当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了实时计算Flink版对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内实时计算Flink版资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
实时计算Flink版支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
实时计算Flink版 |
flinkasi |
vvpinstance : 工作空间 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
实时计算Flink版中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
stream:ActOnBehalfOfAnotherUser |
- |
|
stream:ApplyScheduledPlan |
执行定时计划。 |
|
stream:CancelSqlPreview |
- |
|
stream:CheckNamespaceName |
- |
|
stream:CheckOssBucket |
- |
|
stream:CheckUserVSwitch |
- |
|
stream:CheckUserVpc |
- |
|
stream:CreateDeployment |
创建一个已部署作业。 |
|
stream:CreateDeploymentDraft |
创建SQL作业的作业草稿。 |
|
stream:CreateDeploymentDraftV1 |
- |
|
stream:CreateDeploymentTarget |
创建部署目标。 |
|
stream:CreateDeploymentTargetV2 |
创建部署目标。 |
|
stream:CreateDeploymentV1 |
- |
|
stream:CreateFolder |
创建文件夹。 |
|
stream:CreateFolderV1 |
- |
|
stream:CreateInstance |
- |
|
stream:CreateLxCommodity |
- |
|
stream:CreateMember |
将一个用户添加到对应项目空间下并授予对应权限。 |
|
stream:CreateSavepoint |
创建快照。 |
|
stream:CreateScheduledPlan |
创建定时计划。 |
|
stream:CreateSessionCluster |
创建Session集群。 |
|
stream:CreateSqlFile |
- |
|
stream:CreateUdfArtifact |
通过对您上传的Jar/Python包的解析,解析您Jar/Python包中全部的UDF方法并为你创建自定义函数文件。 |
|
stream:CreateVariable |
创建变量。 |
|
stream:DeleteConnectorV1 |
- |
|
stream:DeleteCustomConnector |
删除已经注册的自定义连接器。 |
|
stream:DeleteDeployment |
根据已部署作业ID删除已部署作业。 |
|
stream:DeleteDeploymentByName |
- |
|
stream:DeleteDeploymentDraft |
删除SQL作业草稿,如该草稿存在已经上线或运行中的部署作业,则无法删除。 |
|
stream:DeleteDeploymentDraftV1 |
- |
|
stream:DeleteDeploymentTarget |
删除部署目标。 |
|
stream:DeleteDeploymentV1 |
- |
|
stream:DeleteFolder |
删除空文件夹,如果该文件夹下存在其他文件或文件夹则无法删除。 |
|
stream:DeleteFormatV1 |
- |
|
stream:DeleteJob |
删除一个作业下非运行状态的作业实例信息。 |
|
stream:DeleteMember |
删除指定的用户权限信息。 |
|
stream:DeleteMemberV1 |
- |
|
stream:DeleteSavepoint |
删除快照。 |
|
stream:DeleteScheduledPlan |
删除定时计划。 |
|
stream:DeleteSecretValueV1 |
- |
|
stream:DeleteSessionCluster |
删除Session集群。 |
|
stream:DeleteSqlFile |
- |
|
stream:DeleteUdfArtifact |
删除已经创建的自定义函数资源,删除前需要您先删除该资源下注册的自定义函数。 |
|
stream:DeleteUdfFunction |
删除已注册的自定义函数。 |
|
stream:DeleteVariable |
删除变量。 |
|
stream:DeployDeploymentDraftAsync |
SQL作业草稿部署上线。 |
|
stream:DeployDeploymentDraftV1 |
- |
|
stream:DescribeFlussInstances |
- |
|
stream:DescribeLxCommodity |
- |
|
stream:ExecuteSqlScriptV1 |
- |
|
stream:ExecuteSqlStatement |
您可以通过本API完成元数据相关SQL的运行,仅支持DDL和DML,不支持DQL。 |
|
stream:FetchSqlExecutionResult |
- |
|
stream:FetchSqlPreviewResults |
- |
|
stream:FlinkApiProxy |
您可以使用flink rest api的方式来调用本接口,获取session集群或者运行作业的相关信息。注意本接口仅支持您获取相关信息,无法对session集群和作业进行操作或管理。 |
|
stream:ForcefullyCreateLockV1 |
- |
|
stream:GenerateResourcePlanV1 |
- |
|
stream:GenerateResourcePlanWithFlinkConfAsync |
提交异步生成resource plan工单,返回一个异步工单ID用于查询工单结果。 |
|
stream:GetAppliedScheduledPlan |
获取应用的执行计划。 |
|
stream:GetArtifactMetadataV1 |
- |
|
stream:GetCatalogs |
获取指定或全部catalog详情。 |
|
stream:GetCatalogsSnapshot |
- |
|
stream:GetClusterQuantityByRegion |
- |
|
stream:GetCommodityCode |
- |
|
stream:GetCustomFlinkArtifactsSnapshot |
- |
|
stream:GetDatabases |
获取指定Catalog下DataBase的信息或列出所有DataBase的信息。 |
|
stream:GetDeployDeploymentDraftResult |
根据作业草稿部署异步工单的ID信息,查看部署的结果。 |
|
stream:GetDeployment |
获取已部署作业的详细信息。 |
|
stream:GetDeploymentDefaultsV1 |
- |
|
stream:GetDeploymentDraft |
获取sql作业草稿详情。 |
|
stream:GetDeploymentDraftByIdV1 |
- |
|
stream:GetDeploymentDraftByNameV1 |
- |
|
stream:GetDeploymentDraftLock |
当您调用API编辑作业草稿时,为避免页面操作和API操作互相影响,您需要先获取编辑锁。 |
|
stream:GetDeploymentDraftResourcePlanV1 |
- |
|
stream:GetDeploymentDraftResourcePlanWithBestEffortV1 |
- |
|
stream:GetDeploymentV1 |
- |
|
stream:GetDeploymentsByIp |
本接口支持通过指定IP查询该节点上已部署作业列表以及作业信息。 |
|
stream:GetDeploymentsByLabel |
本接口支持通过指定标签查询关联的已部署作业列表以及作业信息。 |
|
stream:GetDeploymentsByName |
本接口用于通过已部署作业名称搜索并获取指定工作空间和项目空间下匹配的已部署作业实例。 |
|
stream:GetEvents |
获取运行事件。 |
|
stream:GetFolder |
获取文件夹的具体信息。 |
|
stream:GetFolderByIdV1 |
- |
|
stream:GetGenerateResourcePlanResult |
根据异步工单ID获取异步生成细粒度资源结果。 |
|
stream:GetGlobalDeploymentDefaultsV1 |
- |
|
stream:GetHotUpdateJobResult |
对作业进行动态更新时,可通过本API获取作业动态更新的结果。 |
|
stream:GetJob |
获取作业实例的详细信息。 |
|
stream:GetJobDiagnosis |
智能诊断作业,获取异常诊断项信息。 |
|
stream:GetLatestJobStartLog |
获取作业实例最新的启动日志。 |
|
stream:GetLineageInfo |
通过本API可以获取作业和数据的血缘信息。 |
|
stream:GetMember |
查看用户授权详情。 |
|
stream:GetPreSignedUrlForPutObject |
- |
|
stream:GetResourcePlanV1 |
- |
|
stream:GetRootFolderByTypeV1 |
- |
|
stream:GetSavepoint |
获取快照和系统检查点的详细信息。 |
|
stream:GetSessionCluster |
获取Session集群。 |
|
stream:GetSpecifications |
- |
|
stream:GetSqlFile |
- |
|
stream:GetTables |
获取指定catalog的database下某张表的具体详情或者database下所有表的信息。 |
|
stream:GetUdfArtifacts |
获取您上传并创建的包含UDF的Jar或者Python文件的详情信息。 |
|
stream:GetValidateDeploymentDraftResult |
根据ticketId查询作业草稿深度校验的结果 |
|
stream:HandleCatalogChanges |
- |
|
stream:HasStreamDefaultRole |
- |
|
stream:HotUpdateJob |
对正在运行的作业进行参数或资源的动态更新。 |
|
stream:ListArtifactsV1 |
- |
|
stream:ListConnectorsV1 |
- |
|
stream:ListCustomConnectors |
获取已注册的自定义连接器的列表信息。 |
|
stream:ListDeploymentDrafts |
获取SQL作业草稿的列表信息。 |
|
stream:ListDeploymentTargets |
获取作业可部署目标的列表,部署目标是session集群或者perjob集群。 |
|
stream:ListDeploymentTargetsV1 |
- |
|
stream:ListDeployments |
获取所有已部署作业的信息。 |
|
stream:ListDeploymentsV1 |
- |
|
stream:ListEngineVersionMetadata |
获取系统支持的引擎版本列表。 |
|
stream:ListFlinkVersionsV1 |
- |
|
stream:ListFormatsV1 |
- |
|
stream:ListJobs |
获取到某个已部署作业下所有作业实例的信息。 |
|
stream:ListJobsV1 |
- |
|
stream:ListMembers |
查看特定项目下用户UID和授权的对应关系。 |
|
stream:ListNamespacesV1 |
- |
|
stream:ListOssInfo |
- |
|
stream:ListRegionWithClusterQuantity |
- |
|
stream:ListSavepoints |
获取作业快照及最近系统检查点列表。 |
|
stream:ListSavepointsV1 |
- |
|
stream:ListScheduledPlan |
获取定时计划的列表信息。 |
|
stream:ListScheduledPlanExecutedHistory |
获取定时计划执行历史。 |
|
stream:ListSecretValuesV1 |
- |
|
stream:ListSessionClusters |
获取Session集群的列表信息。 |
|
stream:ListSessionClustersV1 |
- |
|
stream:ListTablesV1 |
- |
|
stream:ListTagKeys |
- |
|
stream:ListTagResources |
- |
|
stream:ListTagValues |
- |
|
- |
|
|
stream:ListVariables |
获取变量列表。 |
|
stream:ModifyDns |
- |
|
stream:ModifyInstanceMetadata |
- |
|
stream:ModifyInstanceVswitch |
修改Flink工作空间可使用的虚拟交换机。 |
|
stream:QueryCloneNamespace |
- |
|
stream:QueryCreateLxCommodityPrice |
- |
|
stream:QueryCreateVvpInstancePrice |
获取本账号购买工作空间的价格。 |
|
stream:QueryTagVvpResources |
您可以调用ListTagResources查询资源标签。您可以通过标签的value查询key值,或者通过key值查询value,也可以获取您在flink全托管工作空间上使用的所有标签信息。 |
|
stream:RegisterCustomConnector |
在项目空间下注册自定义连接器,注册的自定义连接器可以在SQL中使用。 |
|
stream:RegisterUdfFunction |
通过本API可以选择已创建的自定义函数文件中解析出的自定义函数,选择其中的部分或全部函数进行注册,注册后可在SQL中使用。 |
|
stream:ReplaceDeploymentV1 |
- |
|
stream:SaveDeploymentDraftResourcePlanV1 |
- |
|
stream:SearchFoldersByKeywordV1 |
- |
|
stream:SearchOrderStatistics |
- |
|
stream:SetDeploymentResourceModeV1 |
- |
|
stream:StartJob |
创建并启动一个作业实例。 |
|
stream:StartJobWithParams |
启动一个作业实例。 |
|
stream:StartOrGetNonTerminalSqlExecution |
- |
|
stream:StartSessionCluster |
启动Session集群。 |
|
stream:StartSqlExecution |
- |
|
stream:StopApplyScheduledPlan |
停止应用定时计划。 |
|
stream:StopJob |
停止一个作业实例。 |
|
stream:StopSessionCluster |
停止Session集群。 |
|
stream:StopSqlExecution |
- |
|
stream:SubmitSqlPreview |
- |
|
stream:TagVvpResources |
您可以调用本API创建资源标签。 |
|
stream:UnTagVvpResources |
您可以调用UntagResources删除资源标签。 |
|
stream:UpdateDeployment |
更新已部署作业的信息。 |
|
stream:UpdateDeploymentByName |
- |
|
stream:UpdateDeploymentDesiredStateV1 |
- |
|
stream:UpdateDeploymentDraft |
更新SQL作业草稿。 |
|
stream:UpdateDeploymentDraftV1 |
- |
|
stream:UpdateDeploymentTarget |
更新部署目标。 |
|
stream:UpdateDeploymentTargetV2 |
更新部署目标。 |
|
stream:UpdateDeploymentV1 |
- |
|
stream:UpdateFolder |
调用本API可完成对文件夹信息的更新。 |
|
stream:UpdateInstanceMonitorType |
- |
|
stream:UpdateMember |
更新特定项目空间下某个或某些用户的权限。 |
|
stream:UpdateMemberV1 |
- |
|
stream:UpdateScheduledPlan |
更新定时计划。 |
|
stream:UpdateSessionCluster |
更新Session集群。 |
|
stream:UpdateSqlFile |
- |
|
stream:UpdateUdfArtifact |
对已创建的自定义函数文件进行更新。 |
|
stream:UpdateVariable |
修改项目级别的变量。 |
|
stream:ValidateDeploymentDraftAsync |
异步进行Flink作业草稿深度检查,进行语法检查、资源配置等合法性检验。 |
|
stream:ValidateSqlScriptV1 |
- |
|
stream:ValidateSqlStatement |
校验sql作业代码。 |
|
stream:WorkflowCallbackQueryNodeStatus |
- |
|
stream:WorkflowCallbackStartNode |
- |
|
stream:WorkflowCallbackStopNode |
- |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "stream:CheckNamespaceName", "stream:CheckOssBucket", "stream:CheckUserVSwitch", "stream:CheckUserVpc", "stream:DescribeFlussInstances", "stream:DescribeLxCommodity", "stream:GetAppliedScheduledPlan", "stream:GetArtifactMetadataV1", "stream:GetCatalogs", "stream:GetCatalogsSnapshot", "stream:GetClusterQuantityByRegion", "stream:GetCommodityCode", "stream:GetCustomFlinkArtifactsSnapshot", "stream:GetDatabases", "stream:GetDeployDeploymentDraftResult", "stream:GetDeployment", "stream:GetDeploymentDefaultsV1", "stream:GetDeploymentDraft", "stream:GetDeploymentDraftByIdV1", "stream:GetDeploymentDraftByNameV1", "stream:GetDeploymentDraftLock", "stream:GetDeploymentDraftResourcePlanV1", "stream:GetDeploymentDraftResourcePlanWithBestEffortV1", "stream:GetDeploymentV1", "stream:GetDeploymentsByIp", "stream:GetDeploymentsByLabel", "stream:GetDeploymentsByName", "stream:GetEvents", "stream:GetFolder", "stream:GetFolderByIdV1", "stream:GetGenerateResourcePlanResult", "stream:GetGlobalDeploymentDefaultsV1", "stream:GetHotUpdateJobResult", "stream:GetJob", "stream:GetJobDiagnosis", "stream:GetLatestJobStartLog", "stream:GetLineageInfo", "stream:GetMember", "stream:GetPreSignedUrlForPutObject", "stream:GetResourcePlanV1", "stream:GetRootFolderByTypeV1", "stream:GetSavepoint", "stream:GetSessionCluster", "stream:GetSpecifications", "stream:GetSqlFile", "stream:GetTables", "stream:GetUdfArtifacts", "stream:GetValidateDeploymentDraftResult", "stream:HasStreamDefaultRole", "stream:ListArtifactsV1", "stream:ListConnectorsV1", "stream:ListCustomConnectors", "stream:ListDeploymentDrafts", "stream:ListDeploymentTargets", "stream:ListDeploymentTargetsV1", "stream:ListDeployments", "stream:ListDeploymentsV1", "stream:ListEngineVersionMetadata", "stream:ListFlinkVersionsV1", "stream:ListFormatsV1", "stream:ListJobs", "stream:ListJobsV1", "stream:ListMembers", "stream:ListNamespacesV1", "stream:ListOssInfo", "stream:ListRegionWithClusterQuantity", "stream:ListSavepoints", "stream:ListSavepointsV1", "stream:ListScheduledPlan", "stream:ListScheduledPlanExecutedHistory", "stream:ListSecretValuesV1", "stream:ListSessionClusters", "stream:ListSessionClustersV1", "stream:ListTablesV1", "stream:ListTagKeys", "stream:ListTagResources", "stream:ListTagValues", "stream:ListUserVswitch", "stream:ListVariables", "stream:QueryCloneNamespace", "stream:QueryCreateLxCommodityPrice", "stream:QueryCreateVvpInstancePrice", "stream:QueryTagVvpResources", "stream:SearchFoldersByKeywordV1", "stream:SearchOrderStatistics" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "stream:ActOnBehalfOfAnotherUser", "stream:ApplyScheduledPlan", "stream:CancelSqlPreview", "stream:CheckNamespaceName", "stream:CheckOssBucket", "stream:CheckUserVSwitch", "stream:CheckUserVpc", "stream:CreateDeployment", "stream:CreateDeploymentDraft", "stream:CreateDeploymentDraftV1", "stream:CreateDeploymentTarget", "stream:CreateDeploymentTargetV2", "stream:CreateDeploymentV1", "stream:CreateFolder", "stream:CreateFolderV1", "stream:CreateInstance", "stream:CreateLxCommodity", "stream:CreateMember", "stream:CreateSavepoint", "stream:CreateScheduledPlan", "stream:CreateSessionCluster", "stream:CreateSqlFile", "stream:CreateUdfArtifact", "stream:CreateVariable", "stream:DeleteConnectorV1", "stream:DeleteCustomConnector", "stream:DeleteDeployment", "stream:DeleteDeploymentByName", "stream:DeleteDeploymentDraft", "stream:DeleteDeploymentDraftV1", "stream:DeleteDeploymentTarget", "stream:DeleteDeploymentV1", "stream:DeleteFolder", "stream:DeleteFormatV1", "stream:DeleteJob", "stream:DeleteMember", "stream:DeleteMemberV1", "stream:DeleteSavepoint", "stream:DeleteScheduledPlan", "stream:DeleteSecretValueV1", "stream:DeleteSessionCluster", "stream:DeleteSqlFile", "stream:DeleteUdfArtifact", "stream:DeleteUdfFunction", "stream:DeleteVariable", "stream:DeployDeploymentDraftAsync", "stream:DeployDeploymentDraftV1", "stream:DescribeFlussInstances", "stream:DescribeLxCommodity", "stream:ExecuteSqlScriptV1", "stream:ExecuteSqlStatement", "stream:FetchSqlExecutionResult", "stream:FetchSqlPreviewResults", "stream:FlinkApiProxy", "stream:ForcefullyCreateLockV1", "stream:GenerateResourcePlanV1", "stream:GenerateResourcePlanWithFlinkConfAsync", "stream:GetAppliedScheduledPlan", "stream:GetArtifactMetadataV1", "stream:GetCatalogs", "stream:GetCatalogsSnapshot", "stream:GetClusterQuantityByRegion", "stream:GetCommodityCode", "stream:GetCustomFlinkArtifactsSnapshot", "stream:GetDatabases", "stream:GetDeployDeploymentDraftResult", "stream:GetDeployment", "stream:GetDeploymentDefaultsV1", "stream:GetDeploymentDraft", "stream:GetDeploymentDraftByIdV1", "stream:GetDeploymentDraftByNameV1", "stream:GetDeploymentDraftLock", "stream:GetDeploymentDraftResourcePlanV1", "stream:GetDeploymentDraftResourcePlanWithBestEffortV1", "stream:GetDeploymentV1", "stream:GetDeploymentsByIp", "stream:GetDeploymentsByLabel", "stream:GetDeploymentsByName", "stream:GetEvents", "stream:GetFolder", "stream:GetFolderByIdV1", "stream:GetGenerateResourcePlanResult", "stream:GetGlobalDeploymentDefaultsV1", "stream:GetHotUpdateJobResult", "stream:GetJob", "stream:GetJobDiagnosis", "stream:GetLatestJobStartLog", "stream:GetLineageInfo", "stream:GetMember", "stream:GetPreSignedUrlForPutObject", "stream:GetResourcePlanV1", "stream:GetRootFolderByTypeV1", "stream:GetSavepoint", "stream:GetSessionCluster", "stream:GetSpecifications", "stream:GetSqlFile", "stream:GetTables", "stream:GetUdfArtifacts", "stream:GetValidateDeploymentDraftResult", "stream:HandleCatalogChanges", "stream:HasStreamDefaultRole", "stream:HotUpdateJob", "stream:ListArtifactsV1", "stream:ListConnectorsV1", "stream:ListCustomConnectors", "stream:ListDeploymentDrafts", "stream:ListDeploymentTargets", "stream:ListDeploymentTargetsV1", "stream:ListDeployments", "stream:ListDeploymentsV1", "stream:ListEngineVersionMetadata", "stream:ListFlinkVersionsV1", "stream:ListFormatsV1", "stream:ListJobs", "stream:ListJobsV1", "stream:ListMembers", "stream:ListNamespacesV1", "stream:ListOssInfo", "stream:ListRegionWithClusterQuantity", "stream:ListSavepoints", "stream:ListSavepointsV1", "stream:ListScheduledPlan", "stream:ListScheduledPlanExecutedHistory", "stream:ListSecretValuesV1", "stream:ListSessionClusters", "stream:ListSessionClustersV1", "stream:ListTablesV1", "stream:ListTagKeys", "stream:ListTagResources", "stream:ListTagValues", "stream:ListUserVswitch", "stream:ListVariables", "stream:ModifyDns", "stream:ModifyInstanceMetadata", "stream:ModifyInstanceVswitch", "stream:QueryCloneNamespace", "stream:QueryCreateLxCommodityPrice", "stream:QueryCreateVvpInstancePrice", "stream:QueryTagVvpResources", "stream:RegisterCustomConnector", "stream:RegisterUdfFunction", "stream:ReplaceDeploymentV1", "stream:SaveDeploymentDraftResourcePlanV1", "stream:SearchFoldersByKeywordV1", "stream:SearchOrderStatistics", "stream:SetDeploymentResourceModeV1", "stream:StartJob", "stream:StartJobWithParams", "stream:StartOrGetNonTerminalSqlExecution", "stream:StartSessionCluster", "stream:StartSqlExecution", "stream:StopApplyScheduledPlan", "stream:StopJob", "stream:StopSessionCluster", "stream:StopSqlExecution", "stream:SubmitSqlPreview", "stream:TagVvpResources", "stream:UnTagVvpResources", "stream:UpdateDeployment", "stream:UpdateDeploymentByName", "stream:UpdateDeploymentDesiredStateV1", "stream:UpdateDeploymentDraft", "stream:UpdateDeploymentDraftV1", "stream:UpdateDeploymentTarget", "stream:UpdateDeploymentTargetV2", "stream:UpdateDeploymentV1", "stream:UpdateFolder", "stream:UpdateInstanceMonitorType", "stream:UpdateMember", "stream:UpdateMemberV1", "stream:UpdateScheduledPlan", "stream:UpdateSessionCluster", "stream:UpdateSqlFile", "stream:UpdateUdfArtifact", "stream:UpdateVariable", "stream:ValidateDeploymentDraftAsync", "stream:ValidateSqlScriptV1", "stream:ValidateSqlStatement", "stream:WorkflowCallbackQueryNodeStatus", "stream:WorkflowCallbackStartNode", "stream:WorkflowCallbackStopNode" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。