This topic provides examples of Resource Access Management (RAM) policies for resource groups.
Policy for managing resource groups
The following policy defines that you are allowed to create and delete resource groups and to view and modify the basic information about resource groups in Resource Management.
{
"Statement": [{
"Action": "ram:*ResourceGroup*",
"Effect": "Allow",
"Resource": "*"
}],
"Version": "1"
}
Policy for creating resource groups
The following policy defines that you are allowed to create resource groups in Resource Management.
{
"Version": "1",
"Statement": [{
"Effect": "Allow",
"Action": "ram:CreateResourceGroup",
"Resource": "*"
}]
}
Note If you want to authorize a RAM user to perform more group-related operations, such as managing resources in a resource group, granting permissions to a resource group, or migrating resources across resource groups, you must attach other policies to the RAM user. For more information, see Resource Group.