文档

DMS服务关联角色

更新时间:

本文介绍数据管理DMS数据灾备(DBS)服务关联角色(AliyunServiceRoleForDMS、AliyunServiceRoleForDBS)的应用场景以及如何删除服务关联角色。

背景信息

服务关联角色是一种RAM角色(RAM role)。在某些场景下,该角色可以帮助数据管理DMS数据灾备(DBS)获取到其他云服务的访问权限,来实现自身的某个功能。更多关于服务关联角色的信息,请参见服务关联角色

应用场景

数据管理DMS

DMS部分功能需要访问ECS、VPC、RDS以及各类型数据库或工具相关的资源时,您可以通过DMS服务关联角色获取访问资源的权限。

数据灾备(DBS)

DBS服务关联角色(AliyunServiceRoleForDBS)是具备其他云服务访问权限的RAM角色,DBS接入您在阿里云购买的云数据库(如RDS、MongoDB、 Redis、PolarDB)或阿里云ECS上自建的数据库时,需通过AliyunServiceRoleForDBS获取访问权限。更多信息,请参见服务关联角色

角色介绍

AliyunServiceRoleForDMS

角色名称:AliyunServiceRoleForDMS

策略名称:AliyunServiceRolePolicyForDMS

权限说明:创建该关联角色后,DMS即可访问ECS、VPC、RDS以及各类型数据库或工具相关的资源。

权限的作用

  • 查询RDS、PolarDB、Lindorm等各类型数据库的资源详情,以便管理云数据库。

  • 查询ECS、VPC的资源详情,以便管理ECS、公网自建数据库。

  • 使用DTS、DBS等云生态工具,进行一站式的数据管理。

策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:DescribeInstances",
        "ecs:JoinSecurityGroup",
        "ecs:LeaveSecurityGroup",
        "ecs:DescribeImages",
        "ecs:CreateSecurityGroup",
        "ecs:AuthorizeSecurityGroup",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSecurityGroups",
        "ecs:RevokeSecurityGroup",
        "ecs:DescribeRegions",
        "ecs:DescribeInstances",
        "ecs:DescribeInstanceAttribute",
        "ecs:CreateCommand",
        "ecs:DeleteCommand",
        "ecs:DescribeInvocationResults"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:InvokeCommand",
        "ecs:StopInvocation"
      ],
      "Resource": "acs:ecs:*:*:instance/*",
      "Condition": {
        "StringEquals": {
          "acs:ResourceTag/dms": "script-for-dms"
        }
      },
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:InvokeCommand",
        "ecs:StopInvocation"
      ],
      "Resource": "acs:ecs:*:*:command/*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "rds:DescribeDBInstanceHAConfig",
        "rds:DescribeBinlogFiles",
        "rds:DescribeDBInstancePerformance",
        "rds:DescribeDBInstanceAttribute",
        "rds:DescribeSlowLogs",
        "rds:DescribeSlowLogRecords",
        "rds:DescribeSQLCollectorPolicy",
        "rds:ModifySQLCollectorPolicy",
        "rds:DescribeSQLLogRecords",
        "rds:DescribeSQLLogFiles",
        "rds:DescribeResourceUsage",
        "rds:DescribeRegions",
        "rds:DescribeDBInstances",
        "rds:DescribeDBInstanceAttribute",
        "rds:ModifyBackupPolicy",
        "rds:DescribeSecurityGroupConfiguration",
        "rds:DescribeDBInstanceEncryptionKey",
        "rds:DescribeDBInstanceTDE",
        "rds:DescribeDBInstanceSSL",
        "rds:DescribeCrossRegionBackupDBInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dds:DescribeSecurityIps",
        "dds:ModifySecurityIps"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kvstore:DescribeSecurityIps",
        "kvstore:ModifySecurityIps",
        "kvstore:DescribeRegions",
        "kvstore:DescribeInstances",
        "kvstore:DescribeInstanceAttribute"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "drds:DescribeDrdsInstances",
        "drds:QueryInstanceInfoByConn",
        "drds:DescribeDrdsInstanceList",
        "drds:DescribeDrdsDBIpWhiteList",
        "drds:ModifyDrdsIpWhiteList",
        "drds:DescribeDrdsInstanceVersion"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardb:DescribeRegions",
        "polardb:DescribeDBClusters",
        "polardb:DescribeDBClusterAttribute",
        "polardb:DescribeDBClusterEndpoints"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
      "polardbx:DescribeDBInstances",
      "polardbx:DescribeSecurityIps",
      "polardbx:ModifySecurityIps",
      "polardbx:DescribeDBInstanceAttribute",
      "polardbx:DescribeBinaryLogList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "petadata:DescribeInstances",
      "petadata:DescribeInstanceInfoByConnection",
      "petadata:DescribeSecurityIPs",
      "petadata:ModifySecurityIPs"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "hdm:AccessHDMInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "dts:CreateMigrationJob",
      "dts:ConfigureMigrationJob",
      "dts:StartMigrationJob",
      "dts:StopMigrationJob",
      "dts:DescribeMigrationJobStatus",
      "dts:DescribeMigrationJobDetail",
      "dts:CreateSynchronizationJob",
      "dts:ConfigureSynchronizationJob",
      "dts:StartSynchronizationJob",
      "dts:SuspendSynchronizationJob",
      "dts:DescribeSynchronizationJobStatus",
      "dts:ShieldPrecheck",
      "dts:CreateDtsInstance",
      "dts:ConfigureDtsJob",
      "dts:StartDtsJob",
      "dts:ModifyDtsJob",
      "dts:StopDtsJob",
      "dts:DescribeDtsJobDetail",
      "dts:DescribeDtsJobs",
      "dts:ConfigureEtlJob",
      "dts:SaveEtlJob",
      "dts:SuspendDtsJob",
      "dts:DeleteDtsJob",
      "dts:ModifyDtsJobName",
      "dts:SkipPreCheck",
      "dts:DescribeDtsEtlJobVersionInfo",
      "dts:DescribeEtlJobLogs",
      "dts:PreviewSql",
      "dts:DescribePreCheckStatus",
      "dts:DescribeDtsJobLogs",
      "dts:DescribeJobMonitorRule",
      "dts:CreateJobMonitorRule",
      "dts:DescribeConfigRelations",
      "dts:DescribeFormInfo",
      "dts:DescribeDmsInstanceDetail",
      "dts:DescribeSchemaList",
      "dts:DescribeColumns",
      "dts:DescribeStruct",
      "dts:DescribeDtsInstancePrice",
      "dts:DescribeRegions",
      "dts:DescribeInstanceInventory",
      "dts:CreateCheckJob",
      "dts:DescribeCheckJobDiffDetails",
      "dts:EtlMockData",
      "dts:EtlMockResult",
      "dts:DescribeCheckJobStatus",
      "dts:Ping"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "apigateway:CreateApiGroup",
      "apigateway:ModifyApiGroup",
      "apigateway:DeleteApiGroup",
      "apigateway:DescribeApiGroups",
      "apigateway:CreateApi",
      "apigateway:ModifyApi",
      "apigateway:DeployApi",
      "apigateway:AbolishApi",
      "apigateway:DeleteApi",
      "apigateway:DescribeApi",
      "apigateway:DescribeApis",
      "apigateway:CreateApp",
      "apigateway:ModifyApp",
      "apigateway:DeleteApp",
      "apigateway:DescribeAppSecurity",
      "apigateway:ResetAppCode",
      "apigateway:ResetAppSecret",
      "apigateway:DescribeAppAttributes",
      "apigateway:SetApisAuthorities",
      "apigateway:DescribeAuthorizedApps"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "dg:GetUserGateways",
      "dg:GetUserDatabases"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "openanalytics:QueryBucketList",
      "openanalytics:QueryDirectoryList",
      "openanalytics:ListVirtualClusters",
      "openanalytics:SubmitSparkJob",
      "openanalytics:KillSparkJob",
      "openanalytics:GetJobLog",
      "openanalytics:GetJobDetail",
      "openanalytics:GetJobStatus",
      "openanalytics:ExecuteService",
      "openanalytics:QueryService",
      "openanalytics:ExecuteOnVirtualCluster"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "dbs:DescribeBackupPlanList",
      "dbs:DescribeFullBackupList",
      "dbs:CreateBackupPlan",
      "dbs:ConfigureBackupPlan",
      "dbs:ModifyBackupObjects",
      "dbs:StartBackupPlan",
      "dbs:ModifyBackupSourceEndpoint",
      "dbs:StartTask",
      "dbs:StopBackupPlan",
      "dbs:CreateRestoreTask",
      "dbs:StartRestoreTask",
      "dbs:DescribeRestoreTaskList",
      "dbs:DescribeRestoreRangeInfo",
      "dbs:CreateDLAService",
      "dbs:DescribeDLAService",
      "dbs:CloseDLAService",
      "dbs:CreateAndStartBackupPlan",
      "dbs:DescribeFullBackupSet",
      "dbs:DescribeDataSourceQueryableAttribute",
      "dbs:DescribeDataSourceQueryableAttributeDetail",
      "dbs:GetTimeTravelInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "oceanbase:DescribeAllTenantsConnectionInfo",
      "oceanbase:DescribeInstances"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
      "StringEquals": {
      "ram:ServiceName": "dms.aliyuncs.com"
    }
    }
    },
      {
      "Action": [
      "hbase:DescribeInstances",
      "hbase:DescribeInstance",
      "hbase:DescribeEndpoints",
      "hbase:DescribeIpWhitelist",
      "hbase:ModifyIpWhitelist"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "cassandra:DescribeClusters",
      "cassandra:DescribeCluster",
      "cassandra:DescribeDataCenters",
      "cassandra:DescribeIpWhitelistGroups",
      "cassandra:ModifyIpWhitelistGroup"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "lindorm:GetLindormInstanceList",
      "lindorm:GetLindormInstance",
      "lindorm:GetLindormInstanceEngineList",
      "lindorm:GetLindormInstanceListForDMS",
      "lindorm:GetLindormInstanceForDMS",
      "lindorm:GetLindormInstanceForDMSByConnStr",
      "lindorm:GetInstanceIpWhiteList",
      "lindorm:UpdateInstanceIpWhiteList",
      "lindorm:CreateComputeEngineJob",
      "lindorm:GetComputeEngineJobDetail",
      "lindorm:GetComputeEngineJobLog",
      "lindorm:ReleaseLindormComputeJob"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "adb:CreateDBCluster",
      "adb:CreateAccount",
      "adb:DescribeDBClusters",
      "adb:DescribeDBClusterNetInfo",
      "adb:SubmitSparkApp",
      "adb:KillSparkApp",
      "adb:ListSparkApps",
      "adb:GetSparkAppLog",
      "adb:GetSparkAppInfo",
      "adb:GetSparkAppState",
      "adb:GetSparkAppAttemptLog",
      "adb:GetSparkAppWebUiAddress",
      "adb:ListSparkAppAttempts",
      "adb:DescribeDBResourceGroup"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "gpdb:DescribeDBInstances",
      "gpdb:ResumeInstance",
      "gpdb:PauseInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
      {
      "Action": [
      "vpc:DescribeVpcs",
      "vpc:DescribeVSwitches"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
      ]
    }

AliyunServiceRoleForDBS

角色名称:AliyunServiceRoleForDBS

策略名称:AliyunServiceRolePolicyForDBS

权限说明:创建该关联角色后,数据灾备(DBS)即可接入您在阿里云购买的云数据库(如RDS、MongoDB、 Redis、PolarDB)或阿里云ECS上自建的数据库。

策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "rds:DescribeDBInstanceNetInfo",
        "rds:DescribeDBInstanceNetInfoForChannel",
        "rds:DescribeTasks",
        "rds:DescribeDBInstances",
        "rds:DescribeFilesForSQLServer",
        "rds:DescribeImportsForSQLServer",
        "rds:DescribeSlowLogRecords",
        "rds:DescribeBinlogFiles",
        "rds:DescribeSQLLogRecords",
        "rds:DescribeParameters",
        "rds:DescribeParameterTemplates",
        "rds:DescribeDBInstanceAttribute",
        "rds:DescribeDatabases",
        "rds:DescribeAccounts",
        "rds:DescribeSecurityIPList",
        "rds:DescribeSecurityIps",
        "rds:DescribeDBInstanceIPArray",
        "rds:DescribeDBInstanceIPArrayList",
        "rds:DescribeDBInstanceSSL",
        "rds:DescribeDBInstanceTDE",
        "rds:CreateDBInstance",
        "rds:CreateAccount",
        "rds:CreateDatabase",
        "rds:ModifySecurityIps",
        "rds:GrantAccountPrivilege",
        "rds:CreateMigrateTask",
        "rds:CreateOnlineDatabaseTask",
        "rds:DescribeMigrateTasks",
        "rds:DescribeOssDownloads",
        "rds:CreateBackup",
        "rds:DescribeBackups",
        "rds:DescribeBackupPolicy",
        "rds:ModifyBackupPolicy",
        "rds:DescribeBackupTasks",
        "rds:DescribeBinlogFiles",
        "rds:DescribeResourceUsage",
        "rds:DescribeAvailableZones",
        "rds:DescribeAvailableClasses",
        "rds:ListClasses",
        "rds:CreateDdrInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:DescribeInstance",
        "ecs:DescribeInstances",
        "ecs:DescribeVpcs",
        "ecs:DescribeSecurityGroups",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:AuthorizeSecurityGroup",
        "ecs:JoinSecurityGroup",
        "ecs:RevokeSecurityGroup",
        "ecs:DescribeSnapshotLinks",
        "ecs:DescribeSnapshots",
        "ecs:ModifySnapshotAttribute",
        "ecs:ResizeDisk",
        "ecs:CreateSecurityGroup",
        "ecs:ModifySecurityGroupPolicy"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kms:ListKeys"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "cms:PutEventRule",
        "cms:PutEventTargets",
        "cms:ListEventRules",
        "cms:ListEventTargetsByRule",
        "cms:DeleteEventRule",
        "cms:DeleteEventTargets"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardb:DescribeDBClusterAttribute",
        "polardb:DescribeDBClusterIPArrayList",
        "polardb:DescribeDBClusterNetInfo",
        "polardb:DescribeDBClusters",
        "polardb:ModifySecurityIps",
        "polardb:DescribeDBClusterEndpoints",
        "polardb:DescribeDBClusterAccessWhitelist",
        "polardb:ModifyDBClusterAccessWhitelist"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dds:DescribeDBInstanceAttribute",
        "dds:DescribeReplicaSetRole",
        "dds:DescribeShardingNetworkAddress",
        "dds:DescribeSecurityIps",
        "dds:DescribeDBInstances",
        "dds:ModifySecurityIps"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kvstore:DescribeSecurityIps",
        "kvstore:DescribeInstances",
        "kvstore:DescribeAccounts",
        "kvstore:DescribeDBInstanceNetInfo",
        "kvstore:CreateAccount",
        "kvstore:ModifySecurityIps",
        "kvstore:DescribeInstanceAttribute",
        "kvstore:AllocateInstancePrivateConnection",
        "kvstore:DescribeLogicInstanceTopology"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "drds:DescribeDrdsDB",
        "drds:DescribeDrdsDBs",
        "drds:DescribeDrdsDbInstance",
        "drds:DescribeDrdsDbInstances",
        "drds:DescribeDrdsDBIpWhiteList",
        "drds:DescribeDrdsInstances",
        "drds:ModifyDrdsIpWhiteList",
        "drds:CreateDrdsDB",
        "drds:DescribeTable",
        "drds:DescribeTables",
        "drds:ModifyRdsReadWeight",
        "drds:ChangeAccountPassword",
        "drds:CreateDrdsInstance",
        "drds:CreateInstanceInternetAddress",
        "drds:DescribeInstanceAccounts",
        "drds:DescribeBackupSets",
        "drds:DescribeDbInstances",
        "drds:DescribeDrdsCrossRegionBackups",
        "drds:DescribeCrossBackupMetadata",
        "drds:RegisterCrossRegionBackupSet",
        "drds:DeleteCrossRegionBackupSet",
        "drds:DescribeDrdsRdsInstances",
        "drds:CreateDrdsCrossInstance",
        "drds:DescribeDrdsInstanceLevelTasks"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "privatelink:CreateVpcEndpoint",
        "privatelink:ListVpcEndpoints",
        "privatelink:AddZoneToVpcEndpoint",
        "privatelink:ListVpcEndpointZones",
        "privatelink:RemoveZoneFromVpcEndpoint",
        "privatelink:GetVpcEndpointAttribute",
        "privatelink:DeleteVpcEndpoint"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "bssapi:QueryResourcePackageInstances"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "hdm:AddHDMInstance",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "dbs.aliyuncs.com"
        }
      }
    },
    {
      "Action": "ram:CreateServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "privatelink.aliyuncs.com"
        }
      }
    },
    {
      "Action": [
        "dg:GetUserGateways",
        "dg:GetUserDatabases",
        "dg:AddDatabase",
        "dg:DescribeRegions"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

创建服务关联角色所需的权限

数据管理DMS

您需要拥有指定的权限,才能创建DMS服务关联角色。

若您的RAM用户权限不足,则需要添加如下权限后再执行为RAM用户授权操作。添加权限和授权的具体操作,请参见创建自定义权限策略为RAM用户授权

权限策略示例:允许为DMS创建服务关联角色。

{
  "Action":"ram:CreateServiceLinkedRole",
  "Resource":"*",
  "Effect":"Allow",
  "Condition":{
    "StringEquals":{
    "ram:ServiceName": "dms.aliyuncs.com"
    }
  }
}

数据灾备(DBS)

您需要拥有指定的权限,才能创建数据灾备(DBS)服务关联角色。

若您的RAM用户权限不足,则需要添加如下权限后再执行为RAM用户授权操作。添加权限和授权的具体操作,请参见创建自定义权限策略为RAM用户授权

权限策略示例:允许为数据灾备(DBS)创建服务关联角色。

{
  "Action":"ram:CreateServiceLinkedRole",
  "Resource":"*",
  "Effect":"Allow",
  "Condition":{
    "StringEquals":{
    "ram:ServiceName": "dms.aliyuncs.com"
    }
  }
}

创建服务关联角色

数据管理DMS

若您的RAM用户已添加DMS创建服务关联角色权限,则需要登录DMS控制台,并且在弹出的DMS服务关联角色对话框中,单击确认,系统将自动为您创建DMS服务关联角色。更多创建服务关联角色信息,请参见创建服务关联角色

数据灾备(DBS)

当您初次使用数据灾备(DBS)时,系统会自动创建该服务关联角色。在使用数据灾备(DBS)之前,您需要将服务关联角色(AliyunServiceRoleForDBS)授权给数据灾备(DBS),以确保数据灾备(DBS)具备访问您的数据库的权限。

更多详情,请参见通过控制台授权数据灾备(DBS)服务关联角色通过API授权数据灾备(DBS)服务关联角色

查看服务关联角色

数据管理DMS

数据管理DMS服务关联角色(AliyunServiceRoleForDMS)创建成功后,您可以在RAM控制台查看该角色。包括角色基本信息、角色的信任策略和角色的权限策略(AliyunServiceRolePolicyForDMS)。

  1. 登录RAM控制台

  2. 在左侧导航栏,选择身份管理 > 角色

  3. 角色页面,搜索并单击AliyunServiceRoleForDMS

  4. 查看角色的基本信息。

    在角色详情页面的基本信息区域,查看RAM角色名称、创建时间和ARN等信息。

  5. 查看角色的信任策略。

    在角色详情页面,单击信任策略页签,通过Service字段查看可以使用该角色的云服务。例如:"Service": ["dms.aliyuncs.com"]

  6. 查看角色的权限策略(AliyunServiceRolePolicyForDMS)。

    1. 在角色详情页面,单击权限管理页签。

    2. 单击权限策略名称AliyunServiceRolePolicyForDMS

    3. 策略内容页签中,查看权限策略具体内容。

    说明

    不支持在RAM的权限策略列表中直接查看服务关联角色的权限策略。

数据灾备(DBS)

数据灾备(DBS)服务关联角色(AliyunServiceRoleForDBS)创建成功后,您可以在RAM控制台查看该角色。包括角色基本信息、角色的信任策略和角色的权限策略(AliyunServiceRolePolicyForDBS)。

  1. 登录RAM控制台

  2. 在左侧导航栏,选择身份管理 > 角色

  3. 角色页面,搜索并单击AliyunServiceRoleForDBS

  4. 查看角色的基本信息。

    在角色详情页面的基本信息区域,查看RAM角色名称、创建时间和ARN等信息。

  5. 查看角色的信任策略。

    在角色详情页面,单击信任策略页签,通过Service字段查看可以使用该角色的云服务。例如:"Service": ["dbs.aliyuncs.com"]

  6. 查看角色的权限策略(AliyunServiceRolePolicyForDBS)。

    1. 在角色详情页面,单击权限管理页签。

    2. 单击权限策略名称AliyunServiceRolePolicyForDBS

    3. 策略内容页签中,查看权限策略具体内容。

    说明

    不支持在RAM的权限策略列表中直接查看服务关联角色的权限策略。

删除服务关联角色

数据管理DMS

若您需要删除服务关联角色(AliyunServiceRoleForDMS),需要在DMS控制台上移除实例列表中的所有实例,移除后再尝试删除该服务关联角色。移除实例和服务关联角色的具体操作,请参见删除实例删除服务关联角色

数据灾备(DBS)

您可以在RAM控制台手动删除服务关联角色(AliyunServiceRoleForDBS)。具体操作,请参见删除RAM角色