This topic describes the use scenarios, policies, and creation of the service-linked role AliyunServiceRoleForResourceSharing for the Resource Sharing service.

Scenarios

The Resource Sharing service uses the AliyunServiceRoleForResourceSharing role to obtain the organizational structure of a resource directory and implement resource sharing within the resource directory based on the organizational structure.

For more information, see Service-linked roles.

Role description

Role name: AliyunServiceRoleForResourceSharing.

Policy: AliyunServiceRolePolicyForResourceSharing.

Permissions: This role allows Resource Sharing to access the organizational structure of your resource directory.

 {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "resourcemanager:GetResourceDirectory",
                "resourcemanager:GetFolder",
                "resourcemanager:ListFoldersForParent",
                "resourcemanager:ListAccountsForParent",
                "resourcemanager:ListAccounts"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "resourcesharing.aliyuncs.com"
                }
            }
        }
    ]
}

Create the service-linked role for Resource Sharing

When you enable resource sharing, the system creates the service-linked role AliyunServiceRoleForResourceSharing. For more information, see Enable resource sharing.