全部产品

DataHub服务关联角色

DataHub服务关联角色

本文为您介绍DataHub服务关联角色(AliyunServiceRoleForDataHub)的应用场景以及如何删除服务关联角色。

背景信息

DataHub服务关联角色(AliyunServiceRoleForDataHub)是在同步到OSS/OTS/FC时,为了完成数据同步功能,需要获取相应云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

应用场景

DataHub创建了到OSS/OTS/FC的数据同步时,需要访问OSS/OTS/FC云服务的资源,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForDataHub介绍

角色名称:AliyunServiceRoleForDataHub

角色权限策略:AliyunServiceRolePolicyForDataHub

权限说明:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Action": [
  6. "log:GetLogStore",
  7. "log:ListLogStores",
  8. "log:CreateLogStore",
  9. "log:DeleteLogStore",
  10. "log:UpdateLogStore",
  11. "log:GetCursorOrData",
  12. "log:ListShards",
  13. "log:PostLogStoreLogs",
  14. "log:CreateConfig",
  15. "log:UpdateConfig",
  16. "log:DeleteConfig",
  17. "log:GetConfig",
  18. "log:ListConfig",
  19. "log:CreateMachineGroup",
  20. "log:UpdateMachineGroup",
  21. "log:DeleteMachineGroup",
  22. "log:GetMachineGroup",
  23. "log:ListMachineGroup",
  24. "log:ListMachines",
  25. "log:ApplyConfigToGroup",
  26. "log:RemoveConfigFromGroup",
  27. "log:GetAppliedMachineGroups",
  28. "log:GetAppliedConfigs",
  29. "log:GetShipperStatus",
  30. "log:RetryShipperTask",
  31. "log:CreateConsumerGroup",
  32. "log:UpdateConsumerGroup",
  33. "log:DeleteConsumerGroup",
  34. "log:ListConsumerGroup",
  35. "log:ConsumerGroupUpdateCheckPoint",
  36. "log:ConsumerGroupHeartBeat",
  37. "log:GetConsumerGroupCheckPoint"
  38. ],
  39. "Resource": "*",
  40. "Effect": "Allow"
  41. },
  42. {
  43. "Action": [
  44. "fc:InvokeFunction",
  45. "fc:GetFunction"
  46. ],
  47. "Resource": "*",
  48. "Effect": "Allow"
  49. },
  50. {
  51. "Action": [
  52. "oss:GetObject",
  53. "oss:PutObject",
  54. "oss:ListObjects",
  55. "oss:GetBucketAcl"
  56. ],
  57. "Resource": "*",
  58. "Effect": "Allow"
  59. },
  60. {
  61. "Action": [
  62. "ots:ListTable",
  63. "ots:DescribeTable",
  64. "ots:GetRow",
  65. "ots:PutRow",
  66. "ots:UpdateRow",
  67. "ots:DeleteRow",
  68. "ots:GetRange",
  69. "ots:BatchGetRow",
  70. "ots:BatchWriteRow"
  71. ],
  72. "Resource": "*",
  73. "Effect": "Allow"
  74. },
  75. {
  76. "Action": "ram:DeleteServiceLinkedRole",
  77. "Resource": "*",
  78. "Effect": "Allow",
  79. "Condition": {
  80. "StringEquals": {
  81. "ram:ServiceName": "datahub.aliyuncs.com"
  82. }
  83. }
  84. }
  85. ]
  86. }

删除服务关联角色

如果您需要删除AliyunServiceRoleForDataHub(服务关联角色),需要先释放依赖这个服务关联角色的DataHub的数据同步。

子账号创建服务关联角色

创建AliyunServiceRoleForDataHub(服务关联角色)时需要ram:CreateServiceLinkedRole这个权限,如果您为子账号或角色,请联系管理员在授权策略中赋权,具体Policy:

  1. {
  2. "Statement": [
  3. {
  4. "Action": "ram:CreateServiceLinkedRole",
  5. "Resource": "*",
  6. "Effect": "Allow",
  7. "Condition": {
  8. "StringEquals": {
  9. "ram:ServiceName": [
  10. "datahub.aliyuncs.com"
  11. ]
  12. }
  13. }
  14. }
  15. ],
  16. "Version": "1"
  17. }