All Products
Search
Document Center

Resource Access Management:Services that work with RAM

Last Updated:Dec 13, 2024

This topic lists the Alibaba Cloud services that work with Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.

Overview

Each table in this topic contains the following columns:

  • Alibaba Cloud service: the name of the cloud service that supports RAM.

  • Sub-service or sub-module: the sub-service or sub-module of the cloud service. A hyphen (-) indicates none.

  • RAM code: the code that is used in RAM to indicate the cloud service.

  • Console: indicates whether RAM can be used to implement access control in the console of the service. A tick (√) indicates that RAM is supported. A cross (×) indicates that RAM is not supported. A circle (○) indicates that no console is provided for that service.

  • API: indicates whether RAM can be used to implement access control by calling the API of the service. A tick (√) indicates that RAM is supported by calling the API of the service. A cross (×) indicates that RAM is not supported by calling the API of the service. A circle (○) indicates that no API is provided for that service.

  • Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.

    The following authorization granularity is defined:

    • Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.

    • Operation: You can control whether RAM users or RAM roles can perform specific operations on a specific type of resource in the service.

    • Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.

  • System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.

  • References: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.

Elastic computing

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

ECS

ECS

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

  • AliyunECSWorkbenchFullAccess

Authorization rules

Elastic Block Storage (EBS)

EBS

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

-

EBS

EBS

ebs

Resource

  • AliyunEBSFullAccess

  • AliyunEBSReadOnlyAccess

-

ECS

Elastic GPU Service

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authorization rules

ECS

ECS Bare Metal Instance

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authorization rules

ECS

Dedicated Host (DDH)

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authorization rules

ECS

Alibaba Cloud Linux 2

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authorization rules

Auto Scaling

-

ess

Operation

  • AliyunESSFullAccess

  • AliyunESSReadOnlyAccess

API usage notes

Container Service for Kubernetes (ACK)

-

cs

Resource

  • AliyunCSFullAccess

  • AliyunCSReadOnlyAccess

RAM authorization

Batch Compute

-

batchcompute

Service

-

-

Resource Orchestration Service (ROS)

-

ros

Resource

  • AliyunROSFullAccess

  • AliyunROSReadOnlyAccess

Use RAM to control access to resources

Function Compute

-

fc

Resource

  • AliyunFCFullAccess

  • AliyunFCReadOnlyAccess

  • AliyunFCInvocationAccess

Grant permissions across Alibaba Cloud accounts by using RAM roles

Simple Application Server

-

swas

Service

AliyunSWASFullAccess

-

Elastic High Performance Computing (E-HPC)

-

ehpc

Service

  • AliyunEHPCFullAccess

  • AliyunEHPCReadOnlyAccess

-

Container Registry

-

cr

Resource

  • AliyunContainerRegistryFullAccess

  • AliyunContainerRegistryReadOnlyAccess

RAM authentication rules

Elastic Desktop Service (EDS)

EDS

ecd

Operation

  • AliyunECDFullAccess

  • AliyunECDReadOnlyAccess

  • AliyunECDRamUserAccess

  • AliyunECDTagFullAccess

  • AliyunECDOfficeSiteFullAccess

  • AliyunECDUserFullAccess

  • AliyunECDPolicyGroupFullAccess

  • AliyunECDDesktopFullAccess

  • AliyunECDTechnicalSupportFullAccess

Attach an EDS system policy to a RAM user

Elastic Container Instance

-

eci

Resource

  • AliyunECIFullAccess

  • AliyunECIReadOnlyAccess

Grant permissions to a RAM user

CloudFlow

-

fnf

Resource

  • AliyunFnFFullAccess

  • AliyunFnFReadOnlyAccess

RAM authorization

Web App Service

-

webplus

Operation

  • AliyunWebPlusFullAccess

  • AliyunWebPlusReadOnlyAccess

-

Compute Nest

-

  • computenest

  • computenestsupplier

Resource

  • AliyunComputeNestSupplierFullAccess

  • AliyunComputeNestUserFullAccess

  • AliyunComputeNestUserReadOnlyAccess

  • AliyunComputeNestSupplierReadOnlyAccess

-

Alibaba Cloud Distributed Cloud Container Platform (ACK One)

-

adcp

Operation

  • AliyunAdcpFullAccess

  • AliyunAdcpReadOnlyAccess

-

Databases

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

ApsaraDB RDS

ApsaraDB RDS

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

  • AliyunRDSGADFullAccess

  • AliyunRDSGADReadOnlyAccess

  • AliyunRDSReadOnlyWithSQLLogArchiveAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB RDS for MySQL

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB RDS for SQL Server

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB RDS for PostgreSQL

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB for MyBase

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

-

Tair (Redis® OSS-Compatible)

-

kvstore

Resource

  • AliyunKvstoreFullAccess

  • AliyunKvstoreReadOnlyAccess

RAM authorization

ApsaraDB for MongoDB

-

dds

Resource

  • AliyunMongoDBFullAccess

  • AliyunMongoDBReadOnlyAccess

-

AnalyticDB for PostgreSQL

-

gpdb

Resource

  • AliyunGPDBFullAccess

  • AliyunGPDBReadOnlyAccess

-

Data Transmission Service (DTS)

-

dts

Operation

  • AliyunDTSFullAccess

  • AliyunDTSReadOnlyAccess

Use a system policy to authorize a RAM user to manage DTS instances

Data Management (DMS)

-

dms

Service

  • AliyunDMSFullAccess

  • AliyunDMSReadOnlyAccess

Authorize DMS to access Alibaba Cloud resources

AnalyticDB for MySQL

-

adb

Operation

  • AliyunADBFullAccess

  • AliyunADBReadOnlyAccess

  • AliyunADBDeveloperAccess

Manage RAM users and permissions

PolarDB for Xscale (PolarDB-X)

-

  • drds

  • polardbx

Resource

  • AliyunDRDSReadOnlyAccess

  • AliyunDRDSFullAccess

  • AliyunDRDSReadOnlyWithSQLLogArchiveAccess

Use RAM for resource authorization

ApsaraDB for HBase

-

hbase

Resource

  • AliyunHBaseFullAccess

  • AliyunHBaseReadOnlyAccess

Customize a RAM policy

Advanced Database & Application Migration (ADAM)

-

adam

Service

  • AliyunADAMReadOnlyAccess

  • AliyunADAMFullAccess

Logon accounts

PolarDB

-

polardb

Operation

  • AliyunPolardbReadOnlyAccess

  • AliyunPolardbFullAccess

  • AliyunPolardbReadOnlyWithSQLLogArchiveAccess

Create and grant permissions to a RAM user

Database Backup (DBS)

-

dbs

Service

  • AliyunDBSFullAccess

  • AliyunDBSReadOnlyAccess

-

Database Autonomy Service (DAS)

-

hdm

Service

  • AliyunHDMReadOnlyAccess

  • AliyunHDMFullAccess

  • AliyunHDMReadOnlyWithSQLLogArchiveAccess

How do I use DAS as a RAM user?

ApsaraDB for OceanBase

-

oceanbase

Service

  • AliyunOceanBaseFullAccess

  • AliyunOceanBaseReadOnlyAccess

-

ApsaraDB for Cassandra

-

cassandra

Resource

  • AliyunCassandraFullAccess

  • AliyunCassandraReadOnlyAccess

Manage RAM users

LedgerDB

-

ledgerdb

Resource

  • AliyunLedgerDBFullAccess

  • AliyunLedgerDBReadOnlyAccess

RAM user authorization

ApsaraDB for ClickHouse

-

clickhouse

Resource

  • AliyunClickHouseFullAccess

  • AliyunClickHouseReadOnlyAccess

Authorize RAM users to access resources

Database Gateway (DG)

-

dg

Resource

  • AliyunDGFullAccess

  • AliyunDGReadOnlyAccess

-

ApsaraDB for SelectDB

-

selectdb

Operation

  • AliyunSelectDBFullAccess

  • AliyunSelectDBReadOnlyAccess

RAM authorization

Storage

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Object Storage Service (OSS)

-

oss

Resource

  • AliyunOSSFullAccess

  • AliyunOSSReadOnlyAccess

  • AliyunOSSImportReadOnlyAccess

  • AliyunOSSImportFullAccess

RAM policies

File Storage NAS (NAS)

-

nas

Resource

  • AliyunNASFullAccess

  • AliyunNASReadOnlyAccess

Perform access control based on RAM policies

Tablestore (OTS)

-

ots

Resource

  • AliyunOTSFullAccess

  • AliyunOTSReadOnlyAccess

  • AliyunOTSWriteOnlyAccess

Create a custom policy

Cloud Storage Gateway (CSG)

-

hcs-sgw

Service

AliyunHCSSGWFullAccess

Use RAM to implement account-based access control

Cloud Backup

-

hbr

Resource

  • AliyunHBRFullAccess

  • AliyunHBRReadOnlyAccess

Create a RAM user and authorize the RAM user to access Cloud Backup

Hybrid Cloud Storage Array (CSA)

Hybrid Cloud Storage Array (CSA)

hgw

Operation

  • AliyunHgwFullAccess

  • AliyunHgwReadOnlyAccess

-

CSA

Remote Service

asrs

Resource

  • ASRSFullAccess

  • ASRSReadonlyAccess

-

Cloud communications

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Short Message Service (SMS)

-

dysms

Service

-

-

Network

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Virtual Private Cloud (VPC)

-

vpc

Resource

  • AliyunVPCFullAccess

  • AliyunVPCReadOnlyAccess

  • AliyunVPCNetworkIntelligenceReadOnlyAccess

  • AliyunVPCPrefixListAccess

  • AliyunVPCPrefixListReadOnlyAccess

  • AliyunVpcPeerFullAccess

  • AliyunVpcPeerReadOnlyAccess

RAM authorization

Server Load Balancer (SLB)

SLB

slb

Resource

  • AliyunSLBReadOnlyAccess

  • AliyunSLBFullAccess

RAM authorization

SLB

Application Load Balancer (ALB)

alb

Resource

  • AliyunALBFullAccess

  • AliyunALBReadOnlyAccess

-

SLB

Network Load Balancer (NLB)

nlb

Resource

  • AliyunNLBFullAccess

  • AliyunNLBReadOnlyAccess

-

Express Connect

-

vpc

Resource

  • AliyunExpressConnectFullAccess

  • AliyunExpressConnectReadOnlyAccess

Policies and examples

Elastic IP Address (EIP)

EIP

vpc

Resource

  • AliyunEIPFullAccess

  • AliyunEIPReadOnlyAccess

Grant permissions to a RAM user

EIP

Anycast Elastic IP Address (Anycast EIP)

eipanycast

Resource

  • AliyunAnycastEIPFullAccess

  • AliyunAnycastEIPReadOnlyAccess

RAM authorization

NAT Gateway

-

vpc

Resource

  • AliyunNATGatewayReadOnlyAccess

  • AliyunNATGatewayFullAccess

Grant permissions to a RAM user

VPN Gateway

-

vpc

Resource

  • AliyunVPNGatewayFullAccess

  • AliyunVPNGatewayReadOnlyAccess

Grant permissions to a RAM user

Internet Shared Bandwidth

-

vpc

Resource

  • AliyunCommonBandwidthPackageReadOnlyAccess

  • AliyunCommonBandwidthPackageFullAccess

-

Global Accelerator (GA)

-

ga

Resource

  • AliyunGlobalAccelerationReadOnlyAccess

  • AliyunGlobalAccelerationFullAccess

Grant permissions to a RAM user

Smart Access Gateway (SAG)

-

smartag

Resource

-

RAM authentication

Cloud Enterprise Network (CEN)

-

cen

Resource

  • AliyunCENReadOnlyAccess

  • AliyunCENFullAccess

RAM authentication

PrivateLink

-

privatelink

Resource

  • AliyunPrivateLinkFullAccess

  • AliyunPrivateLinkReadOnlyAccess

  • AliyunPrivatelinkEndpointServiceReadOnlyAccess

  • AliyunPrivatelinkEndpointServiceFullAccess

  • AliyunPrivatelinkEndpointReadOnlyAccess

  • AliyunPrivatelinkEndpointFullAccess

RAM authorization

Alibaba Cloud DNS PrivateZone

-

pvtz

Resource

  • AliyunPvtzFullAccess

  • AliyunPvtzReadOnlyAccess

Grant permissions to a RAM user

Cloud Data Transfer (CDT)

-

cdt

Operation

  • AliyunCDTFullAccess

  • AliyunCDTReadOnlyAccess

System policies for CDT

VPC peering connection

-

vpc

Resource

  • AliyunVpcPeerFullAccess

  • AliyunVpcPeerReadOnlyAccess

-

IPv6 Gateway

-

vpc

Resource

  • AliyunIpv6FullAccess

  • AliyunIpv6ReadOnlyAccess

-

O&M and management

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Application Real-Time Monitoring Service (ARMS)

-

arms

Service

  • AliyunARMSFullAccess

  • AliyunARMSReadOnlyAccess

Use RAM users to manage permissions

CloudMonitor

-

cms

Operation

  • AliyunCloudMonitorFullAccess

  • AliyunCloudMonitorReadOnlyAccess

  • AliyunCloudMonitorMetricDataReadOnlyAccess

RAM authentication

Intelligent Advisor

-

advisor-intl

Operation

  • AliyunAdvisorFullAccess

  • AliyunAdvisorReadOnlyAccess

-

Cloud Shell

-

cloudshell

Operation

AliyunCloudShellFullAccess

-

Cloud Config

-

config

Operation

  • AliyunConfigFullAccess

  • AliyunConfigReadOnlyAccess

RAM user authorization

Logic Composer

-

composer

Resource

  • AliyunLogicComposerFullAccess

  • AliyunLogicComposerReadOnlyAccess

Grant permissions to a RAM user

CloudOps Orchestration Service (OOS)

-

oos

Resource

  • AliyunOOSFullAccess

  • AliyunOOSReadOnlyAccess

RAM authorization

Cloud Governance Center (CGC)

CGC

governance

Operation

  • AliyunGovernanceFullAccess

  • AliyunGovernanceReadOnlyAccess

-

Middleware

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Enterprise Distributed Application Service (EDAS)

-

edas

Resource

  • AliyunEDASFullAccess

  • AliyunEDASReadOnlyAccess

  • AliyunEDASApplicationFullAccess

  • AliyunEDASApplicationReadOnlyAccess

  • AliyunEDASResourceReadOnlyAccess

  • AliyunEDASResourceFullAccess

Manage RAM users

ApsaraMQ

ApsaraMQ for RocketMQ

mq

Resource

  • AliyunMQFullAccess

  • AliyunMQReadOnlyAccess

  • AliyunMQPubOnlyAccess

  • AliyunMQSubOnlyAccess

Grant permissions to RAM users

ApsaraMQ

ApsaraMQ for MQTT

mq

Resource

  • AliyunMQFullAccess

  • AliyunMQReadOnlyAccess

  • AliyunMQPubOnlyAccess

  • AliyunMQSubOnlyAccess

Grant permissions to RAM users

ApsaraMQ

ApsaraMQ for RabbitMQ

amqp

Resource

  • AliyunAMQPFullAccess

  • AliyunAMQPReadOnlyAccess

Grant permissions to RAM users

Simple Message Queue (formerly MNS)

-

mns

Resource

  • AliyunMNSFullAccess

  • AliyunMNSReadOnlyAccess

Authorize a RAM user

ApsaraMQ for Kafka

-

alikafka

Service

  • AliyunKafkaFullAccess

  • AliyunKafkaReadOnlyAccess

Grant permissions to RAM users

Application High Availability Service

-

ahas

Service

  • AliyunAHASFullAccess

  • AliyunAHASReadOnlyAccess

-

Alibaba Cloud Service Mesh (ASM)

-

servicemesh

Resource

  • AliyunASMFullAccess

  • AliyunASMReadOnlyAccess

Authorization overview

EventBridge

-

eventbridge

Resource

  • AliyunEventBridgeFullAccess

  • AliyunEventBridgeReadOnlyAccess

  • AliyunEventBridgeResourceCreatePolicy

  • AliyunEventBridgeResourceDeletePolicy

  • AliyunEventBridgeResourceUpdatePolicy

  • AliyunEventBridgePutEventsPolicy

Policies and examples

Media services and CDN

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

CDN

-

cdn

Resource

  • AliyunCDNFullAccess

  • AliyunCDNReadOnlyAccess

RAM authorization

ApsaraVideo Media Processing (MPS)

-

mts

Service

  • AliyunMTSFullAccess

  • AliyunMTSPlayerAuth

-

ApsaraVideo VOD (VOD)

-

vod

Operation

  • AliyunVODFullAccess

  • AliyunVODReadOnlyAccess

  • AliyunVODPlayAuth

  • AliyunVODUploadAuth

-

ApsaraVideo Live

-

live

Resource

  • AliyunLiveFullAccess

  • AliyunLiveReadOnlyAccess

Authentication rules on API requests

Real-Time Communication

-

rtc

Resource

-

-

Dynamic Content Delivery Network (DCDN)

-

dcdn

Resource

  • AliyunDCDNFullAccess

  • AliyunDCDNReadOnlyAccess

-

Enterprise applications

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Direct Mail

-

dm

Operation

  • AliyunDirectMailFullAccess

  • AliyunDirectMailReadOnlyAccess

-

API Gateway

-

apigateway

Service

  • AliyunApiGatewayFullAccess

  • AliyunApiGatewayReadOnlyAccess

Use RAM to manage the permissions on API resources

Alibaba Mail

-

alimail

Operation

  • AliyunAlimailFullAccess

  • AliyunAlimailReadOnlyAccess

-

Resource Management

Resource Management

resourcemanager

Operation

  • AliyunResourceDirectoryFullAccess

  • AliyunResourceDirectoryReadOnlyAccess

RAM authorization

Resource Management

Resource Sharing

resourcesharing

Operation

  • AliyunResourceSharingFullAccess

  • AliyunResourceSharingReadOnlyAccess

-

Resource Management

Tag service

tag

Operation

  • AliyunTagManagerAccess

  • AliyunTAGReadOnlyAccess

  • AliyunTagAdministratorAccess

Tag

Resource Management

Resource Center

resourcecenter

Operation

  • AliyunResourceCenterFullAccess

  • AliyunResourceCenterReadOnlyAccess

Grant a RAM user the permissions to use Resource Center

Blockchain as a Service (BaaS)

BaaS

baas

Resource

  • AliyunBaaSFullAccess

  • AliyunBaaSReadOnlyAccess

Hyperledger Fabric RAM authentication

CloudQuotation (CQ)

-

assettech

Service

  • AliyunCQLoudFullAccess

  • AliyunCQLoudReadOnlyAccess

-

BizWorks

-

bizworks

Service

  • AliyunBizWorksFullAccess

  • AliyunBizWorksReadOnlyAccess

-

Domains and websites

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Alibaba Cloud DNS (DNS)

DNS

alidns

Resource

  • AliyunDNSFullAccess

  • AliyunDNSReadOnlyAccess

DNS

Alibaba Cloud Public DNS

pubdns

Resource

  • AliyunPubDNSReadOnlyAccess

  • AliyunPubDNSFullAccess

-

Domain Names

-

domain

Resource

  • AliyunDomainFullAccess

  • AliyunDomainReadonlyAccess

Authentication rules for the Domains API

Artificial intelligence

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Intelligent Speech Interaction

Intelligent Speech Interaction

nls

Service

  • AliyunNLSFullAccess

  • AliyunNLSReadOnlyAccess

  • AliyunNLSSpeechServiceAccess

  • AliyunNLSSlpAccess

-

Platform for AI (PAI)

-

pai

Service

-

-

PAI

-

paiplugin

Operation

  • AliyunPaiPluginFullAccess

  • AliyunPaiPluginReadOnlyAccess

-

Image Search

-

imagesearch

Resource

  • AliyunImagesearchReadOnlyAccess

  • AliyunImagesearchFullAccess

Grant permissions to RAM users

Machine Translation

-

alimt

Operation

  • AliyunMTFullAccess

  • AliyunMTReadOnlyAccess

-

IoT

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

IoT Platform

-

iot

Resource

  • AliyunIOTFullAccess

  • AliyunIOTReadOnlyAccess

  • AliyunIOTConsoleCommonAccess

Access IoT Platform as a RAM user

Link IoT Edge

-

iot

Resource

  • AliyunIOTFullAccess

  • AliyunIOTReadOnlyAccess

  • AliyunIOTConsoleCommonAccess

Access resources of other Alibaba Cloud services

Lindorm

Time Series Database (TSDB)

hitsdb

Operation

-

-

Big data

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

DataWorks

-

dataworks

Operation

  • AliyunDataWorksFullAccess

  • AliyunDataWorksReadOnlyAccess

  • AliyunDataWorksExclusiveResourceGroupModify

  • AliyunDataWorksAccessingRdsReadOnlyPolicy

  • AliyunDataWorksAccessingDLFReadOnlyPolicy

  • AliyunDataWorksAccessingEMRReadOnlyPolicy

  • AliyunDataWorksAccessingAlikafkaPolicy

Manage permissions on the DataWorks services and the entities in the DataWorks console by using RAM policies

Quick BI

-

-

Service

-

-

DataV

-

datav

Service

AliyunDataVFullAccess

-

Realtime Compute for Apache Flink

-

stream

Resource

  • AliyunStreamFullAccess

  • AliyunStreamReadOnlyAccess

Grant permissions to a RAM user

Elasticsearch

-

elasticsearch

Resource

  • AliyunElasticsearchReadOnlyAccess

  • AliyunElasticsearchFullAccess

  • AliyunElasticsearchServerlessFullAccess

  • AliyunElasticsearchServerlessReadOnlyAccess

Elasticsearch objects supported for authorization

E-MapReduce (EMR)

E-MapReduce

emr

Service

  • AliyunEMRFullAccess

  • AliyunEMRFlowAdmin

  • AliyunEMRDevelopAccess

  • AliyunEMRDlsFullAccess

  • AliyunEMRDlsReadOnlyAccess

Grant permissions to RAM users

Simple Log Service

-

log

Resource

  • AliyunLogFullAccess

  • AliyunLogReadOnlyAccess

  • AliyunLogPutOpenEventPolicy

  • AliyunLogInvokeFCAccess

Authorization rules

Hologres

-

hologram

Resource

  • AliyunHologresFullAccess

  • AliyunHologresReadOnlyAccess

Grant permissions to a RAM user

Developer services

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Apsara Devops

-

rdc

Resource

  • AliyunRDCFullAccess

  • AliyunRDCReadOnlyAccess

-

Managed Service for OpenTelemetry

-

xtrace

Operation

  • AliyunTracingAnalysisFullAccess

  • AliyunTracingAnalysisReadOnlyAccess

-

Security

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Security Center

-

  • yundun-sas

  • yundun-aegis

Operation

  • AliyunYundunSASFullAccess

  • AliyunYundunSASReadOnlyAccess

-

Server Guard

-

yundun-aegis

Service

  • AliyunYundunAegisFullAccess

  • AliyunYundunAegisReadOnlyAccess

-

Anti-DDoS

Anti-DDoS

yundun-ddos

Service

  • AliyunYundunDDosFullAccess

  • AliyunYundunDDosReadOnlyAccess

  • AliyunYundunDDoSRewardsReadOnlyA

  • AliyunYundunDDoSRewardsFullAccess

-

Anti-DDoS

Anti-DDoS Proxy

  • yundun-high

  • yundun-ddoscoo

Service

  • AliyunYundunHighFullAccess

  • AliyunYundunHighReadOnlyAccess

-

Anti-DDoS

Anti-DDoS Proxy (Outside Chinese Mainland)

  • yundun-high

  • yundun-ddoscoo

Service

  • AliyunYundunAntiDDoSPremiumFullAccess

  • AliyunYundunAntiDDoSPremiumReadOnlyAccess

-

Web Application Firewall (WAF)

WAF

yundun-waf

Operation

  • AliyunYundunWAFFullAccess

  • AliyunYundunWAFReadOnlyAccess

  • AliyunYundunWAFv3FullAccess

  • AliyunYundunWAFv3ReadOnlyAccess

-

Certificate Management Service

-

yundun-cert

Service

  • AliyunYundunCertFullAccess

  • AliyunYundunCertReadOnlyAccess

-

Cloud Firewall

-

yundun-cloudfirewall

Service

  • AliyunYundunCloudFirewallReadOnlyAccess

  • AliyunYundunCloudFirewallFullAccess

-

Managed Security Service (MSSP)

-

mssp

Service

-

-

Content Moderation

-

yundun-greenweb

Service

  • AliyunYundunGreenWebFullAccess

  • AliyunYundunGreenWebConsoleOnlyAccess

  • AliyunYundunGreenWebReadOnlyAccess

-

Bastionhost

Bastionhost

yundun-bastionhost

Service

  • AliyunYundunBastionHostFullAccess

  • AliyunYundunBastionHostReadOnlyAccess

  • AliyunYundunBastionHostOperateOnlyAccess

  • AliyunYundunBastionHostAuditOnlyAccess

-

Data Security Center (DSC)

-

yundun-sddp

Service

  • AliyunYundunSDDPFullAccess

  • AliyunYundunSDDPReadOnlyAccess

  • AliyunYundunSDDPDataManager

-

Identity as a Service (IDaaS)

IDaaS

yundun-idaas

Operation

  • AliyunYundunIdaasFullAccess

  • AliyunYundunIdaasReadOnlyAccess

-

Key Management Service (KMS)

-

kms

Resource

  • AliyunKMSFullAccess

  • AliyunKMSReadOnlyAccess

  • AliyunKMSSecretUserAccess

  • AliyunKMSCryptoAdminAccess

  • AliyunKMSCryptoUserAccess

  • AliyunKMSSecretAdminAccess

Use RAM to control access to KMS resources

RAM

RAM

  • ram

  • sts

  • ims

Resource

  • AliyunRAMFullAccess

  • AliyunRAMReadOnlyAccess

RAM authorization

RAM

CloudSSO

cloudsso

Resource

  • AliyunCloudSSOReadOnlyAccess

  • AliyunCloudSSOFullAccess

-

ActionTrail

-

actiontrail

Operation

-

RAM account authentication

Technical support

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Ticket Management

-

support

Service

AliyunSupportFullAccess

-

Marketplace

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Alibaba Cloud Marketplace

-

acm

×

Service

AliyunMarketplaceFullAccess

-

Others

Service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Billing Management

-

  • bss

  • bssapi

  • efc

Operation

  • AliyunBSSFullAccess

  • AliyunBSSReadOnlyAccess

  • AliyunBSSOrderAccess

  • AliyunBSSRefundAccess

  • AliyunBSSRenewReadOnlyAccess

  • AliyunBSSRenewFullAccess

  • AliyunBSSCartReadOnlyAccess

  • AliyunBSSCartFullAccess

  • AliyunBSSMyFreetierFullAccess

-

ICP Filing

-

  • beian

  • bsn

Service

AliyunBeianFullAccess

-