DocsICP FilingConsole
官方文档
首页

Grant permissions to a RAM user

更新时间:
复制 MD 格式
产品详情
我的收藏

Create a RAM user.

Log on to the RAM console and create a RAM user. For detailed instructions, see Create a RAM user.

Grant the read-only permissions on Alibaba Cloud DNS PrivateZone to the RAM user.

In the RAM console, choose Identity > Users. Select a RAM user, click Add Permissions, and attach the AliyunPvtzReadOnlyAccess system policy to the RAM user. For detailed instructions, see Grant permissions to a RAM user.

Grant the full access permissions on Alibaba Cloud DNS PrivateZone to the RAM user.

In the RAM console, attach the AliyunPvtzFullAccess system policy to a RAM user. For detailed instructions, see Grant permissions to a RAM user.

Grant the RAM user the permissions to manage Alibaba Cloud DNS PrivateZone zones.

In this case, you must create a custom policy. For example, the IDs of the zones are djiow001 and djiow002.

  • First, in the RAM console, go to Policies and create a custom policy named AliyunPvtzSingleAccess with the following content. For detailed instructions, see Create a custom policy.

{
  "Version": "1",
  "Statement": [
    {
      "Action": "pvtz:*",
      "Resource": [
                      "acs:pvtz:*:*:zone/djiow001",
                    "acs:pvtz:*:*:zone/djiow002"
                    ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "pvtz:DescribeUserServiceStatus",
        "pvtz:DescribeZones",
        "pvtz:DescribeRegions",
        "pvtz:DescribeVpcs"
      ],
      "Resource": "acs:pvtz:*:*:*",
      "Effect": "Allow"
    }
  ]
}

  • Then, attach the AliyunPvtzSingleAccess policy to the RAM user.