本文为您介绍DataHub服务关联角色(AliyunServiceRoleForDataHub)的应用场景以及如何删除服务关联角色。
DataHub服务关联角色
本文为您介绍DataHub服务关联角色(AliyunServiceRoleForDataHub)的应用场景以及如何删除服务关联角色。
背景信息
DataHub服务关联角色(AliyunServiceRoleForDataHub)是在同步到OSS/OTS/FC时,为了完成数据同步功能,需要获取相应云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
应用场景
DataHub创建了到OSS/OTS/FC的数据同步时,需要访问OSS/OTS/FC云服务的资源,通过服务关联角色功能获取访问权限。
AliyunServiceRoleForDataHub介绍
角色名称:AliyunServiceRoleForDataHub
角色权限策略:AliyunServiceRolePolicyForDataHub
权限说明:
{
"Version": "1",
"Statement": [
{
"Action": [
"log:GetLogStore",
"log:ListLogStores",
"log:CreateLogStore",
"log:DeleteLogStore",
"log:UpdateLogStore",
"log:GetCursorOrData",
"log:ListShards",
"log:PostLogStoreLogs",
"log:CreateConfig",
"log:UpdateConfig",
"log:DeleteConfig",
"log:GetConfig",
"log:ListConfig",
"log:CreateMachineGroup",
"log:UpdateMachineGroup",
"log:DeleteMachineGroup",
"log:GetMachineGroup",
"log:ListMachineGroup",
"log:ListMachines",
"log:ApplyConfigToGroup",
"log:RemoveConfigFromGroup",
"log:GetAppliedMachineGroups",
"log:GetAppliedConfigs",
"log:GetShipperStatus",
"log:RetryShipperTask",
"log:CreateConsumerGroup",
"log:UpdateConsumerGroup",
"log:DeleteConsumerGroup",
"log:ListConsumerGroup",
"log:ConsumerGroupUpdateCheckPoint",
"log:ConsumerGroupHeartBeat",
"log:GetConsumerGroupCheckPoint"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"fc:InvokeFunction",
"fc:GetFunction"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:GetObject",
"oss:PutObject",
"oss:ListObjects",
"oss:GetBucketAcl"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ots:ListTable",
"ots:DescribeTable",
"ots:GetRow",
"ots:PutRow",
"ots:UpdateRow",
"ots:DeleteRow",
"ots:GetRange",
"ots:BatchGetRow",
"ots:BatchWriteRow"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "datahub.aliyuncs.com"
}
}
}
]
}
删除服务关联角色
如果您需要删除AliyunServiceRoleForDataHub(服务关联角色),需要先释放依赖这个服务关联角色的DataHub的数据同步。
子账号创建服务关联角色
创建AliyunServiceRoleForDataHub(服务关联角色)时需要ram:CreateServiceLinkedRole这个权限,如果您为子账号或角色,请联系管理员在授权策略中赋权,具体Policy:
{
"Statement": [
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"datahub.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}