You can grant RAM users permissions to manage OpenSearch Retrieval Engine Edition resources, such as creating instances or viewing monitoring metrics. You can grant permissions by using system policies or custom policies.
Create a RAM user
A RAM user is an identity within RAM that represents a person or application interacting with your resources. After you create a RAM user and grant the necessary permissions, the user can access your resources.
To create a RAM user, see Create a RAM user.
Authorize a RAM user
You can grant a RAM user permissions to access your OpenSearch Retrieval Engine Edition resources by attaching a system policy or a custom policy. For detailed instructions, see Grant permissions to a RAM user and Create custom policies.
Common policy combinations
-
(System policy) Manage OpenSearch Retrieval Engine Edition resources:
AliyunSearchEngineFullAccess
-
(System policy) View OpenSearch Retrieval Engine Edition resources (read-only):
AliyunSearchEngineReadOnlyAccess
-
(System policy) View and configure alerting settings:
AliyunElasticsearchReadOnlyAccess and AliyunElasticsearchFullAccess