Before you can use a Resource Access Management (RAM) user to use the data shipping feature of the new version to ship data to Object Storage Service (OSS), you must complete authorization. This topic describes how to authorize a RAM user to ship data to OSS.
Prerequisites
A RAM user is created. For more information, see Create a RAM user.
Procedure
Log on to the RAM console by using your Alibaba Cloud account or a RAM user who has administrative rights.
Create a custom policy. On the JSON tab, replace the existing contents in the editor with the following script. For more information, see Create a custom policy in script edit mode.
ImportantReplace
ProjectName
andLogstoreName
in the script based on your actual situation.If you want to use a RAM user to configure alerts for OSS data shipping jobs, you must authorize the RAM user to manage alerts. For more information, see Authorize a RAM user to manage alerts.
{ "Version": "1", "Statement": [{ "Effect": "Allow", "Action": [ "log:GetLogStore", "log:GetIndex", "log:GetLogStoreHistogram", "log:GetLogStoreLogs" ], "Resource": [ "acs:log:*:*:project/ProjectName/logstore/LogstoreName", "acs:log:*:*:project/ProjectName/logstore/internal-diagnostic_log" ] }, { "Effect": "Allow", "Action": [ "log:CreateJob", "log:UpdateJob", "log:DeleteJob", "log:ListJobs", "log:GetJob" ], "Resource": "acs:log:*:*:project/ProjectName/job/*" }, { "Effect": "Allow", "Action": [ "log:ListLogStores", "log:ListDashboard", "log:ListSavedSearch" ], "Resource": "acs:log:*:*:project/ProjectName/*" }, { "Effect": "Allow", "Action": [ "ram:PassRole", "ram:GetRole", "ram:ListRoles" ], "Resource": "*" } ] }
Add the created custom policy to the RAM user. For more information, see Grant permissions to a RAM user.