All Products
Search
Document Center

ApsaraVideo VOD:RAM authorization

最終更新日:Aug 01, 2024
Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM to prevent RAM users from sharing the AccessKey pairs of your Alibaba Cloud account. You can also use RAM to grant minimum permissions to RAM users. RAM uses policies to define permissions.
This topic describes the elements, such as Action, Resource, and Condition, which are defined by VOD. You can use the elements to create policies in RAM. The code (RamCode) in RAM that is used to indicate VOD is vod. You can grant permissions on VOD at the OPERATION.

General structure of a policy

Policies can be stored as JSON files. The following code provides an example on the general structure of a policy:
{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}
The following list describes the fields in the policy:
  • Effect: specifies the authorization effect. Valid values: Allow, Deny.
  • Action: specifies one or more API operations that are allowed or denied. For more information, see the Action section of this topic.
  • Resource: specifies one or more resources to which the policy applies. You can use an Alibaba Cloud Resource Name (ARN) to specify a resource. For more information, see the Resource section of this topic.
  • Condition: specifies one or more conditions that are required for the policy to take effect. This is an optional field. For more information, see the Condition section of this topic.
    • Condition_operator: specifies the conditional operators. Different types of conditions support different conditional operators. For more information, see Policy elements.
    • Condition_key: specifies the condition keys.
    • Condition_value: specifies the condition values.

Action

VOD defines the values that you can use in the Action element of a policy statement. The following table describes the values.
  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • API operation: the API operation that you can call to perform the operation.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition key: the condition keys that are defined by the Alibaba Cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Generic Condition Keyword.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
ActionsAPI operationAccess levelResource typeCondition keyAssociated operation
vod:BatchSetVodDomainConfigsBatchSetVodDomainConfigscreate
All Resources
*
NoneNone
vod:RestoreMediaRestoreMediaupdate
All Resources
*
NoneNone
vod:DeleteCategoryDeleteCategoryWrite
All Resources
*
NoneNone
vod:DescribeVodDomainBpsDataByLayerDescribeVodDomainBpsDataByLayer
All Resources
*
NoneNone
vod:GetDefaultAITemplateGetDefaultAITemplateget
All Resources
*
NoneNone
vod:GetAIVideoTagResultGetAIVideoTagResultget
All Resources
*
NoneNone
vod:GetMediaRefreshJobsGetMediaRefreshJobslist
All Resources
*
NoneNone
vod:CreateUploadImageCreateUploadImagecreate
All Resources
*
NoneNone
vod:SetCrossdomainContentSetCrossdomainContentWrite
All Resources
*
NoneNone
vod:GetTranscodeTemplateGroupGetTranscodeTemplateGroup
All Resources
*
NoneNone
vod:GetVideoPlayAuthGetVideoPlayAuthget
All Resources
*
NoneNone
vod:ListDynamicImageListDynamicImagelist
All Resources
*
NoneNone
vod:ListAIImageInfoListAIImageInfolist
All Resources
*
NoneNone
vod:VerifyVodDomainOwnerVerifyVodDomainOwnerget
All Resources
*
NoneNone
vod:DescribeVodDomainRealTimeDetailDataDescribeVodDomainRealTimeDetailDataget
All Resources
*
NoneNone
vod:SubmitAIJobSubmitAIJobWrite
All Resources
*
NoneNone
vod:DescribeVodRefreshQuotaDescribeVodRefreshQuotaget
All Resources
*
NoneNone
vod:GetURLUploadInfosGetURLUploadInfosget
All Resources
*
NoneNone
vod:UpdateAITemplateUpdateAITemplateWrite
All Resources
*
NoneNone
vod:GetTranscodeTaskGetTranscodeTaskget
All Resources
*
NoneNone
vod:GetAppInfosGetAppInfoslist
All Resources
*
NoneNone
vod:GetMessageCallbackGetMessageCallbackget
All Resources
*
NoneNone
vod:DescribeVodMediaPlayDataDescribeVodMediaPlayDatanone
All Resources
*
NoneNone
vod:CancelUrlUploadJobsCancelUrlUploadJobsupdate
All Resources
*
NoneNone
vod:GetDigitalWatermarkExtractResultGetDigitalWatermarkExtractResultget
All Resources
*
NoneNone
vod:GetImageInfosGetImageInfoslist
All Resources
*
NoneNone
vod:GenerateKMSDataKeyGenerateKMSDataKeycreate
All Resources
*
NoneNone
vod:UpdateVideoInfosUpdateVideoInfosWrite
All Resources
*
NoneNone
vod:UpdateAttachedMediaInfosUpdateAttachedMediaInfosWrite
All Resources
*
NoneNone
vod:UpdateVodTemplateUpdateVodTemplateWrite
All Resources
*
NoneNone
vod:DescribeVodDomainTrafficDataDescribeVodDomainTrafficDataget
All Resources
*
NoneNone
vod:GetVideoInfosGetVideoInfoslist
All Resources
*
NoneNone
vod:PreloadVodObjectCachesPreloadVodObjectCachesupdate
All Resources
*
NoneNone
vod:AddAITemplateAddAITemplateWrite
All Resources
*
NoneNone
vod:GetCategoriesGetCategorieslist
All Resources
*
NoneNone
vod:ListAppPoliciesForIdentityListAppPoliciesForIdentitylist
All Resources
*
NoneNone
vod:DescribeVodDomainRealTimeHttpCodeDataDescribeVodDomainRealTimeHttpCodeDataget
All Resources
*
NoneNone
vod:BatchStopVodDomainBatchStopVodDomainupdate
All Resources
*
NoneNone
vod:GetImageInfoGetImageInfoget
All Resources
*
NoneNone
vod:CreateAppInfoCreateAppInfocreate
All Resources
*
NoneNone
vod:SubmitPreprocessJobsSubmitPreprocessJobsWrite
All Resources
*
NoneNone
vod:GetAIImageJobsGetAIImageJobslist
All Resources
*
NoneNone
vod:UploadMediaByURLUploadMediaByURLWrite
All Resources
*
NoneNone
vod:UpdateVideoInfoUpdateVideoInfoWrite
All Resources
*
NoneNone
vod:DescribeVodTieringStorageDataDescribeVodTieringStorageDatanone
All Resources
*
NoneNone
vod:DescribeVodTieringStorageRetrievalDataDescribeVodTieringStorageRetrievalDatanone
All Resources
*
NoneNone
vod:DeleteWatermarkDeleteWatermarkWrite
All Resources
*
NoneNone
vod:UpdateVodDomainUpdateVodDomainWrite
All Resources
*
NoneNone
vod:DeleteVodDomainDeleteVodDomainWrite
All Resources
*
NoneNone
vod:AddEditingProjectMaterialsAddEditingProjectMaterialsWrite
All Resources
*
NoneNone
vod:ListVodTemplateListVodTemplatelist
All Resources
*
NoneNone
vod:SubmitAIMediaAuditJobSubmitAIMediaAuditJobcreate
All Resources
*
NoneNone
vod:GetVideoInfoGetVideoInfoget
All Resources
*
NoneNone
vod:RefreshUploadVideoRefreshUploadVideocreate
All Resources
*
NoneNone
vod:GetVodTemplateGetVodTemplateget
All Resources
*
NoneNone
vod:SubmitTranscodeJobsSubmitTranscodeJobsWrite
All Resources
*
NoneNone
vod:DeleteVideoDeleteVideoWrite
All Resources
*
NoneNone
vod:SubmitAIImageAuditJobSubmitAIImageAuditJobWrite
All Resources
*
NoneNone
vod:DescribeVodDomainRealTimeTrafficDataDescribeVodDomainRealTimeTrafficDataget
All Resources
*
NoneNone
vod:AddVodTemplateAddVodTemplatecreate
All Resources
*
NoneNone
vod:DeleteEditingProjectDeleteEditingProjectWrite
All Resources
*
NoneNone
vod:ListAuditSecurityIpListAuditSecurityIplist
All Resources
*
NoneNone
vod:GetWatermarkGetWatermarkget
All Resources
*
NoneNone
vod:DescribeVodVerifyContentDescribeVodVerifyContentget
All Resources
*
NoneNone
vod:ProduceEditingProjectVideoProduceEditingProjectVideocreate
All Resources
*
NoneNone
vod:DescribeVodCertificateListDescribeVodCertificateListlist
All Resources
*
NoneNone
vod:ListLiveRecordVideoListLiveRecordVideoget
All Resources
*
NoneNone
vod:ListAITemplateListAITemplatelist
All Resources
*
NoneNone
vod:DescribeVodDomainRealTimeReqHitRateDataDescribeVodDomainRealTimeReqHitRateDataget
All Resources
*
NoneNone
vod:DescribeVodAIDataDescribeVodAIDataget
All Resources
*
NoneNone
vod:DescribeVodDomainUsageDataDescribeVodDomainUsageDataget
All Resources
*
NoneNone
vod:DeleteStreamDeleteStreamWrite
All Resources
*
NoneNone
vod:DescribeVodDomainBpsDataDescribeVodDomainBpsDataget
All Resources
*
NoneNone
vod:DeleteVodSpecificConfigDeleteVodSpecificConfigdelete
All Resources
*
NoneNone
vod:DeleteVodTemplateDeleteVodTemplateWrite
All Resources
*
NoneNone
vod:ListAppInfoListAppInfolist
All Resources
*
NoneNone
vod:UpdateImageInfosUpdateImageInfosWrite
All Resources
*
NoneNone
vod:SubmitWorkflowJobSubmitWorkflowJobWrite
All Resources
*
NoneNone
vod:DeleteMultipartUploadDeleteMultipartUploaddelete
All Resources
*
NoneNone
vod:GetMezzanineInfoGetMezzanineInfoget
All Resources
*
NoneNone
vod:SetEditingProjectMaterialsSetEditingProjectMaterialscreate
All Resources
*
NoneNone
vod:GetMediaAuditResultGetMediaAuditResultget
All Resources
*
NoneNone
vod:DescribeVodDomainRealTimeByteHitRateDataDescribeVodDomainRealTimeByteHitRateDataget
All Resources
*
NoneNone
vod:ListAIJobListAIJoblist
All Resources
*
NoneNone
vod:GetMediaAuditResultTimelineGetMediaAuditResultTimelineget
All Resources
*
NoneNone
vod:SetDefaultTranscodeTemplateGroupSetDefaultTranscodeTemplateGroupupdate
All Resources
*
NoneNone
vod:GetVideoListGetVideoListlist
All Resources
*
NoneNone
vod:DeleteAITemplateDeleteAITemplateWrite
All Resources
*
NoneNone
vod:SetMessageCallbackSetMessageCallbackcreate
All Resources
*
NoneNone
vod:DescribeVodDomainQpsDataDescribeVodDomainQpsDataget
All Resources
*
NoneNone
vod:DescribeVodDomainRealTimeQpsDataDescribeVodDomainRealTimeQpsDataget
All Resources
*
NoneNone
vod:DescribeVodTranscodeDataDescribeVodTranscodeDataget
All Resources
*
NoneNone
vod:DescribeVodRefreshTasksDescribeVodRefreshTaskslist
All Resources
*
NoneNone
vod:BatchStartVodDomainBatchStartVodDomaincreate
All Resources
*
NoneNone
vod:GetMediaAuditAudioResultDetailGetMediaAuditAudioResultDetailget
All Resources
*
NoneNone
vod:AddWatermarkAddWatermarkWrite
All Resources
*
NoneNone
vod:DescribeVodRangeDataByLocateAndIspServiceDescribeVodRangeDataByLocateAndIspServiceget
All Resources
*
NoneNone
vod:AttachAppPolicyToIdentityAttachAppPolicyToIdentitycreate
All Resources
*
NoneNone
vod:CreateUploadAttachedMediaCreateUploadAttachedMediacreate
All Resources
*
NoneNone
vod:DeleteDynamicImageDeleteDynamicImageWrite
All Resources
*
NoneNone
vod:UpdateMediaStorageClassUpdateMediaStorageClass
All Resources
*
NoneNone
vod:DescribePlayTopVideosDescribePlayTopVideoslist
All Resources
*
NoneNone
vod:DescribeVodDomainCertificateInfoDescribeVodDomainCertificateInfoget
All Resources
*
NoneNone
vod:AddVodStorageForAppAddVodStorageForAppWrite
All Resources
*
NoneNone
vod:CreateAuditCreateAuditWrite
All Resources
*
NoneNone
vod:DecryptKMSDataKeyDecryptKMSDataKeyget
All Resources
*
NoneNone
vod:RefreshMediaPlayUrlsRefreshMediaPlayUrlsWrite
All Resources
*
NoneNone
vod:RegisterMediaRegisterMediacreate
All Resources
*
NoneNone
vod:GetEditingProjectGetEditingProjectget
All Resources
*
NoneNone
vod:DescribeVodDomainDetailDescribeVodDomainDetailget
All Resources
*
NoneNone
vod:SetAuditSecurityIpSetAuditSecurityIpupdate
All Resources
*
NoneNone
vod:UpdateEditingProjectUpdateEditingProjectWrite
All Resources
*
NoneNone
vod:DeleteTranscodeTemplateGroupDeleteTranscodeTemplateGroupWrite
All Resources
*
NoneNone
vod:AddCategoryAddCategoryWrite
All Resources
*
NoneNone
vod:GetTranscodeSummaryGetTranscodeSummaryget
All Resources
*
NoneNone
vod:DescribeVodDomainLogDescribeVodDomainLogget
All Resources
*
NoneNone
vod:DeleteAIImageInfosDeleteAIImageInfosWrite
All Resources
*
NoneNone
vod:GetUploadDetailsGetUploadDetailsget
All Resources
*
NoneNone
vod:SetDefaultWatermarkSetDefaultWatermarkupdate
All Resources
*
NoneNone
vod:DescribeVodDomainHitRateDataDescribeVodDomainHitRateDataget
All Resources
*
NoneNone
vod:SetDefaultAITemplateSetDefaultAITemplatecreate
All Resources
*
NoneNone
vod:ListTranscodeTemplateGroupListTranscodeTemplateGrouplist
All Resources
*
NoneNone
vod:DeleteAttachedMediaDeleteAttachedMediadelete
All Resources
*
NoneNone
vod:DeleteAppInfoDeleteAppInfodelete
All Resources
*
NoneNone
vod:UpdateWatermarkUpdateWatermarkupdate
All Resources
*
NoneNone
vod:DescribePlayUserTotalDescribePlayUserTotalget
All Resources
*
NoneNone
vod:DescribeVodUserDomainsDescribeVodUserDomainslist
Domain
acs:vod:*:{#accountId}:domain/*
NoneNone
vod:DeleteMezzaninesDeleteMezzaninesWrite
All Resources
*
NoneNone
vod:RefreshVodObjectCachesRefreshVodObjectCachesupdate
All Resources
*
NoneNone
vod:GenerateDownloadSecretKeyGenerateDownloadSecretKeycreate
All Resources
*
NoneNone
vod:GetPlayInfoGetPlayInfo
All Resources
*
NoneNone
vod:GetAuditHistoryGetAuditHistoryget
All Resources
*
NoneNone
vod:GetMediaDNAResultGetMediaDNAResultget
All Resources
*
NoneNone
vod:DetachAppPolicyFromIdentityDetachAppPolicyFromIdentitydelete
All Resources
*
NoneNone
vod:AddVodDomainAddVodDomainWrite
Domain
acs:vod:*:{#accountId}:domain/{#domainId}
NoneNone
vod:SearchMediaSearchMedialist
All Resources
*
NoneNone
vod:GetAIMediaAuditJobGetAIMediaAuditJobget
All Resources
*
NoneNone
vod:SubmitMediaDNADeleteJobSubmitMediaDNADeleteJobWrite
All Resources
*
NoneNone
vod:DescribeVodDomainReqHitRateDataDescribeVodDomainReqHitRateDataget
All Resources
*
NoneNone
vod:DescribeVodDomainRealTimeBpsDataDescribeVodDomainRealTimeBpsDataget
All Resources
*
NoneNone
vod:MoveAppResourceMoveAppResourceWrite
All Resources
*
NoneNone
vod:GetAITemplateGetAITemplateget
All Resources
*
NoneNone
vod:DescribeVodStorageDataDescribeVodStorageDataget
All Resources
*
NoneNone
vod:SetVodDomainCertificateSetVodDomainCertificatecreate
All Resources
*
NoneNone
vod:DescribeVodDomainSrcTrafficDataDescribeVodDomainSrcTrafficDataget
All Resources
*
NoneNone
vod:ListWatermarkListWatermarklist
All Resources
*
NoneNone
vod:GetAttachedMediaInfoGetAttachedMediaInfoget
All Resources
*
NoneNone
vod:DescribePlayUserAvgDescribePlayUserAvgget
All Resources
*
NoneNone
vod:AddEditingProjectAddEditingProjectWrite
All Resources
*
NoneNone
vod:DeleteImageDeleteImageWrite
All Resources
*
NoneNone
vod:AddTranscodeTemplateGroupAddTranscodeTemplateGroupWrite
All Resources
*
NoneNone
vod:UpdateCategoryUpdateCategoryWrite
All Resources
*
NoneNone
vod:DescribeVodDomainConfigsDescribeVodDomainConfigslist
All Resources
*
NoneNone
vod:UpdateTranscodeTemplateGroupUpdateTranscodeTemplateGroupWrite
All Resources
*
NoneNone
vod:SubmitAIImageJobSubmitAIImageJobWrite
All Resources
*
NoneNone
vod:DeleteMessageCallbackDeleteMessageCallbackWrite
All Resources
*
NoneNone
vod:DescribePlayVideoStatisDescribePlayVideoStatisget
All Resources
*
NoneNone
vod:CreateUploadVideoCreateUploadVideocreate
All Resources
*
NoneNone
vod:SubmitSnapshotJobSubmitSnapshotJobWrite
All Resources
*
NoneNone
vod:SubmitDynamicImageJobSubmitDynamicImageJobWrite
All Resources
*
NoneNone
vod:ListSnapshotsListSnapshotslist
All Resources
*
NoneNone
vod:UploadStreamByURLUploadStreamByURLWrite
All Resources
*
NoneNone
vod:GetEditingProjectMaterialsGetEditingProjectMaterialslist
All Resources
*
NoneNone
vod:GetMediaAuditResultDetailGetMediaAuditResultDetailget
All Resources
*
NoneNone
vod:SubmitDigitalWatermarkExtractJobSubmitDigitalWatermarkExtractJobWrite
All Resources
*
NoneNone
vod:DescribeVodDomainSrcBpsDataDescribeVodDomainSrcBpsDataget
All Resources
*
NoneNone
vod:ListTranscodeTaskListTranscodeTasklist
All Resources
*
NoneNone
vod:UpdateAppInfoUpdateAppInfoupdate
All Resources
*
NoneNone
vod:SearchEditingProjectSearchEditingProjectlist
All Resources
*
NoneNone

Resource

In VOD, you cannot specify an ARN in the Resource element in a policy statement. If you want to authorize a RAM user or a RAM role to access VOD, you cannot specify an ARN in the "Resource": "*".

Condition

VOD does not define service-specific condition keys. For more information about common condition keys that are defined by Alibaba Cloud, see Generic Condition Keyword.

What to do next

You can create a custom policy and attach the policy to a RAM user, RAM user group, or RAM role. For more information, see the following topics: