Background information
The TINGWU API service (tingwupaas) uses the service-linked role, AliyunServiceRoleForTingwuPaaS, to access other Alibaba Cloud services. This RAM role grants the permissions needed for certain TINGWU features to function. For more information about service-linked roles, see Service-linked roles.
Scenarios
The audio/video file recording and real-time meeting recording features of the TINGWU API service require access to OSS resources. The service-linked role grants this access.
The message callback notification feature for audio/video file recording and real-time meeting recording requires access to RocketMQ resources. The service-linked role grants this access.
AliyunServiceRoleForTingwuPaaS Introduction
This is the service-linked role for the TINGWU API service. The TINGWU API service uses this role to access your resources in other Alibaba Cloud services.
Role name: AliyunServiceRoleForTingwuPaaS
Access policy: AliyunServiceRolePolicyForTingwuPaaS
Permissions:
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:GetBucketInfo",
"oss:GetObject"
],
"Resource": "acs:oss:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"oss:PutObject",
"oss:ListParts",
"oss:AbortMultipartUpload"
],
"Resource": "acs:oss:*:*:*/tingwu/*"
},
{
"Effect": "Allow",
"Action": "mq:QueryInstanceBaseInfo",
"Resource": "acs:mq:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"mq:PUB",
"mq:SUB"
],
"Resource": "acs:mq:*:*:*%TOPIC_TINGWU_*"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "tingwupaas.aliyuncs.com"
}
}
}
]
}Delete a service-linked role
Deleting the service-linked role prevents TINGWU from functioning correctly. Proceed with caution. Do not delete this role unless you are closing your Alibaba Cloud account.
To delete the AliyunServiceRoleForTingwuPaaS service-linked role, you must first delete all TINGWU projects that depend on it.
To delete TINGWU projects, perform the following steps:
1. Log on to the TINGWU console. In the navigation pane on the left, choose My Projects. A list of all your TINGWU projects appears on the right.
2. Find the project that you want to delete. In the Actions column, click Delete.
3. In the dialog box that appears, click Confirm Deletion.
For instructions on how to delete a service-linked role, see Delete a service-linked role.
Proceed with caution. Delete the service-linked role only when you close your Alibaba Cloud account.
FAQ
Why can't my RAM user automatically create or delete the TINGWU service-linked role AliyunServiceRoleForTingwuPaaS?
Specific permissions are required to automatically create or delete AliyunServiceRoleForTingwuPaaS. If a RAM user cannot automatically create AliyunServiceRoleForTingwuPaaS, you must add the following access policy for the user.
{
"Action": [
"ram:CreateServiceLinkedRole",
"ram:DeleteServiceLinkedRole"
],
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "tingwupaas.aliyuncs.com"
}
}
}Why can't I delete the TINGWU service-linked role?
First, confirm that you have the required delete permissions. Check if your RAM account has been granted the access policy described in the preceding FAQ. If not, contact your Alibaba Cloud account administrator to grant the permission.
If you still cannot delete the role after the permission is granted, check if all your TINGWU projects have been deleted. You must delete all TINGWU projects before you can delete the TINGWU service-linked role (AliyunServiceRoleForTingwuPaaS).
Log on to the TINGWU console and check if any projects remain in the My Projects list. If projects exist, you cannot delete AliyunServiceRoleForTingwuPaaS. You can delete the role only after all TINGWU projects are deleted.