AliyunServiceCatalogEndUserFullAccess is a service system policy that is managed by Alibaba Cloud. You can attach the AliyunServiceCatalogEndUserFullAccess policy to a Resource Access Management (RAM) identity, such as a RAM user, RAM user group, and RAM role. The AliyunServiceCatalogEndUserFullAccess policy: Provides full access to Service Catalog for end-user via Management Console.
Policy details
Type: service system policy
Creation time: 06:11:07 on February 10, 2022
Update time: 03:19:18 on March 14, 2023
Current version: v8
Policy content
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ros:GetTemplate",
"ros:ValidateTemplate",
"ros:PreviewStack",
"ros:CreateStack",
"ros:ContinueCreateStack",
"ros:GetStack",
"ros:UpdateStack",
"ros:DeleteStack",
"ros:ListStacks",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:ListChangeSets",
"ros:ListStackOperationRisks"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ram:GetUser",
"ram:ListUsers",
"ram:GetRole",
"ram:ListRoles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:ListUserTypes",
"servicecatalog:GetAccountInfo",
"servicecatalog:GetProductAsEndUser",
"servicecatalog:ListProductsAsEndUser",
"servicecatalog:ListLaunchOptions",
"servicecatalog:GetProductVersion",
"servicecatalog:ListProductVersions",
"servicecatalog:GetTemplateDefinition",
"servicecatalog:GetGeneratedTemplate",
"servicecatalog:GetTemplate",
"servicecatalog:GetEnhancedTemplate",
"servicecatalog:GetProvisioningParameters",
"servicecatalog:LaunchProduct"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:GetProvisionedProduct",
"servicecatalog:GetProvisionedProductParameters",
"servicecatalog:GetProvisionedProductForResourceSpec",
"servicecatalog:ListProvisionedProducts",
"servicecatalog:UpdateProvisionedProduct",
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:GetTask",
"servicecatalog:ListTasks",
"servicecatalog:GetProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlanApprovers",
"servicecatalog:ListProvisionedProductPlans",
"servicecatalog:ExecuteProvisionedProductPlan",
"servicecatalog:DeleteProvisionedProductPlan",
"servicecatalog:CreateProvisionedProductPlan",
"servicecatalog:CancelProvisionedProductPlan",
"servicecatalog:UpdateProvisionedProductPlan"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"servicecatalog:UserLevel": "self"
}
}
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:GetProvisionedProduct",
"servicecatalog:GetProvisionedProductParameters",
"servicecatalog:GetProvisionedProductForResourceSpec",
"servicecatalog:GetTask",
"servicecatalog:ListTasks",
"servicecatalog:ApproveProvisionedProductPlan",
"servicecatalog:GetProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlans"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"servicecatalog:ApprovalActor": "approver"
}
}
}
]
}