当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了云备份(Cloud Backup)对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内云备份(Cloud Backup)资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
云备份(Cloud Backup)支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
云备份(Cloud Backup) |
hbr |
hanainstance : SAP HANA实例 |
|
云备份(Cloud Backup) |
hbr |
vault : 仓库 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
云备份(Cloud Backup)中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
hbr:ActivateClient |
- |
|
hbr:ActivateEcsClient |
- |
|
hbr:AddContainerCluster |
注册一个容器集群。 |
|
hbr:AddCrossAccount |
- |
|
hbr:AddDataSource |
- |
|
hbr:AddHanaMetadata |
- |
|
hbr:AddIndexCluster |
- |
|
hbr:AddParameter |
- |
|
hbr:AddServer |
- |
|
hbr:AddSqlServerLog |
- |
|
hbr:AddVcenter |
- |
|
hbr:BatchCountTables |
- |
|
hbr:BrowseAirFiles |
- |
|
hbr:BrowseFileDetectionRiskFiles |
- |
|
hbr:BrowseFiles |
- |
|
hbr:CallMaintenanceApi |
- |
|
hbr:CallUniGatewayApi |
- |
|
hbr:CancelBackupJob |
取消一个备份任务。 |
|
hbr:CancelDiscoveringDatabase |
- |
|
hbr:CancelFileDetection |
- |
|
hbr:CancelHanaBackup |
- |
|
hbr:CancelHanaRestore |
- |
|
hbr:CancelJob |
- |
|
hbr:CancelRestore |
- |
|
hbr:CancelRestoreJob |
取消一个恢复任务。 |
|
hbr:CancelSqlServerRestore |
- |
|
hbr:CancelStreamFileSyncTask |
- |
|
hbr:CancelVmBackup |
- |
|
hbr:CancelVmLocalRestore |
- |
|
hbr:CancelVmMigration |
- |
|
hbr:CheckRole |
用于检查用户是否有权限访问当前资源或页面。 |
|
hbr:CheckSlrRole |
- |
|
hbr:ClientReceiveMessage |
- |
|
hbr:ClientSendMessage |
- |
|
hbr:CommitTestRestore |
- |
|
hbr:CompleteVmIncrementalMigration |
- |
|
hbr:ControlReplicationVault |
- |
|
hbr:ControlUniBackupJob |
- |
|
hbr:ControlUniBackupPlan |
- |
|
hbr:ConvertToPostPaidInstance |
- |
|
hbr:CreateAirEcsInstance |
- |
|
hbr:CreateAirRestoreJob |
- |
|
hbr:CreateBackupEssentialEdition |
- |
|
hbr:CreateBackupJob |
创建一个手动备份任务。 |
|
hbr:CreateBackupPlan |
创建一个备份计划。 |
|
hbr:CreateBackupSourceGroup |
- |
|
hbr:CreateChildBackupJobs |
- |
|
hbr:CreateClient |
- |
|
hbr:CreateCluster |
- |
|
hbr:CreateContact |
- |
|
hbr:CreateContactGroup |
- |
|
hbr:CreateEcsAirBackup |
- |
|
hbr:CreateHanaRestore |
创建SAP HANA数据库恢复任务。 |
|
hbr:CreateJob |
- |
|
hbr:CreateJobs |
- |
|
hbr:CreatePolicy |
- |
|
hbr:CreatePolicyBindings |
将一个或多个数据源绑定到某个策略。 |
|
hbr:CreatePolicyV2 |
创建一个策略。 |
|
hbr:CreateReportFileGenerateTask |
- |
|
hbr:CreateRestore |
- |
|
hbr:CreateRestoreJob |
创建一个恢复任务。 |
|
hbr:CreateSlr |
- |
|
hbr:CreateSnapshot |
- |
|
hbr:CreateSnapshot2 |
- |
|
hbr:CreateSqlServerInstance |
- |
|
hbr:CreateSqlServerRestore |
- |
|
hbr:CreateSqlServerSnapshot |
- |
|
hbr:CreateSubTask |
- |
|
hbr:CreateTempFileUploadUrl |
生成上传文件链接所需的参数和签名。 |
|
hbr:CreateUniBackupPlan |
- |
|
hbr:CreateUniBackupVault |
- |
|
hbr:CreateUniRestorePlan |
- |
|
hbr:CreateUploadLogTask |
- |
|
hbr:CreateVmBackupPlan |
- |
|
hbr:CreateVmMigrationPlan |
- |
|
hbr:DeleteAirEcsInstance |
从ECS备份基础版移除仅恢复ECS。 |
|
hbr:DeleteBackupClient |
删除一个备份客户端。 |
|
hbr:DeleteBackupClientResource |
删除备份客户端的所属资源。 |
|
hbr:DeleteBackupEssentialEdition |
- |
|
hbr:DeleteBackupPlan |
删除一个备份计划。 |
|
hbr:DeleteBackupSourceGroup |
- |
|
hbr:DeleteClients |
- |
|
hbr:DeleteCluster |
- |
|
hbr:DeleteContact |
- |
|
hbr:DeleteContactGroup |
- |
|
hbr:DeleteContainerCluster |
- |
|
hbr:DeleteCrossAccount |
- |
|
hbr:DeleteEcsAirBackup |
- |
|
hbr:DeleteHanaMetadata |
- |
|
hbr:DeleteJob |
- |
|
hbr:DeletePolicy |
- |
|
hbr:DeletePolicyBinding |
将数据源与策略解绑,解绑后,策略将无法保护该数据源,请谨慎操作。 |
|
hbr:DeletePolicyV2 |
删除一个策略。 |
|
hbr:DeleteServer |
- |
|
hbr:DeleteSnapshot |
删除一个备份快照。 |
|
hbr:DeleteSqlServerBackupJob |
- |
|
hbr:DeleteSqlServerInstance |
- |
|
hbr:DeleteSqlServerLog |
- |
|
hbr:DeleteSqlServerSnapshot |
- |
|
hbr:DeleteUdmDisk |
取消保护云盘。 |
|
hbr:DeleteUdmEcsInstance |
取消保护ECS整机备份实例。 |
|
hbr:DeleteUniBackupClient |
- |
|
hbr:DeleteUniBackupPlan |
- |
|
hbr:DeleteUniBackupVault |
- |
|
hbr:DeleteUniRestorePlan |
- |
|
hbr:DeleteVcenter |
- |
|
hbr:DeleteVmBackupPlanExecution |
- |
|
hbr:DeleteVmMigrationPlan |
- |
|
hbr:DescribeAirEcsInstancesInfo |
- |
|
hbr:DescribeAirInstances |
- |
|
hbr:DescribeAirSnapshots |
- |
|
hbr:DescribeAlertConfig |
- |
|
hbr:DescribeBackupClients |
获取一个或者多个符合条件的备份客户端信息。 |
|
hbr:DescribeBackupJobStatistics |
- |
|
hbr:DescribeBackupJobs |
- |
|
hbr:DescribeBackupJobs2 |
查询一个或者多个符合条件的备份任务。 |
|
hbr:DescribeBackupPlans |
获取一个或者多个符合条件的备份计划。 |
|
hbr:DescribeBackupSourceGroups |
- |
|
hbr:DescribeBackupSources |
- |
|
hbr:DescribeClientAlertConfig |
- |
|
hbr:DescribeClientVersion |
- |
|
hbr:DescribeClusters |
- |
|
hbr:DescribeContainerCluster |
查询符合条件的一个或多个容器集群。 |
|
hbr:DescribeContainerResource |
- |
|
hbr:DescribeCrossAccounts |
用于跨账号备份中,查询被当前账号管理的跨账号信息。 |
|
hbr:DescribeDataSourceProtectionDetails |
- |
|
hbr:DescribeDataSourceProtectionStatistics |
- |
|
hbr:DescribeDataSources |
- |
|
hbr:DescribeDisks |
- |
|
hbr:DescribeEcsInstances |
- |
|
hbr:DescribeFeatureTrialInfo |
- |
|
hbr:DescribeFeatureUser |
- |
|
hbr:DescribeFileDetections |
- |
|
hbr:DescribeGatewayWaterLevel |
- |
|
hbr:DescribeHanaBackupSetting |
查询SAP HANA数据库的备份参数。 |
|
hbr:DescribeHanaBackups |
- |
|
hbr:DescribeHanaMetadata |
- |
|
hbr:DescribeHanaRetentionSetting |
查询数据库的保留时间。 |
|
hbr:DescribeIndexClusters |
- |
|
hbr:DescribeInstances |
- |
|
hbr:DescribeInstancesInVault |
- |
|
hbr:DescribeInstancesInfo |
- |
|
hbr:DescribeJobs |
- |
|
hbr:DescribeKmsKeys |
- |
|
hbr:DescribeNasFileSystems |
- |
|
hbr:DescribeOtsInstances |
- |
|
hbr:DescribeOtsTableSnapshots |
查询表格存储备份详情。 |
|
hbr:DescribeOverview |
- |
|
hbr:DescribeParameterSchemas |
- |
|
hbr:DescribeParameters |
- |
|
hbr:DescribePlans |
- |
|
hbr:DescribePolicies |
- |
|
hbr:DescribePoliciesV2 |
查询一个或多个策略。 |
|
hbr:DescribePolicyBindingAlertConfig |
- |
|
hbr:DescribePolicyBindings |
查询策略绑定的一个或多个数据源、查询数据源绑定的一个或多个策略。 |
|
hbr:DescribeProtectedEcsInstances |
- |
|
hbr:DescribeRecoverableOtsInstances |
查询可恢复表格存储实例的数据表。 |
|
hbr:DescribeRestoreJobs |
- |
|
hbr:DescribeRestoreJobs2 |
查询一个或者多个符合条件的恢复任务。 |
|
hbr:DescribeRestores |
- |
|
hbr:DescribeSecurityGroups |
- |
|
hbr:DescribeServers |
- |
|
hbr:DescribeSnapshotExistenceByTimeRange |
- |
|
hbr:DescribeSnapshots |
- |
|
hbr:DescribeSqlServerDatabases |
- |
|
hbr:DescribeSqlServerInstances |
- |
|
hbr:DescribeSqlServerLogs |
- |
|
hbr:DescribeSqlServerRestores |
- |
|
hbr:DescribeSqlServerSnapshots |
- |
|
hbr:DescribeStreamFileSyncTasks |
- |
|
hbr:DescribeSubTask |
- |
|
hbr:DescribeUdmDisks |
- |
|
hbr:DescribeUdmEcsInstances |
- |
|
hbr:DescribeUdmSnapshotLinks |
- |
|
hbr:DescribeUdmSnapshots |
查询整机备份快照。 |
|
hbr:DescribeUniBackupClients |
- |
|
hbr:DescribeUniBackupCluster |
- |
|
hbr:DescribeUniBackupInstanceDetail |
- |
|
hbr:DescribeUniBackupInstances |
- |
|
hbr:DescribeUniBackupPlans |
- |
|
hbr:DescribeUniBackupTrialInfo |
- |
|
hbr:DescribeUniBackupTrialUser |
- |
|
hbr:DescribeUniBackupVault |
- |
|
hbr:DescribeUniHistories |
- |
|
hbr:DescribeUniRestoreInfo |
- |
|
hbr:DescribeUniRestorePlans |
- |
|
hbr:DescribeUserBusinessStatus |
- |
|
hbr:DescribeVSwitches |
- |
|
hbr:DescribeVcenters |
- |
|
hbr:DescribeVmBackupPlanExecution |
- |
|
hbr:DescribeVmBackupPlanExecutions |
- |
|
hbr:DescribeVmBackupPlans |
- |
|
hbr:DescribeVmClientFlowControlPolicy |
- |
|
hbr:DescribeVmIncrementalMigrationJob |
- |
|
hbr:DescribeVmIncrementalMigrations |
- |
|
hbr:DescribeVmMigrationPlans |
- |
|
hbr:DescribeVmMigrations |
- |
|
hbr:DescribeVpcs |
- |
|
hbr:DetachNasFileSystem |
删除一个由云备份服务创建的内部挂载点。 |
|
hbr:DisableAirBackupPlan |
- |
|
hbr:DisableBackupPlan |
暂停一个备份计划。 |
|
hbr:DisableEcsAirBackup |
- |
|
hbr:DisableJob |
- |
|
hbr:DisableVmBackupPlan |
- |
|
hbr:DiscoverDatabase |
- |
|
hbr:EnableAirBackupPlan |
- |
|
hbr:EnableBackupPlan |
继续一个备份计划。 |
|
hbr:EnableEcsAirBackup |
- |
|
hbr:EnableJob |
- |
|
hbr:EnableVmBackupPlan |
- |
|
hbr:ExecuteAirBackupPlan |
- |
|
hbr:ExecuteBackupPlan |
执行一个备份计划。 |
|
hbr:ExecuteHanaBackup |
- |
|
hbr:ExecuteJob |
- |
|
hbr:ExecutePlan |
- |
|
hbr:ExecutePolicyV2 |
为一个或所有绑定的数据源执行策略。 |
|
hbr:ExploreVcenter |
- |
|
hbr:GenerateClientToken |
- |
|
hbr:GenerateStsCredential |
- |
|
hbr:GetAirStatistics |
- |
|
hbr:GetBasicStatistics |
- |
|
hbr:GetBucket |
- |
|
hbr:GetClientDownloadLink |
- |
|
hbr:GetClientsToRestore |
- |
|
hbr:GetDirectorySize |
- |
|
hbr:GetDiscoveredDatabase |
- |
|
hbr:GetFileDetectionStatistics |
- |
|
hbr:GetGlobalStatistics |
- |
|
hbr:GetMetrics |
- |
|
hbr:GetNasToRestore |
- |
|
hbr:GetOssBucketsToRestore |
- |
|
hbr:GetProtectedResource |
- |
|
hbr:GetReactivateUserToken |
- |
|
hbr:GetRunningAgents |
- |
|
hbr:GetSnapshotErrorFileDownloadLink |
- |
|
hbr:GetSnapshotRiskFileDownloadLink |
- |
|
hbr:GetSqlServerDatabasesToRestore |
- |
|
hbr:GetSqlServersToRestore |
- |
|
hbr:GetSyncActualSize |
- |
|
hbr:GetSystemSettings |
- |
|
hbr:GetTempFileDownloadLink |
获取任务报表等文件的下载链接。 |
|
hbr:GetTrialInfo |
- |
|
hbr:GetUniBackupInstallerToken |
- |
|
hbr:GetUserToken |
- |
|
hbr:GetValidParameter |
- |
|
hbr:GetVaultBuckets |
- |
|
hbr:GetVaultList |
- |
|
hbr:GetVaultTransition |
- |
|
hbr:GetVaults |
- |
|
hbr:InitClusterForCpfs |
- |
|
hbr:InstallBackupClients |
为一台或者多台ECS实例安装备份客户端。 |
|
hbr:InstallLocalBackupClients |
- |
|
hbr:InstallUniBackupAgent |
- |
|
hbr:KeepAfterTrialExpiration |
- |
|
hbr:ListBucketInventory |
- |
|
hbr:ListGrayReleaseObjectTypes |
- |
|
hbr:ListOssBuckets |
- |
|
hbr:ListOtsInstances |
- |
|
hbr:ListOtsTables |
- |
|
hbr:ListPolicyTagDataSources |
- |
|
hbr:ListProtectedResources |
- |
|
hbr:ListReportFiles |
- |
|
hbr:ListTagKeys |
- |
|
hbr:ListTagResources |
- |
|
hbr:ListTagValues |
- |
|
hbr:ListVaultTransitions |
- |
|
hbr:LocalRestoreVms |
- |
|
hbr:OfflineAgent |
- |
|
hbr:OpenHbrService |
开通云备份服务。 |
|
hbr:OpsDescribeClientConnectionStatistics |
- |
|
hbr:OpsDescribeClientConnections |
- |
|
hbr:OpsDescribeMessageStatistics |
- |
|
hbr:OpsDescribeMessages |
- |
|
hbr:OpsDescribePolicies |
- |
|
hbr:OpsDescribePolicyBindings |
- |
|
hbr:OpsExecutePlans |
- |
|
hbr:PreCheckDatabase |
- |
|
hbr:PreCheckSourceGroup |
- |
|
hbr:PrecheckSqlServerInstance |
- |
|
hbr:QueryAvailableInstances |
- |
|
hbr:RecordSubTaskLaunch |
- |
|
hbr:RemoveDataSource |
- |
|
hbr:RemoveParameter |
- |
|
hbr:RemoveVmBackupPlan |
- |
|
hbr:RenewClientToken |
- |
|
hbr:ReportFileDetectionRiskFiles |
- |
|
hbr:ReportStatistics |
- |
|
hbr:ResumeVmMigration |
- |
|
hbr:RunVmBackupPlan |
- |
|
hbr:SearchBackupFiles |
- |
|
hbr:SearchHistoricalSnapshots |
获取一个或者多个符合条件的历史备份快照。 |
|
hbr:SearchObject |
- |
|
hbr:SendEmailVerifyCode |
- |
|
hbr:SendMessage |
- |
|
hbr:SendMobileVerifyCode |
- |
|
hbr:SendSlaRecord |
- |
|
hbr:SetNasLimiterForFileSystem |
- |
|
hbr:SetSystemSetting |
- |
|
hbr:StartHanaDatabaseAsync |
启动数据库。 |
|
hbr:StopHanaDatabaseAsync |
停止SAP HANA数据库。 |
|
hbr:SubmitStreamFileSyncTask |
- |
|
hbr:TagResources |
- |
|
hbr:TestRestoreVmMigration |
- |
|
hbr:UninstallBackupClients |
为一台或者多台ECS实例卸载备份客户端。 |
|
hbr:UninstallLocalBackupClients |
- |
|
hbr:UninstallUniBackupAgent |
- |
|
hbr:UntagResources |
- |
|
hbr:UpdateAirAlertConfig |
- |
|
hbr:UpdateAirInstance |
- |
|
hbr:UpdateAlertConfig |
- |
|
hbr:UpdateBackupJob |
- |
|
hbr:UpdateBackupJobToConfirmed |
- |
|
hbr:UpdateBackupJobs |
- |
|
hbr:UpdateBackupPlan |
更新一个备份计划。 |
|
hbr:UpdateBackupSourceGroup |
- |
|
hbr:UpdateClientAlertConfig |
- |
|
hbr:UpdateClientClusterForCpfs |
- |
|
hbr:UpdateCluster |
- |
|
hbr:UpdateContact |
- |
|
hbr:UpdateContactGroup |
- |
|
hbr:UpdateContainerCluster |
更新容器集群信息,包括容器集群名称、网络类型等。 |
|
hbr:UpdateDataSource |
- |
|
hbr:UpdateFeatureUserTrialInfo |
- |
|
hbr:UpdateHanaBackupSetting |
更新SAP HANA数据库备份参数。 |
|
hbr:UpdateHanaRestore |
- |
|
hbr:UpdateHanaRetentionSetting |
更新SAP HANA数据库的备份保留时间。 |
|
hbr:UpdateIndexCluster |
- |
|
hbr:UpdateJob |
- |
|
hbr:UpdateParameter |
- |
|
hbr:UpdatePlan |
- |
|
hbr:UpdatePolicy |
- |
|
hbr:UpdatePolicyBinding |
修改策略与数据源的关联关系。 |
|
hbr:UpdatePolicyBindingAlertConfig |
- |
|
hbr:UpdatePolicyV2 |
修改一个策略。 |
|
hbr:UpdateRestore |
- |
|
hbr:UpdateRestoreJob |
- |
|
hbr:UpdateServer |
- |
|
hbr:UpdateSnapshot |
- |
|
hbr:UpdateSnapshotInner |
- |
|
hbr:UpdateSqlServerInstance |
- |
|
hbr:UpdateSqlServerRestore |
- |
|
hbr:UpdateSubTask |
- |
|
hbr:UpdateUniBackupInstance |
- |
|
hbr:UpdateUniBackupPlan |
- |
|
hbr:UpdateUniBackupTrialUser |
- |
|
hbr:UpdateUniBackupVault |
- |
|
hbr:UpdateVcenter |
- |
|
hbr:UpdateVmBackupPlan |
- |
|
hbr:UpdateVmBackupPlanExecution |
- |
|
hbr:UpdateVmClientFlowControlPolicy |
- |
|
hbr:UpdateVmIncrementalMigration |
- |
|
hbr:UpdateVmMigration |
- |
|
hbr:UpgradeBackupClients |
为一台或者多台ECS实例升级备份客户端。 |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "hbr:BrowseAirFiles", "hbr:BrowseFileDetectionRiskFiles", "hbr:BrowseFiles", "hbr:CancelDiscoveringDatabase", "hbr:CheckRole", "hbr:CheckSlrRole", "hbr:DescribeAirEcsInstancesInfo", "hbr:DescribeAirInstances", "hbr:DescribeAirSnapshots", "hbr:DescribeAlertConfig", "hbr:DescribeBackupClients", "hbr:DescribeBackupJobStatistics", "hbr:DescribeBackupJobs", "hbr:DescribeBackupJobs2", "hbr:DescribeBackupPlans", "hbr:DescribeBackupSourceGroups", "hbr:DescribeBackupSources", "hbr:DescribeClientAlertConfig", "hbr:DescribeClientVersion", "hbr:DescribeClusters", "hbr:DescribeContainerCluster", "hbr:DescribeContainerResource", "hbr:DescribeCrossAccounts", "hbr:DescribeDataSourceProtectionDetails", "hbr:DescribeDataSourceProtectionStatistics", "hbr:DescribeDataSources", "hbr:DescribeDisks", "hbr:DescribeEcsInstances", "hbr:DescribeFeatureTrialInfo", "hbr:DescribeFileDetections", "hbr:DescribeHanaBackupSetting", "hbr:DescribeHanaBackups", "hbr:DescribeHanaMetadata", "hbr:DescribeHanaRetentionSetting", "hbr:DescribeInstances", "hbr:DescribeInstancesInVault", "hbr:DescribeInstancesInfo", "hbr:DescribeJobs", "hbr:DescribeKmsKeys", "hbr:DescribeNasFileSystems", "hbr:DescribeOtsInstances", "hbr:DescribeOtsTableSnapshots", "hbr:DescribeOverview", "hbr:DescribePlans", "hbr:DescribePolicies", "hbr:DescribePoliciesV2", "hbr:DescribePolicyBindingAlertConfig", "hbr:DescribePolicyBindings", "hbr:DescribeRecoverableOtsInstances", "hbr:DescribeRestoreJobs", "hbr:DescribeRestoreJobs2", "hbr:DescribeRestores", "hbr:DescribeSecurityGroups", "hbr:DescribeServers", "hbr:DescribeSnapshotExistenceByTimeRange", "hbr:DescribeSnapshots", "hbr:DescribeSqlServerDatabases", "hbr:DescribeSqlServerInstances", "hbr:DescribeSqlServerLogs", "hbr:DescribeSqlServerRestores", "hbr:DescribeSqlServerSnapshots", "hbr:DescribeSubTask", "hbr:DescribeUdmDisks", "hbr:DescribeUdmEcsInstances", "hbr:DescribeUdmSnapshotLinks", "hbr:DescribeUdmSnapshots", "hbr:DescribeUniBackupClients", "hbr:DescribeUniBackupCluster", "hbr:DescribeUniBackupInstanceDetail", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeUniBackupTrialInfo", "hbr:DescribeUniBackupVault", "hbr:DescribeUniHistories", "hbr:DescribeUniRestoreInfo", "hbr:DescribeUniRestorePlans", "hbr:DescribeUserBusinessStatus", "hbr:DescribeVSwitches", "hbr:DescribeVcenters", "hbr:DescribeVmBackupPlanExecution", "hbr:DescribeVmBackupPlanExecutions", "hbr:DescribeVmBackupPlans", "hbr:DescribeVmClientFlowControlPolicy", "hbr:DescribeVmIncrementalMigrationJob", "hbr:DescribeVmIncrementalMigrations", "hbr:DescribeVmMigrationPlans", "hbr:DescribeVmMigrations", "hbr:DescribeVpcs", "hbr:DisableAirBackupPlan", "hbr:EnableAirBackupPlan", "hbr:ExecuteAirBackupPlan", "hbr:ExploreVcenter", "hbr:GenerateClientToken", "hbr:GenerateStsCredential", "hbr:GetAirStatistics", "hbr:GetBasicStatistics", "hbr:GetBucket", "hbr:GetClientDownloadLink", "hbr:GetClientsToRestore", "hbr:GetDirectorySize", "hbr:GetDiscoveredDatabase", "hbr:GetFileDetectionStatistics", "hbr:GetGlobalStatistics", "hbr:GetMetrics", "hbr:GetNasToRestore", "hbr:GetOssBucketsToRestore", "hbr:GetProtectedResource", "hbr:GetReactivateUserToken", "hbr:GetRunningAgents", "hbr:GetSnapshotErrorFileDownloadLink", "hbr:GetSnapshotRiskFileDownloadLink", "hbr:GetSqlServerDatabasesToRestore", "hbr:GetSqlServersToRestore", "hbr:GetTempFileDownloadLink", "hbr:GetTrialInfo", "hbr:GetUniBackupInstallerToken", "hbr:GetUserToken", "hbr:GetVaultBuckets", "hbr:GetVaultList", "hbr:GetVaults", "hbr:ListBucketInventory", "hbr:ListOssBuckets", "hbr:ListOtsInstances", "hbr:ListOtsTables", "hbr:ListPolicyTagDataSources", "hbr:ListProtectedResources", "hbr:ListReportFiles", "hbr:ListTagKeys", "hbr:ListTagResources", "hbr:ListTagValues", "hbr:PreCheckSourceGroup", "hbr:PrecheckSqlServerInstance", "hbr:QueryAvailableInstances", "hbr:SearchBackupFiles", "hbr:SearchHistoricalSnapshots", "hbr:SearchObject", "hbr:TestRestoreVmMigration" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "hbr:ActivateClient", "hbr:ActivateEcsClient", "hbr:AddContainerCluster", "hbr:AddCrossAccount", "hbr:AddDataSource", "hbr:AddHanaMetadata", "hbr:AddIndexCluster", "hbr:AddParameter", "hbr:AddServer", "hbr:AddSqlServerLog", "hbr:AddVcenter", "hbr:BatchCountTables", "hbr:BrowseAirFiles", "hbr:BrowseFileDetectionRiskFiles", "hbr:BrowseFiles", "hbr:CallMaintenanceApi", "hbr:CallUniGatewayApi", "hbr:CancelBackupJob", "hbr:CancelDiscoveringDatabase", "hbr:CancelFileDetection", "hbr:CancelHanaBackup", "hbr:CancelHanaRestore", "hbr:CancelJob", "hbr:CancelRestore", "hbr:CancelRestoreJob", "hbr:CancelSqlServerRestore", "hbr:CancelStreamFileSyncTask", "hbr:CancelVmBackup", "hbr:CancelVmLocalRestore", "hbr:CancelVmMigration", "hbr:CheckRole", "hbr:CheckSlrRole", "hbr:ClientReceiveMessage", "hbr:ClientSendMessage", "hbr:CommitTestRestore", "hbr:CompleteVmIncrementalMigration", "hbr:ControlReplicationVault", "hbr:ControlUniBackupJob", "hbr:ControlUniBackupPlan", "hbr:ConvertToPostPaidInstance", "hbr:CreateAirEcsInstance", "hbr:CreateAirRestoreJob", "hbr:CreateBackupEssentialEdition", "hbr:CreateBackupJob", "hbr:CreateBackupPlan", "hbr:CreateBackupSourceGroup", "hbr:CreateChildBackupJobs", "hbr:CreateClient", "hbr:CreateCluster", "hbr:CreateContact", "hbr:CreateContactGroup", "hbr:CreateEcsAirBackup", "hbr:CreateHanaRestore", "hbr:CreateJob", "hbr:CreateJobs", "hbr:CreatePolicy", "hbr:CreatePolicyBindings", "hbr:CreatePolicyV2", "hbr:CreateReportFileGenerateTask", "hbr:CreateRestore", "hbr:CreateRestoreJob", "hbr:CreateSlr", "hbr:CreateSnapshot", "hbr:CreateSnapshot2", "hbr:CreateSqlServerInstance", "hbr:CreateSqlServerRestore", "hbr:CreateSqlServerSnapshot", "hbr:CreateSubTask", "hbr:CreateTempFileUploadUrl", "hbr:CreateUniBackupPlan", "hbr:CreateUniBackupVault", "hbr:CreateUniRestorePlan", "hbr:CreateUploadLogTask", "hbr:CreateVmBackupPlan", "hbr:CreateVmMigrationPlan", "hbr:DeleteAirEcsInstance", "hbr:DeleteBackupClient", "hbr:DeleteBackupClientResource", "hbr:DeleteBackupEssentialEdition", "hbr:DeleteBackupPlan", "hbr:DeleteBackupSourceGroup", "hbr:DeleteClients", "hbr:DeleteCluster", "hbr:DeleteContact", "hbr:DeleteContactGroup", "hbr:DeleteContainerCluster", "hbr:DeleteCrossAccount", "hbr:DeleteEcsAirBackup", "hbr:DeleteHanaMetadata", "hbr:DeleteJob", "hbr:DeletePolicy", "hbr:DeletePolicyBinding", "hbr:DeletePolicyV2", "hbr:DeleteServer", "hbr:DeleteSnapshot", "hbr:DeleteSqlServerBackupJob", "hbr:DeleteSqlServerInstance", "hbr:DeleteSqlServerLog", "hbr:DeleteSqlServerSnapshot", "hbr:DeleteUdmDisk", "hbr:DeleteUdmEcsInstance", "hbr:DeleteUniBackupClient", "hbr:DeleteUniBackupPlan", "hbr:DeleteUniBackupVault", "hbr:DeleteUniRestorePlan", "hbr:DeleteVcenter", "hbr:DeleteVmBackupPlanExecution", "hbr:DeleteVmMigrationPlan", "hbr:DescribeAirEcsInstancesInfo", "hbr:DescribeAirInstances", "hbr:DescribeAirSnapshots", "hbr:DescribeAlertConfig", "hbr:DescribeBackupClients", "hbr:DescribeBackupJobStatistics", "hbr:DescribeBackupJobs", "hbr:DescribeBackupJobs2", "hbr:DescribeBackupPlans", "hbr:DescribeBackupSourceGroups", "hbr:DescribeBackupSources", "hbr:DescribeClientAlertConfig", "hbr:DescribeClientVersion", "hbr:DescribeClusters", "hbr:DescribeContainerCluster", "hbr:DescribeContainerResource", "hbr:DescribeCrossAccounts", "hbr:DescribeDataSourceProtectionDetails", "hbr:DescribeDataSourceProtectionStatistics", "hbr:DescribeDataSources", "hbr:DescribeDisks", "hbr:DescribeEcsInstances", "hbr:DescribeFeatureTrialInfo", "hbr:DescribeFeatureUser", "hbr:DescribeFileDetections", "hbr:DescribeGatewayWaterLevel", "hbr:DescribeHanaBackupSetting", "hbr:DescribeHanaBackups", "hbr:DescribeHanaMetadata", "hbr:DescribeHanaRetentionSetting", "hbr:DescribeIndexClusters", "hbr:DescribeInstances", "hbr:DescribeInstancesInVault", "hbr:DescribeInstancesInfo", "hbr:DescribeJobs", "hbr:DescribeKmsKeys", "hbr:DescribeNasFileSystems", "hbr:DescribeOtsInstances", "hbr:DescribeOtsTableSnapshots", "hbr:DescribeOverview", "hbr:DescribeParameterSchemas", "hbr:DescribeParameters", "hbr:DescribePlans", "hbr:DescribePolicies", "hbr:DescribePoliciesV2", "hbr:DescribePolicyBindingAlertConfig", "hbr:DescribePolicyBindings", "hbr:DescribeProtectedEcsInstances", "hbr:DescribeRecoverableOtsInstances", "hbr:DescribeRestoreJobs", "hbr:DescribeRestoreJobs2", "hbr:DescribeRestores", "hbr:DescribeSecurityGroups", "hbr:DescribeServers", "hbr:DescribeSnapshotExistenceByTimeRange", "hbr:DescribeSnapshots", "hbr:DescribeSqlServerDatabases", "hbr:DescribeSqlServerInstances", "hbr:DescribeSqlServerLogs", "hbr:DescribeSqlServerRestores", "hbr:DescribeSqlServerSnapshots", "hbr:DescribeStreamFileSyncTasks", "hbr:DescribeSubTask", "hbr:DescribeUdmDisks", "hbr:DescribeUdmEcsInstances", "hbr:DescribeUdmSnapshotLinks", "hbr:DescribeUdmSnapshots", "hbr:DescribeUniBackupClients", "hbr:DescribeUniBackupCluster", "hbr:DescribeUniBackupInstanceDetail", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeUniBackupTrialInfo", "hbr:DescribeUniBackupTrialUser", "hbr:DescribeUniBackupVault", "hbr:DescribeUniHistories", "hbr:DescribeUniRestoreInfo", "hbr:DescribeUniRestorePlans", "hbr:DescribeUserBusinessStatus", "hbr:DescribeVSwitches", "hbr:DescribeVcenters", "hbr:DescribeVmBackupPlanExecution", "hbr:DescribeVmBackupPlanExecutions", "hbr:DescribeVmBackupPlans", "hbr:DescribeVmClientFlowControlPolicy", "hbr:DescribeVmIncrementalMigrationJob", "hbr:DescribeVmIncrementalMigrations", "hbr:DescribeVmMigrationPlans", "hbr:DescribeVmMigrations", "hbr:DescribeVpcs", "hbr:DetachNasFileSystem", "hbr:DisableAirBackupPlan", "hbr:DisableBackupPlan", "hbr:DisableEcsAirBackup", "hbr:DisableJob", "hbr:DisableVmBackupPlan", "hbr:DiscoverDatabase", "hbr:EnableAirBackupPlan", "hbr:EnableBackupPlan", "hbr:EnableEcsAirBackup", "hbr:EnableJob", "hbr:EnableVmBackupPlan", "hbr:ExecuteAirBackupPlan", "hbr:ExecuteBackupPlan", "hbr:ExecuteHanaBackup", "hbr:ExecuteJob", "hbr:ExecutePlan", "hbr:ExecutePolicyV2", "hbr:ExploreVcenter", "hbr:GenerateClientToken", "hbr:GenerateStsCredential", "hbr:GetAirStatistics", "hbr:GetBasicStatistics", "hbr:GetBucket", "hbr:GetClientDownloadLink", "hbr:GetClientsToRestore", "hbr:GetDirectorySize", "hbr:GetDiscoveredDatabase", "hbr:GetFileDetectionStatistics", "hbr:GetGlobalStatistics", "hbr:GetMetrics", "hbr:GetNasToRestore", "hbr:GetOssBucketsToRestore", "hbr:GetProtectedResource", "hbr:GetReactivateUserToken", "hbr:GetRunningAgents", "hbr:GetSnapshotErrorFileDownloadLink", "hbr:GetSnapshotRiskFileDownloadLink", "hbr:GetSqlServerDatabasesToRestore", "hbr:GetSqlServersToRestore", "hbr:GetSyncActualSize", "hbr:GetSystemSettings", "hbr:GetTempFileDownloadLink", "hbr:GetTrialInfo", "hbr:GetUniBackupInstallerToken", "hbr:GetUserToken", "hbr:GetValidParameter", "hbr:GetVaultBuckets", "hbr:GetVaultList", "hbr:GetVaultTransition", "hbr:GetVaults", "hbr:InitClusterForCpfs", "hbr:InstallBackupClients", "hbr:InstallLocalBackupClients", "hbr:InstallUniBackupAgent", "hbr:KeepAfterTrialExpiration", "hbr:ListBucketInventory", "hbr:ListGrayReleaseObjectTypes", "hbr:ListOssBuckets", "hbr:ListOtsInstances", "hbr:ListOtsTables", "hbr:ListPolicyTagDataSources", "hbr:ListProtectedResources", "hbr:ListReportFiles", "hbr:ListTagKeys", "hbr:ListTagResources", "hbr:ListTagValues", "hbr:ListVaultTransitions", "hbr:LocalRestoreVms", "hbr:OfflineAgent", "hbr:OpenHbrService", "hbr:OpsDescribeClientConnectionStatistics", "hbr:OpsDescribeClientConnections", "hbr:OpsDescribeMessageStatistics", "hbr:OpsDescribeMessages", "hbr:OpsDescribePolicies", "hbr:OpsDescribePolicyBindings", "hbr:OpsExecutePlans", "hbr:PreCheckDatabase", "hbr:PreCheckSourceGroup", "hbr:PrecheckSqlServerInstance", "hbr:QueryAvailableInstances", "hbr:RecordSubTaskLaunch", "hbr:RemoveDataSource", "hbr:RemoveParameter", "hbr:RemoveVmBackupPlan", "hbr:RenewClientToken", "hbr:ReportFileDetectionRiskFiles", "hbr:ReportStatistics", "hbr:ResumeVmMigration", "hbr:RunVmBackupPlan", "hbr:SearchBackupFiles", "hbr:SearchHistoricalSnapshots", "hbr:SearchObject", "hbr:SendEmailVerifyCode", "hbr:SendMessage", "hbr:SendMobileVerifyCode", "hbr:SendSlaRecord", "hbr:SetNasLimiterForFileSystem", "hbr:SetSystemSetting", "hbr:StartHanaDatabaseAsync", "hbr:StopHanaDatabaseAsync", "hbr:SubmitStreamFileSyncTask", "hbr:TagResources", "hbr:TestRestoreVmMigration", "hbr:UninstallBackupClients", "hbr:UninstallLocalBackupClients", "hbr:UninstallUniBackupAgent", "hbr:UntagResources", "hbr:UpdateAirAlertConfig", "hbr:UpdateAirInstance", "hbr:UpdateAlertConfig", "hbr:UpdateBackupJob", "hbr:UpdateBackupJobToConfirmed", "hbr:UpdateBackupJobs", "hbr:UpdateBackupPlan", "hbr:UpdateBackupSourceGroup", "hbr:UpdateClientAlertConfig", "hbr:UpdateClientClusterForCpfs", "hbr:UpdateCluster", "hbr:UpdateContact", "hbr:UpdateContactGroup", "hbr:UpdateContainerCluster", "hbr:UpdateDataSource", "hbr:UpdateFeatureUserTrialInfo", "hbr:UpdateHanaBackupSetting", "hbr:UpdateHanaRestore", "hbr:UpdateHanaRetentionSetting", "hbr:UpdateIndexCluster", "hbr:UpdateJob", "hbr:UpdateParameter", "hbr:UpdatePlan", "hbr:UpdatePolicy", "hbr:UpdatePolicyBinding", "hbr:UpdatePolicyBindingAlertConfig", "hbr:UpdatePolicyV2", "hbr:UpdateRestore", "hbr:UpdateRestoreJob", "hbr:UpdateServer", "hbr:UpdateSnapshot", "hbr:UpdateSnapshotInner", "hbr:UpdateSqlServerInstance", "hbr:UpdateSqlServerRestore", "hbr:UpdateSubTask", "hbr:UpdateUniBackupInstance", "hbr:UpdateUniBackupPlan", "hbr:UpdateUniBackupTrialUser", "hbr:UpdateUniBackupVault", "hbr:UpdateVcenter", "hbr:UpdateVmBackupPlan", "hbr:UpdateVmBackupPlanExecution", "hbr:UpdateVmClientFlowControlPolicy", "hbr:UpdateVmIncrementalMigration", "hbr:UpdateVmMigration", "hbr:UpgradeBackupClients" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。