You can use the following example policy to authorize a RAM user to manage resource groups.
The following policy allows a RAM user to create and delete resource groups and to view and modify their basic information in Resource Management.
{
"Statement": [{
"Action": "ram:*ResourceGroup*",
"Effect": "Allow",
"Resource": "*"
}],
"Version": "1"
}Note
If you want to authorize a RAM user to perform more group-related operations, such as managing resources in a resource group, granting permissions to a resource group, or migrating resources across resource groups, you must attach other policies to the RAM user. For more information, see RAM authorization.
该文章对您有帮助吗?