AliyunServiceCatalogAdminFullAccess is a service system policy that is managed by Alibaba Cloud. You can attach the AliyunServiceCatalogAdminFullAccess policy to a Resource Access Management (RAM) identity, such as a RAM user, RAM user group, and RAM role. The AliyunServiceCatalogAdminFullAccess policy: Provides full access to Service Catalog for admin via Management Console.
Policy details
Type: service system policy
Creation time: 06:10:48 on February 10, 2022
Update time: 09:45:51 on August 02, 2022
Current version: v4
Policy content
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "servicecatalog:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ros:GetTemplate",
"ros:ValidateTemplate",
"ros:PreviewStack",
"ros:CreateStack",
"ros:ContinueCreateStack",
"ros:GetStack",
"ros:UpdateStack",
"ros:DeleteStack",
"ros:ListStacks",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:ListChangeSets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "resourcesharing:ListSharedTargets",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ram:GetUser",
"ram:ListUsers",
"ram:GetRole",
"ram:ListRoles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"acs:Service": [
"servicecatalog.aliyuncs.com"
]
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "servicecatalog.aliyuncs.com"
}
}
}
]
}