Examples of RAM policies for resource groups - Resource Management

This topic provides examples of Resource Access Management (RAM) policies for resource groups.

Policy for managing resource groups

The following policy defines that you are allowed to create and delete resource groups and to view and modify the basic information about resource groups in Resource Management.

{
    "Statement": [{
        "Action": "ram:*ResourceGroup*",
        "Effect": "Allow",
        "Resource": "*"
    }],
    "Version": "1"
}

Policy for creating resource groups

The following policy defines that you are allowed to create resource groups in Resource Management.

{
	"Version": "1",
	"Statement": [{
		"Effect": "Allow",
		"Action": "ram:CreateResourceGroup",
		"Resource": "*"
	}]
}

Note If you want to authorize a RAM user to perform more group-related operations, such as managing resources in a resource group, granting permissions to a resource group, or migrating resources across resource groups, you must attach other policies to the RAM user. For more information, see Resource Group.