首次使用独享资源组时,您需要先授权DataWorks访问其他阿里云产品的相关权限。授权完成后,系统将自动创建名为AliyunServiceRoleForDataWorks的服务关联角色。该角色用于DataWorks访问您在其他阿里云产品中的资源。本文为您介绍如何查看该角色详情。
背景信息
更多服务关联角色的介绍,详情请参见服务关联角色。
AliyunServiceRoleForDataWorks介绍
角色名称:AliyunServiceRoleForDataWorks
角色用途:用于DataWorks(DataWorks)的服务关联角色,DataWorks使用此角色来访问您在其他云产品(如云服务器ECS、专有网络VPC、文件存储NAS、容器镜像服务ACR、云原生大数据计算服务MaxCompute、对象存储OSS)中的资源。
绑定的角色策略:AliyunServiceRolePolicyForDataWorks
权限策略详情:
您可单击RAM控制台中的,查看服务关联角色信息。
单击服务关联角色名称,可在权限管理页签查看关联的系统策略信息。以下是当前策略中涉及的各产品权限内容:
云服务器ECS的访问权限
{ "Version": "1", "Statement": [ { "Action": [ "ecs:AttachNetworkInterface", "ecs:AuthorizeSecurityGroup", "ecs:AuthorizeSecurityGroupEgress", "ecs:CreateNetworkInterface", "ecs:CreateNetworkInterfacePermission", "ecs:CreateSecurityGroup", "ecs:DeleteNetworkInterface", "ecs:DeleteNetworkInterfacePermission", "ecs:DeleteSecurityGroup", "ecs:DescribeNetworkInterfacePermissions", "ecs:DescribeNetworkInterfaces", "ecs:DescribeSecurityGroupAttribute", "ecs:DescribeSecurityGroupReferences", "ecs:DescribeSecurityGroups", "ecs:DetachNetworkInterface", "ecs:JoinSecurityGroup", "ecs:LeaveSecurityGroup", "ecs:ModifyNetworkInterfaceAttribute", "ecs:ModifySecurityGroupAttribute", "ecs:ModifySecurityGroupPolicy", "ecs:ModifySecurityGroupRule", "ecs:RevokeSecurityGroup", "ecs:RevokeSecurityGroupEgress", "ecs:AssignIpv6Addresses", "ecs:UnassignIpv6Addresses" ], "Resource": "*", "Effect": "Allow" } ] }专有网络VPC访问权限
{ "Version": "1", "Statement": [ { "Action": [ "vpc:DescribeVpcs", "vpc:DescribeVpcAttribute", "vpc:DescribeVSwitches", "vpc:DescribeVSwitchAttributes", "vpc:CreateVpc", "vpc:CreateVSwitch" ], "Resource": "*", "Effect": "Allow" } ] }文件存储NAS访问权限
{ "Version": "1", "Statement": [ { "Action": [ "nas:DescribeFileSystems", "nas:DescribeMountTargets", "nas:CreateMountTarget", "nas:ModifyMountTarget", "nas:DescribeProtocolMountTarget" ], "Effect": "Allow", "Resource": "*" } ] }容器镜像服务ACR访问权限
{ "Version": "1", "Statement": [ { "Action": [ "cr:ListNamespace", "cr:ListRepository", "cr:GetAuthorizationToken", "cr:ListInstanceEndpoint", "cr:PullRepository", "cr:PushRepository", "cr:GetInstance", "cr:GetInstanceVpcEndpoint", "cr:ListInstance", "cr:ListInstanceDomain", "cr:GetRepository", "cr:GetRepositoryLayers", "cr:ListRepositoryTag", "cr:GetNamespace", "cr:GetRepoTag", "cr:CreateInstanceVpcEndpointLinkedVpc", "cr:GetInstanceEndpoint" ], "Resource": "*", "Effect": "Allow" } ] }云原生大数据计算服务MaxCompute访问权限
{ "Version": "1", "Statement": [ { "Action": [ "odps:GetImage", "odps:AddImage", "odps:RemoveImage" ], "Resource": "*", "Effect": "Allow" } ] }对象存储OSS访问权限
{ "Version": "1", "Statement": [ { "Action": [ "oss:GetObject", "oss:PutObject", "oss:DeleteObject", "oss:ListParts", "oss:AbortMultipartUpload", "oss:ListObjects", "oss:ListBuckets", "oss:PutBucketCors", "oss:GetBucketCors", "oss:DeleteBucketCors", "oss:GetBucketInfo", "oss:ListBuckets" ], "Resource": "*", "Effect": "Allow" } ] }DataWorks资源控制权限
{ "Version": "1", "Statement": [ { "Action": [ "dataworks:ListTagResources", "dataworks:TagResources", "dataworks:UntagResources", "dataworks:ChangeResourceManagerResourceGroup" ], "Resource": "*", "Effect": "Allow" } ] }
该文章对您有帮助吗?