在使用RAM账号调用资源管理API前,需要主账号通过创建授权策略对RAM账号进行授权。在授权策略中,使用资源描述符(Alibaba Cloud Resource Name,ARN)指定授权资源。
资源组鉴权列表
下表列举了资源组中可授权的操作(Action)和资源(Resource)。
| Action | Resource |
|---|---|
| ram:CreateResourceGroup | acs:ram:*:$AccountId:resourcegroup/* |
| ram:DeleteResourceGroup | acs:ram:*:$AccountId:resourcegroup/$ResourceGroupName |
| ram:UpdateResourceGroup | acs:ram:*:$AccountId:resourcegroup/$ResourceGroupName |
| ram:CreatePolicy | acs:ram:*:$AccountId:policy/* |
| ram:DeletePolicy | acs:ram:*:$AccountId:policy/$PolicyName |
| ram:ListPolicies | acs:ram:*:$AccountId:policy/* |
| ram:GetPolicy | acs:ram:*:$AccountId:policy/$PolicyName |
| ram:CreatePolicyVersion | acs:ram:*:$AccountId:policy/$PolicyName |
| ram:DeletePolicyVersion | acs:ram:*:$AccountId:policy/$PolicyName |
| ram:ListPolicyVersions | acs:ram:*:$AccountId:policy/$PolicyName |
| ram:GetPolicyVersion | acs:ram:*:$AccountId:policy/$PolicyName |
| ram:SetDefaultPolicyVersion | acs:ram:*:$AccountId:policy/$PolicyName |
| ram:AttachPolicy |
|
| ram:DetachPolicy |
|
| ram:ListPolicyAttachments | acs:ram:*:$AccountId:* |
| ram:CreateRole | acs:ram:*:$AccountId:role/* |
| ram:GetRole | acs:ram:*:$AccountId:role/$RoleName |
| ram:ListRoles | acs:ram:*:$AccountId:role/* |
| ram:UpdateRole | acs:ram:*:$AccountId:role/$RoleName |
| ram:DeleteRole | acs:ram:*:$AccountId:role/$RoleName |
| ram:CreateServiceLinkedRole | acs:ram:*:$AccountId:role/* |
| ram:DeleteServiceLinkedRole | acs:ram:*:$AccountId:role/$RoleName |
| ram:GetServiceLinkedRoleDeletionStatus | acs:ram:*:$AccountId:role/$RoleName |
资源目录鉴权列表
下表列举了资源目录中可授权的操作(Action)和资源(Resource)。
| Action | Resource |
|---|---|
| resourcemanager:InitResourceDirectory | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:DestroyResourceDirectory | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:GetResourceDirectory | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:CreateResourceAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:CreateCloudAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:PromoteResourceAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ResendCreateCloudAccountEmail | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ResendPromoteResourceAccountEmail | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:CancelCreateCloudAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:CancelPromoteResourceAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:RemoveCloudAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:GetAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:MoveAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ListAccountsForParent | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ListAccounts | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:GetPayerForAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:UpdateAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:CreateFolder | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:DeleteFolder | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:GetFolder | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ListFoldersForParent | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ListAncestors | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:UpdateFolder | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:InviteAccountToResourceDirectory | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:GetHandshake | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:AcceptHandshake | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:CancelHandshake | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:DeclineHandshake | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ListHandshakesForAccount | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ListHandshakesForResourceDirectory | acs:resourcemanager:*:$AccountId:* |
| resourcemanager:ListTrustedServiceStatus | acs:resourcemanager:*:$AccountId:* |
标签鉴权列表
下表列举了标签中可授权的操作(Action)和资源(Resource)。
| Action | Resource |
|---|---|
| tag:ListTagResources | acs:tag:$RegionId:$AccountId:$ResourceType/$ResourceId |
| tag:TagResources |
|
| tag:UntagResources |
|
| tag:ListTagKeys | acs:tag:$RegionId:$AccountId:*/* |
| tag:ListTagValues | acs:tag:$RegionId:$AccountId:*/* |
在文档使用中是否遇到以下问题
更多建议
匿名提交