This topic describes the use scenarios, policies, and creation of the service-linked role AliyunServiceRoleForResourceSharing for the Resource Sharing service.
Scenarios
The Resource Sharing service uses the AliyunServiceRoleForResourceSharing role to obtain the organizational structure of a resource directory and implement resource sharing within the resource directory based on the organizational structure.
For more information, see Service-linked roles.
Role description
Role name: AliyunServiceRoleForResourceSharing.
Policy: AliyunServiceRolePolicyForResourceSharing.
Permissions: This role allows Resource Sharing to access the organizational structure of your resource directory.
{
"Version": "1",
"Statement": [
{
"Action": [
"resourcemanager:GetResourceDirectory",
"resourcemanager:GetFolder",
"resourcemanager:ListFoldersForParent",
"resourcemanager:ListAccountsForParent",
"resourcemanager:ListAccounts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "resourcesharing.aliyuncs.com"
}
}
}
]
}
Create the service-linked role for Resource Sharing
When you enable resource sharing, the system creates the service-linked role AliyunServiceRoleForResourceSharing. For more information, see Enable resource sharing.