RAM authentication
更新时间:
复制 MD 格式
Before a RAM user can call an API, an Alibaba Cloud account must grant permissions to the user by creating an authorization policy. The authorization policy uses a resource descriptor, an Alibaba Cloud Resource Name (ARN), to specify the authorized resources.
Authorizable resource types
For RAM user authorization, BaaS-DIS resources are described in the following format:
| Resource type | Resource description format in an authorization policy |
| DID | acs:baasdis:{#regionId}:{#accountId}:did/{#dIDId} |
| VC | acs:baasdis:{#regionId}:{#accountId}:vc/{#vCId} |
In this format, $regionid/accountid/servercertificateId is the specific resource ID, and * represents all corresponding resources.
Authorizable APIs
The following table lists the authorizable APIs for BaaS-DIS and their description formats:
| API | Resource description |
| GetDID | acs:baasdis:{#regionId}:{#accountId}:did/{#dIDId} |
| CreateTenantDID | acs:baasdis:{#regionId}:{#accountId}:did/* |
| UpdateVC | acs:baasdis:{#regionId}:{#accountId}:vc/{#vCId} |
| VerifyVerifiableClaim | acs:baasdis:{#regionId}:{#accountId}:vc/{#vCId} |
| IssueNormalVerifiableVC | acs:baasdis:{#regionId}:{#accountId}:vc/* |
| CreateEnterpriseDID | acs:baasdis:{#regionId}:{#accountId}:did/* |
| CreatePersonalDID | acs:baasdis:{#regionId}:{#accountId}:did/* |
该文章对您有帮助吗?