DocsICP FilingConsole
官方文档
首页

Grant permissions for specific API operations

更新时间:
复制 MD 格式
产品详情
我的收藏

You can use RAM policies to grant or deny access to specific mPaaS API operations, giving you fine-grained control over what each RAM user can do.

Prerequisites

  1. You have registered an Alibaba Cloud account. If you do not have an account, please register an account.

  2. You have created a RAM user. If you have not created one, please create a RAM user.

    Note

    For more information about how to configure permissions for a RAM account, see Configure permissions.

Procedure

In the RAM authorization system, each Action corresponds to an API request in the mPaaS console. Determine the Action name as shown in the following figure.

image

An Action follows the format mpaas:XxxYyy. For example, the Action indicated by the arrow in the figure is mpaas:ListMdsUpgradePackages.

The following policy grants all mPaaS permissions except for the ListMdsUpgradePackages operation:

{
    "Version": "1",
    "Statement": [
        {
          "Action": [
              "mpaas:ListMdsUpgradePackages"
          ],
          "Resource": "*",
          "Effect": "Deny"
        },
        {
          "Action": [
              "mpaas:*"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
    ]
}

This policy denies the ListMdsUpgradePackages operation while allowing all other mPaaS operations.

Previous:Control access for RAM users at the component levelNext:ActionTrail audit log overview