All Products
Search

This Product

    Simple Log Service:Resource list

    Document Center

    Simple Log Service:Resource list

    Last Updated:Oct 26, 2023

    You can use an Alibaba Cloud account to grant a RAM user the specific permissions to use Log Service resources. This topic describes the resources whose permissions you can grant to a RAM user.

    The following table describes the resources.

    Resource type Resource expressions in a permission policy
    Project and Logstore acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}
    Project, Logstore, and LogShipper task acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}/shipper/${shipperName}
    acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/*
    Project and Logtail configuration file acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/${logtailConfigName}
    acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logtailconfig/*
    Project and machine group acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/${machineGroupName}
    acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/machinegroup/*
    Project and consumer group acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}/consumergroup/${consumerGroupName}
    acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/logstore/${logstoreName}/consumergroup/*
    Project and saved search acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/savedsearch/${savedSearchName}
    acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/savedsearch/*
    Project and dashboard acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/dashboard/${dashboardName}
    acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/dashboard/*
    Project and alert acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/alert/${alarmName}
    acs:log:${regionName}:${projectOwnerAliUid}:project/${projectName}/alert/*
    All types of resources acs:log:${regionName}:${projectOwnerAliUid}:*
    acs:log:*:${projectOwnerAliUid}:*
    Note The resources in Log Service are organized into a hierarchy. Projects are root resources. Logstores, Logtail configuration files, and machine groups are parallel sub-resources of projects. LogShipper tasks and consumer groups are sub-resources of Logstores.
    The following table describes the parameters that are used in the policies.
    Parameter Description
    ${regionName} The name of a region.
    ${projectOwnerAliUid} The ID of an Alibaba Cloud account.
    ${projectName} The name of a project.
    ${logstoreName} The name of a Logstore.
    ${logtailconfig} The name of a Logtail configuration file.
    ${machineGroupName} The name of a machine group.
    ${shipperName} The name of a LogShipper task.
    ${consumerGroupName} The name of a consumer group.
    ${savedSearchName} The name of a saved search.
    ${dashboardName} The name of a dashboard.
    ${alarmName} The name of an alert rule.