AliyunServiceCatalogEndUserFullAccess 是阿里云管理的产品系统策略,您可以将 AliyunServiceCatalogEndUserFullAccess 授权给 RAM 身份(RAM 用户、RAM 用户组和 RAM 角色),本策略定义了管理服务目录(ServiceCatalog)的用户侧权限。
策略详情
类型:系统策略
创建时间:2022-02-10 06:11:07
更新时间:2023-03-14 03:19:18
当前版本:v8
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ros:GetTemplate",
"ros:ValidateTemplate",
"ros:PreviewStack",
"ros:CreateStack",
"ros:ContinueCreateStack",
"ros:GetStack",
"ros:UpdateStack",
"ros:DeleteStack",
"ros:ListStacks",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:ListChangeSets",
"ros:ListStackOperationRisks"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ram:GetUser",
"ram:ListUsers",
"ram:GetRole",
"ram:ListRoles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:ListUserTypes",
"servicecatalog:GetAccountInfo",
"servicecatalog:GetProductAsEndUser",
"servicecatalog:ListProductsAsEndUser",
"servicecatalog:ListLaunchOptions",
"servicecatalog:GetProductVersion",
"servicecatalog:ListProductVersions",
"servicecatalog:GetTemplateDefinition",
"servicecatalog:GetGeneratedTemplate",
"servicecatalog:GetTemplate",
"servicecatalog:GetEnhancedTemplate",
"servicecatalog:GetProvisioningParameters",
"servicecatalog:LaunchProduct"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:GetProvisionedProduct",
"servicecatalog:GetProvisionedProductParameters",
"servicecatalog:GetProvisionedProductForResourceSpec",
"servicecatalog:ListProvisionedProducts",
"servicecatalog:UpdateProvisionedProduct",
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:GetTask",
"servicecatalog:ListTasks",
"servicecatalog:GetProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlanApprovers",
"servicecatalog:ListProvisionedProductPlans",
"servicecatalog:ExecuteProvisionedProductPlan",
"servicecatalog:DeleteProvisionedProductPlan",
"servicecatalog:CreateProvisionedProductPlan",
"servicecatalog:CancelProvisionedProductPlan",
"servicecatalog:UpdateProvisionedProductPlan"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"servicecatalog:UserLevel": "self"
}
}
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:GetProvisionedProduct",
"servicecatalog:GetProvisionedProductParameters",
"servicecatalog:GetProvisionedProductForResourceSpec",
"servicecatalog:GetTask",
"servicecatalog:ListTasks",
"servicecatalog:ApproveProvisionedProductPlan",
"servicecatalog:GetProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlans"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"servicecatalog:ApprovalActor": "approver"
}
}
}
]
}