AliyunOpentrekManagerRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-08-12 20:20:17
更新时间:2024-08-12 20:20:17
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"cr:GetAuthorizationToken",
"cr:ListRepository",
"cr:ListRepositoryTag",
"cr:ListInstance",
"cr:ListInstanceEndpoint",
"cr:CreateRepository",
"cr:PushRepository",
"cr:PullRepository",
"cr:GetRepository",
"cr:GetNamespace",
"cr:ListNamespace",
"cr:CreateNamespace",
"cr:SearchRepo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr-ee:GetAuthorizationToken",
"cr-ee:ListRepository",
"cr-ee:ListRepositoryTag",
"cr-ee:ListInstance",
"cr-ee:ListInstanceEndpoint",
"cr-ee:CreateRepository",
"cr-ee:PushRepository",
"cr-ee:PullRepository",
"cr-ee:GetRepository",
"cr-ee:GetNamespace",
"cr-ee:ListNamespace",
"cr-ee:CreateNamespace",
"cr-ee:SearchRepo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cs:DescribeSubaccountK8sClusterUserConfig",
"cs:DescribeClusterUserKubeconfig",
"cs:GetClusters",
"cs:DescribeClusterNodes"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:ListBuckets",
"oss:GetObjectMetadata",
"oss:GetObject",
"oss:ListObjects",
"oss:PutObject",
"oss:CopyObject",
"oss:CompleteMultipartUpload",
"oss:AbortMultipartUpload",
"oss:InitiateMultipartUpload",
"oss:UploadPartCopy",
"oss:UploadPart",
"oss:GetBucketInfo"
],
"Resource": "acs:oss:*:*:*",
"Effect": "Allow"
}
]
}