本文为您介绍DAS服务关联角色(AliyunServiceRoleForDAS)的应用场景以及如何删除服务关联角色。

背景信息

DAS服务关联角色(AliyunServiceRoleForDAS)是在某些情况下, 为了很好地支持DAS自身的功能,需要获取用户其他云服务的访问权限而提供的RAM角色。 更多关于服务关联角色的信息请参见服务关联角色

应用场景

DAS接入用户在阿里云购买的云数据库,比如RDS、MongoDB、 Redis、PolarDB等或者在阿里云ECS上自建的数据库时, 通过服务关联角色功能获取访问权限。

AliyunServiceRoleForDAS介绍

角色名称:AliyunServiceRoleForDAS

角色权限策略:AliyunServiceRolePolicyForDAS

权限说明:
{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "rds:DescribeRegions",
        "rds:DescribeDBInstances",
        "rds:DescribeDatabases",
        "rds:DescribeDBInstanceNetInfo",
        "rds:DescribeDBInstanceAttribute",
        "rds:DescribeAccounts",
        "rds:DescribeDBInstanceIPArrayList",
        "rds:DescribeDBInstancePerformance",
        "rds:ModifySecurityIps",
        "rds:CreateAccount",
        "rds:GrantAccountPrivilege",
        "rds:RevokeAccountPrivilege",
        "rds:CreateDatabase",
        "rds:ModifyDBInstanceDescription",
        "rds:DescribeSlowLogRecords",
        "rds:DescribeSlowLogs",
        "rds:DescribeResourceUsage",
        "rds:DescribeSQLCollectorPolicy",
        "rds:ModifyDBInstanceSpec",
        "rds:DescribeTasks",
        "rds:DescribeTaskIdByRequestID",
        "rds:ModifyDBNodeClass",
        "rds:DescribeParameters",
        "rds:ModifyParameter"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribePhysicalConnections",
        "vpc:DescribeVpnGateways",
        "vpc:DescribeRouterInterfaces",
        "vpc:DescribeVirtualBorderRouters"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:DescribeInstances",
        "ecs:DescribeInstanceAttribute",
        "ecs:DescribeInstanceStatus",
        "ecs:DescribeInstanceMonitorData",
        "ecs:DescribeSecurityGroups",
        "ecs:JoinSecurityGroup",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:AuthorizeSecurityGroup",
        "ecs:RevokeSecurityGroup",
        "ecs:DescribeDisks",
        "ecs:DescribeImages"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kvstore:DescribeCacheAnalysisReport",
        "kvstore:DescribeCacheAnalysisReportList",
        "kvstore:CreateCacheAnalysisTask",
        "kvstore:DescribeAccounts",
        "kvstore:CreateAccount",
        "kvstore:DescribeRegions",
        "kvstore:DescribeInstances",
        "kvstore:DescribeInstanceAttribute",
        "kvstore:DescribeHistoryMonitorValues",
        "kvstore:DescribeMonitorItems",
        "kvstore:VerifyPassword",
        "kvstore:DescribeSecurityIps",
        "kvstore:ModifySecurityIps",
        "kvstore:ModifyInstanceAttribute"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dts:DescribeMigrationJobs",
        "dts:DescribeMigrationJobDetail",
        "dts:DescribeMigrationJobStatus",
        "dts:CreateMigrationJob",
        "dts:ConfigureMigrationJob",
        "dts:SuspendMigrationJob",
        "dts:StartMigrationJob",
        "dts:StopMigrationJob",
        "dts:DeleteMigrationJob",
        "dts:DescribeSynchronizationJobs",
        "dts:DescribeSynchronizationJobStatus",
        "dts:CreateSynchronizationJob",
        "dts:ConfigureSynchronizationJob",
        "dts:SuspendSynchronizationJob",
        "dts:StartSynchronizationJob",
        "dts:DeleteSynchronizationJob",
        "dts:DescribeObjectModifyStatus",
        "dts:ModifySynchronizationObject",
        "dts:ResetSynchronizationJob"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "pvtz:DescribeUserServiceStatus",
        "pvtz:DescribeZones",
        "pvtz:DescribeZoneRecords",
        "pvtz:UpdateZoneRecord"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dds:DescribeDBInstances",
        "dds:DescribeReplicaSetRole",
        "dds:DescribeDBInstanceAttribute",
        "dds:DescribeRegions",
        "dds:DescribeDBInstancePerformance",
        "dds:DescribeSecurityIps",
        "dds:ModifyDBInstanceDescription",
        "dds:ModifySecurityIps",
        "dds:DescribeShardingNetworkAddress",
        "dds:DescribeSlowLogRecords",
        "dds:DescribeRunningLogRecords",
        "dds:DescribeErrorLogList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "cms:QueryContactGroup",
        "cms:QueryContact"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardb:DescribeDBClusters",
        "polardb:DescribeRegions",
        "polardb:DescribeDBClusterAttribute",
        "polardb:ModifyDBNodeClass",
        "polardb:DescribeDBClusterAvailableResources",
        "polardb:CreateDBNodes",
        "polardb:DeleteDBNodes"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "hdm.aliyuncs.com"
        }
      }
    }
  ]
}

删除服务关联角色

如果您需要删除服务关联角色(AliyunServiceRoleForDAS),请参见服务关联角色