}:{#AccountId}:namespace/{#Namespace}
NacosInstanceacs:mse:{#regionId}:{#accountId}:nacosinstance/*
EngineNamespaceacs:mse:*:{#accountId}:enginenamespace/{#InstanceId}/{#Namespace}
Clusteracs:mse:{#regionId}:{#AccountId}:instance/{#InstanceId}
Gatewayacs:mse:{#regionId}:{#accountId}:gateway/{#GatewayUniqueId}
NacosConfigacs:mse::{#accountId}:nacosconfig/{#DataId}

Condition

MSE does not define service-specific condition keys. For more information about common condition keys that are defined by Alibaba Cloud, see Generic Condition Keyword.

What to do next

You can create a custom policy and attach the policy to a RAM user, RAM user group, or RAM role. For more information, see the following topics: