AliyunLogReadOnlyAccess - Resource Access Management - Alibaba Cloud Documentation Center

AliyunLogReadOnlyAccess is a service system policy that is managed by Alibaba Cloud. You can attach the AliyunLogReadOnlyAccess policy to a Resource Access Management (RAM) identity, such as a RAM user, RAM user group, and RAM role. The AliyunLogReadOnlyAccess policy: Provides read-only access to Log Service via Management Console.

Policy details

Type: service system policy
Creation time: 06:30:35 on January 05, 2016
Update time: 02:50:23 on January 09, 2026
Current version: v4

Policy content

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "log:Get*",
        "log:List*",
        "log:Query*",
        "log:CallAiTools"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cms:CreateChat",
        "cms:CreateThread"
      ],
      "Resource": "acs:cms:*:*:digitalemployee/apsara-*"
    }
  ]
}

References

Policy elements
Grant permissions to a RAM user
Grant permissions to a RAM user group
Grant permissions to a RAM role