全部產品
Search
文件中心

DataWorks:DataWorks服務關聯角色

更新時間:Jun 08, 2024

首次使用獨享資源群組時,系統會自動建立AliyunServiceRoleForDataWorks服務關聯角色,用來訪問Virtual Private Cloud(Virtual Private Cloud)、彈性網卡ENI(Elastic Network Interface)及安全性群組中的資源。本文為您介紹如何查看該角色詳情並使用RAM使用者建立該服務關聯角色。

背景資訊

更多服務關聯角色的介紹,詳情請參見服務關聯角色

查看AliyunServiceRoleForDataWorks服務關聯角色的權限原則

您可登入RAM控制台,按照下圖所示步驟進入AliyunServiceRoleForDataWorks服務關聯角色的詳情頁,查看角色名稱、建立時間等基本資料。查看角色詳情

說明

如果無需使用AliyunServiceRoleForDataWorks角色,則可將其刪除。刪除後,將無法為獨享資源群組綁定Virtual Private Cloud,但已綁定的網路鏈路不受影響。

AliyunServiceRoleForDataWorks角色詳情頁的許可權管理頁簽,可查看該角色被授與權限策略詳情,具體如下。

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:AttachNetworkInterface",
                "ecs:AuthorizeSecurityGroup",
                "ecs:AuthorizeSecurityGroupEgress",
                "ecs:CreateNetworkInterface",
                "ecs:CreateNetworkInterfacePermission",
                "ecs:CreateSecurityGroup",
                "ecs:DeleteNetworkInterface",
                "ecs:DeleteNetworkInterfacePermission",
                "ecs:DeleteSecurityGroup",
                "ecs:DescribeNetworkInterfacePermissions",
                "ecs:DescribeNetworkInterfaces",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:DescribeSecurityGroupReferences",
                "ecs:DescribeSecurityGroups",
                "ecs:DetachNetworkInterface",
                "ecs:JoinSecurityGroup",
                "ecs:LeaveSecurityGroup",
                "ecs:ModifyNetworkInterfaceAttribute",
                "ecs:ModifySecurityGroupAttribute",
                "ecs:ModifySecurityGroupPolicy",
                "ecs:ModifySecurityGroupRule",
                "ecs:RevokeSecurityGroup",
                "ecs:RevokeSecurityGroupEgress",
                "ecs:AssignIpv6Addresses",
                "ecs:UnassignIpv6Addresses"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:DescribeVpcs",
                "vpc:DescribeVpcAttribute",
                "vpc:DescribeVSwitches",
                "vpc:DescribeVSwitchAttributes"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "dataworks.aliyuncs.com"
                }
            }
        }
    ]
}

RAM使用者建立AliyunServiceRoleForDataWorks服務關聯角色的許可權說明

RAM使用者如需建立AliyunServiceRoleForDataWorks服務關聯角色,則需被授權AliyunDataWorksFullAccess權限原則或下文代碼所示的指定策略。

說明

建立權限原則並授權給目標RAM使用者,操作詳情請參見建立自訂權限原則為RAM使用者授權

{
    "Version": "1",
    "Statement": [
        {
            "Action": "dataworks:*",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:CreateServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": [
                        "dataworks.aliyuncs.com"
                    ]
                }
            }
        }
    ]
}