本文介绍了低代码音视频工厂需要关联其他基础云产品使用时,采用的关联角色机制以及本产品关联角色AliyunServiceRoleForImp所使用的权限范围。
关联角色简介
关联角色是云产品在某些情况下,为了完成自身的某个功能,需要获取其他云产品的访问权限而提供的一种RAM角色,关联角色后可完成产品间的访问调用。更多关于产品关联角色的信息请参见服务关联角色。
本产品关联角色的使用场景
使用本产品中的直播、录制、白板、连麦功能,需要访问视频直播、音视频通信(RTC)、互动白板、OSS、智能媒体生产(ICE)和CDN云服务的资源。
您可通过自动创建的关联角色AliyunServiceRoleForImp获取访问权限。该角色具备的权限范围,请参见本文档下方描述。
当您不再使用低代码音视频工厂产品,可以删除关联角色AliyunServiceRoleForImp,请参见本文档下方描述。
本产品关联角色的权限范围
AliyunServiceRoleForImp角色具备以下云产品的访问权限:
视频直播的访问权限
{
"Action": [
"live:CreateLiveStreamRecordIndexFiles",
"live:DescribeLiveRecordConfig",
"live:DescribeUserLiveStatus",
"live:AddLiveDomain",
"live:DescribeLiveUserDomains",
"live:DescribeLiveDomainConfigs",
"live:DescribeLiveDomainCname",
"live:DescribeLiveVerifyContent",
"live:VerifyLiveDomainOwner",
"live:AddLiveDomainMapping",
"live:AddLiveStreamTranscode",
"live:DescribeLiveStreamTranscodeInfo",
"live:AddLiveAppRecordConfig",
"live:DeleteLiveAppRecordConfig",
"live:DescribeLiveRecordConfig",
"live:DeleteLiveDomainPlayMapping",
"live:DeleteLiveDomain",
"live:DeleteLiveDomainMapping",
"live:DescribeLiveDomainMapping",
"live:DescribeLiveDomainDetail",
"live:DescribeLiveUserDomains",
"live:DescribeLiveCertificateDetail",
"live:DescribeLiveDomainCertificateInfo",
"live:DescribeLiveCertificateList",
"live:SetLiveDomainCertificate",
"live:BatchDeleteLiveDomainConfigs",
"live:BatchSetLiveDomainConfigs",
"live:AddLivePullStreamInfoConfig",
"live:DescribeLivePullStreamConfig",
"live:DescribeLiveStreamsBlockList",
"live:DescribeLiveStreamsControlHistory",
"live:ForbidLiveStream",
"live:ResumeLiveStream",
"live:DescribeLiveDomainOnlineUserNum",
"live:DescribeLiveDomainFrameRateAndBitRateData",
"live:DescribeLiveDomainLimit",
"live:SetLiveStreamsNotifyUrlConfig",
"live:DescribeLiveStreamsNotifyUrlConfig",
"live:DeleteLiveStreamsNotifyUrlConfig",
"live:DeleteLiveAppRecordConfig",
"live:DescribeLiveRecordConfig",
"live:DescribeLiveStreamRecordContent",
"live:DescribeLiveStreamRecordIndexFile",
"live:DescribeLiveStreamRecordIndexFiles",
"live:AddLiveRecordNotifyConfig",
"live:DeleteLiveRecordNotifyConfig",
"live:DescribeLiveRecordNotifyConfig",
"live:UpdateLiveRecordNotifyConfig",
"live:AddLiveAppSnapshotConfig",
"live:DeleteLiveAppSnapshotConfig",
"live:DescribeLiveSnapshotConfig",
"live:AddLiveSnapshotDetectPornConfig",
"live:AddLiveDetectNotifyConfig",
"live:DescribeLiveSnapshotDetectPornConfig",
"live:DescribeLiveDetectNotifyConfig",
"live:UpdateLiveSnapshotDetectPornConfig",
"live:UpdateLiveDetectNotifyConfig",
"live:DeleteLiveSnapshotDetectPornConfig",
"live:DeleteLiveDetectNotifyConfig",
"live:AddRtsLiveStreamTranscode",
"live:AddLiveStreamTranscode",
"live:AddCustomLiveStreamTranscode",
"live:DeleteLiveStreamTranscode",
"live:describeLiveDomainCname"
],
"Resource": "*",
"Effect": "Allow"
}音视频通信(RTC)的访问权限
{
"Action": [
"rtc:CreateRecordIndexFile",
"rtc:DescribeRTCAppKey",
"rtc:AddRecordTemplate",
"rtc:DeleteRecordTemplate",
"rtc:UpdateRecordTemplate",
"rtc:DescribeRecordTemplates",
"rtc:DescribeRecordFiles",
"rtc:StartRecordTask",
"rtc:StopRecordTask",
"rtc:UpdateRecordTask",
"rtc:CreateRtcApp",
"rtc:DescribeApps",
"rtc:StartMPUTask",
"rtc:GetMPUTaskStatus",
"rtc:StopMPUTask",
"rtc:UpdateMPULayout",
"rtc:DeleteMPULayout",
"rtc:CreateMPULayout",
"rtc:DescribeMPULayoutInfoList",
"rtc:ModifyMPULayout",
"rtc:DescribeMPULayoutList"
],
"Resource": "*",
"Effect": "Allow"
}互动白板的访问权限
{
"Action": [
"rtc-white-board:SetAppCallbackType",
"rtc-white-board:StartWhiteBoardRecording",
"rtc-white-board:StopWhiteBoardRecording",
"rtc-white-board:PauseWhiteBoardRecording",
"rtc-white-board:ResumeWhiteBoardRecording",
"rtc-white-board:CreateApp",
"rtc-white-board:SetAppCallbackUrl",
"rtc-white-board:SetAppDomainNames",
"rtc-white-board:SetAppStatus",
"rtc-white-board:DescribeApps",
"rtc-white-board:DescribeWhiteBoards",
"rtc-white-board:CreateWhiteBoard",
"rtc-white-board:OpenWhiteBoard",
"rtc-white-board:DescribeWhiteBoardRecordings",
"rtc-white-board:RefreshUsersPermissions",
"rtc-white-board:SetUsersPermissions"
],
"Resource": "*",
"Effect": "Allow"
}OSS的访问权限
{
"Action": [
"oss:PutBucket",
"oss:PutBucketAcl",
"oss:GetBucketAcl",
"oss:PutBucketTransferAcceleration",
"oss:GetBucketTransferAcceleration",
"oss:PutBucketCors",
"oss:GetBucketCors",
"oss:DeleteBucketCors",
"oss:OptionObject",
"oss:ListBuckets",
"oss:GetBucketInfo",
"oss:HeadObject",
"oss:GetObjectMeta"
],
"Resource": "*",
"Effect": "Allow"
}CDN的访问权限
{
"Action": [
"cdn:DescribeCdnService",
"cdn:OpenCdnService",
"cdn:AddCdnDomain",
"cdn:ModifyCdnDomain",
"cdn:DescribeUserDomains",
"cdn:DescribeCdnDomainDetail",
"cdn:VerifyDomainOwner",
"cdn:DescribeVerifyContent",
"cdn:DescribeCdnDomainConfig",
"cdn:BatchSetCdnDomainConfig",
"cdn:DescribeDomainCname",
"cdn:DescribeCdnDomainConfigs"
],
"Resource": "*",
"Effect": "Allow"
}智能媒体生产(ICE)的访问权限
{
"Action": [
"ice:RegisterMediaInfo",
"ice:ListMediaBasicInfos",
"ice:GetMediaInfo",
"ice:GetEditingProjectMaterials",
"ice:AddEditingProjectMaterials",
"ice:DeleteEditingProjectMaterials",
"ice:CreateEditingProject",
"ice:GetEditingProject",
"ice:UpdateEditingProject",
"ice:DeleteEditingProjects",
"ice:SubmitMediaProducingJob"
],
"Resource": "*",
"Effect": "Allow"
}删除AliyunServiceRoleForImp
如果您不再需要使用低代码音视频工厂,可以删除AliyunServiceRoleForImp。
此处介绍删除的操作步骤。
登录RAM控制台,在左侧导航栏中单击角色。
在角色页面的搜索框中,输入AliyunServiceRoleForImp,自动搜索到名称为AliyunServiceRoleForImp的RAM角色。
在右侧操作列,单击删除。
在弹出的删除RAM角色对话框,单击确定。
如果当前账号下存在未删除的低代码音视频工厂应用,则需先删除所有应用后才能删除AliyunServiceRoleForImp,否则提示删除失败。
常见问题
为什么我的RAM用户无法自动创建低代码音视频工厂关联角色AliyunServiceRoleForImp?
您需要为RAM用户添加如下权限,才能自动创建或删除AliyunServiceRoleForImp。
{
"Statement": [
{
"Action": [
"ram:CreateServiceLinkedRole"
],
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"imp.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}文档内容是否对您有帮助?