本文介绍如何授予RAM用户操作自助分析的权限。

前提条件

已创建RAM用户。具体操作,请参见创建RAM用户

操作步骤

  1. 使用阿里云账号登录RAM控制台
  2. 创建权限策略。
    1. 在左侧导航栏中,选择权限管理 > 权限策略
    2. 单击创建权限策略
    3. 创建权限策略页面的脚本编辑页签中,将配置框中的原有脚本替换为如下内容,然后单击继续编辑基本信息
      每个动作的具体说明请参见动作列表
      {
        "Version": "1",
        "Statement": [
          {
            "Action": "log:CreateLogStore",
            "Resource": "acs:log:*:*:project/bill-analysis-*/logstore/*",
            "Effect": "Allow"
          },
          {
            "Action": "log:CreateIndex",
            "Resource": "acs:log:*:*:project/bill-analysis-*/logstore/aliyun_bill",
            "Effect": "Allow"
          },
          {
            "Action": "log:UpdateIndex",
            "Resource": "acs:log:*:*:project/bill-analysis-*/logstore/aliyun_bill",
            "Effect": "Allow"
          },
          {
            "Action": "log:CreateDashboard",
            "Resource": "acs:log:*:*:project/bill-analysis-*/dashboard/*",
            "Effect": "Allow"
          },
        {
            "Action": "log:UpdateDashboard",
            "Resource": "acs:log:*:*:project/bill-analysis-*/dashboard/*",
            "Effect": "Allow"
          },
        {
            "Action": "log:CreateSavedSearch",
            "Resource": "acs:log:*:*:project/bill-analysis-*/savedsearch/*",
            "Effect": "Allow"
          },
        {
            "Action": "log:UpdateSavedSearch",
            "Resource": "acs:log:*:*:project/bill-analysis-*/savedsearch/*",
            "Effect": "Allow"
          },
      {
            "Action": "log:CreateJob",
            "Resource": "acs:log:*:*:project/bill-analysis-*/job/*",
            "Effect": "Allow"
          },
        {
            "Action": "log:UpdateJob",
            "Resource": "acs:log:*:*:project/bill-analysis-*/job/*",
            "Effect": "Allow"
          },
       {
            "Action": "log:CreateApp",
            "Resource": "acs:log:*:*:app/bill",
            "Effect": "Allow"
          },
      {
            "Action": "log:UpdateApp",
            "Resource": "acs:log:*:*:app/bill",
            "Effect": "Allow"
          },
      {
            "Action": "log:GetApp",
            "Resource": "acs:log:*:*:app/bill",
            "Effect": "Allow"
          },
      {
            "Action": "log:DeleteApp",
            "Resource": "acs:log:*:*:app/bill",
            "Effect": "Allow"
          }
        ]
      }
    4. 设置名称,然后单击确定
  3. 为RAM用户授权。
    1. 在左侧导航栏中,选择身份管理 > 用户
    2. 找到目标RAM用户,单击添加权限
    3. 添加权限面板的选择权限区域,单击自定义策略,选中您在步骤2中创建的权限策略,然后单击确定
    4. 确认授权成功后,单击完成