All Products
Search

This Product

    Service Catalog:Grant permissions to an end user

    Document Center

    Service Catalog:Grant permissions to an end user

    Last Updated:Dec 05, 2025

    Before an end user can manage products, the administrator must grant the required permissions to the end user to allow the end user to access the Service Catalog console or perform operations in the console. An end user can be a Resource Access Management (RAM) user or a RAM role. In this topic, a RAM user is used.

    Prerequisites

    A RAM user is created by the administrator. For more information, see Create a RAM user.

    Procedure

    Console

    1. Log on to the RAM console.

    2. On the Users page, find the target RAM user and click Add Permissions in the Actions column.

      image

    3. In the Grant Permission panel, grant permissions to the RAM user.

      1. Set Resource Scope to Account.

      2. Select a Policy. Search and select the AliyunServiceCatalogEndUserFullAccess system policy. To grant a custom policy, you must first create a custom permission policy and then select it.

        Note

        The AliyunServiceCatalogEndUserFullAccess policy grants the permissions that end users need to manage Service Catalog. Grant this policy if end users need to launch products and manage instances in the Service Catalog console.

    4. Click OK.

    OpenAPI

    Grant a custom policy

    1. Call CreatePolicy to create a custom policy. For more information, see Policy elements and Overview of sample policies.

    2. Call AttachPolicyToUser to attach the policy to the specified RAM user, and set PolicyType to Custom.

    Grant a system policy

    To attach a policy to the specified RAM user, call the AttachPolicyToUser operation with PolicyType set to System and PolicyName set to AliyunServiceCatalogEndUserFullAccess.