Home PageShort Message ServiceUser GuideLog ManagementAuthorize RAM users to enable log analysis
Search for Help Content

Authorize RAM users to enable log analysis

Updated at: 2025-03-28 07:48
Product
Community

If you want a RAM user to use the log analysis feature of Alibaba Cloud SMS, you must use the Alibaba Cloud account to authorize the RAM user.

Background information

The following table lists the permissions that are required for using the log analysis feature.

Operation

Supported account or RAM user

Operation

Supported account or RAM user

Activate Simple Log Service (SLS)

Alibaba Cloud account

Authorize SMS to write log data to the dedicated Logstore in real time

  • Alibaba Cloud account

  • RAM users with the AliyunLogFullAccess permission or specific permissions

Query and analyze logs

  • Alibaba Cloud account

  • RAM users with the AliyunLogFullAccess permission or specific permissions

You can grant permissions to RAM users based on your business requirements.

Scenario

Grant permissions

References

Scenario

Grant permissions

References

Grant all the permissions on SLS to a RAM user

AliyunLogFullAccess

Create a RAM user and grant permissions to a RAM user

Authorize a RAM user to view logs

AliyunLogReadOnlyAccess

Authorize a RAM user to enable and use the log analysis feature

Custom policy

Sample custom policy

{
  "Version": "1",
  "Statement": [
      {
      "Action": "log:GetProject",
      "Resource": "acs:log:*:*:project/sms-log-*",
      "Effect": "Allow"
    },
    {
      "Action": "log:CreateProject",
      "Resource": "acs:log:*:*:project/*",
      "Effect": "Allow"
    },
    {
      "Action": "log:ListLogStores",
      "Resource": "acs:log:*:*:project/sms-log-*/logstore/*",
      "Effect": "Allow"
    },
    {
      "Action": "log:CreateLogStore",
      "Resource": "acs:log:*:*:project/sms-log-*/logstore/*",
      "Effect": "Allow"
    },
    {
      "Action": "log:GetIndex",
      "Resource": "acs:log:*:*:project/sms-log-*/logstore/sms-log",
      "Effect": "Allow"
    },
    {
      "Action": "log:CreateIndex",
      "Resource": "acs:log:*:*:project/sms-log-*/logstore/sms-log",
      "Effect": "Allow"
    },
    {
      "Action": "log:UpdateIndex",
      "Resource": "acs:log:*:*:project/sms-log-*/logstore/sms-log",
      "Effect": "Allow"
    },
    {
      "Action": "log:CreateDashboard",
      "Resource": "acs:log:*:*:project/sms-log-*/dashboard/*",
      "Effect": "Allow"
    },
    {
      "Action": "log:UpdateDashboard",
      "Resource": "acs:log:*:*:project/sms-log-*/dashboard/*",
      "Effect": "Allow"
    },
    {
      "Action": "log:CreateSavedSearch",
      "Resource": "acs:log:*:*:project/sms-log-*/savedsearch/*",
      "Effect": "Allow"
    },
    {
      "Action": "log:UpdateSavedSearch",
      "Resource": "acs:log:*:*:project/sms-log-*/savedsearch/*",
      "Effect": "Allow"
    }
  ]
}

The policy authorizes a RAM user to enable and use the log analysis feature. However, the user cannot use other SLS features.

Previous: Export logsNext: advanced management
  • On this page (1)
  • Background information
  • Sample custom policy
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare