This topic describes how Short Message Service uses Resource Access Management (RAM) for access control to enable fine-grained permission management and enhance resource access security.
Identity management
To ensure the security of your Alibaba Cloud account and cloud resources, use RAM identities for access instead of using your Alibaba Cloud account to directly access Short Message Service. This practice improves security and enables fine-grained permission management. These identities include the following:
RAM users.
RAM user groups.
RAM roles.
For more information, see Identity management.
Identity-based policies
Access policies use a syntax and structure to describe authorized resources, operations, and conditions. RAM provides two types of policies: system policies and custom policies. System policies are created and maintained by Alibaba Cloud. You can use these policies but cannot modify them. You can create and manage custom policies.
Short Message Service: System policy reference
During product iterations, Short Message Service adds new permissions to system policies to support new features. Updates to system policies affect all RAM identities that are attached to the policy, including RAM users, RAM user groups, and RAM roles.
Custom policies
If system policies do not meet your requirements, you can create custom policies to achieve least privilege. Custom policies provide fine-grained permission control, which lets you meet specific business requirements while maximizing the security of your resources.
For more information, see Identity-based policies.
DysmsLog service-linked role
A service-linked role is a RAM role that is provided for a specific feature of Short Message Service. Short Message Service uses the service-linked role to obtain permissions to access other Alibaba Cloud services. This includes the following:
Scenarios for the DysmsLog service-linked role.
Introduction to AliyunServiceRoleForDysmsLog.
How to delete the DysmsLog service-linked role.
For more information, see DysmsLog service-linked role.