RAM授权支持的操作资源条件-全球加速-阿里云-全球加速(GA)-阿里云帮助中心

访问控制（RAM）是阿里云提供的管理用户身份与资源访问权限的服务。使用 RAM 可以让您避免与其他用户共享阿里云账号密钥，并可按需为用户授予最小权限。RAM 中使用权限策略描述授权的具体内容。

本文为您介绍 全球加速 为 RAM 权限策略定义的操作（Action）、资源（Resource）和条件（Condition）。 全球加速 的 RAM 代码（RamCode）为 ga ，支持的授权粒度为 资源级 。

权限策略通用结构

权限策略支持 JSON 格式，其通用结构如下：

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

各字段含义如下：

Effect：权限策略效果。取值：Allow（允许）、Deny（拒绝）。
Action：授予允许或拒绝权限的具体操作。具体信息，请参见操作（Action）。
Resource：受操作影响的具体对象，您可以使用资源 ARN 来描述指定资源。具体信息，请参见资源（Resource）。
Condition：指授权生效的条件。可选字段。具体信息，请参见条件（Condition）。
- Condition_operator：条件运算符，不同类型的条件对应不同的条件运算符。具体信息，请参见权限策略基本元素。
- Condition_key：条件关键字。
- Condition_value：条件关键字对应的值。

操作（Action）

下表是全球加速定义的操作，这些操作可以在 RAM 权限策略语句的Action元素中使用，用来授予执行该操作的权限。下面对表中的具体项提供说明：

操作：是指具体的权限点。
API：是指操作对应的 API 接口。
访问级别：是指每个操作的访问级别，取值为写入（Write）、读取（Read）或列出（List）。
资源类型：是指操作中支持授权的资源类型。具体说明如下：
- 对于必选的资源类型，用前面加 * 表示。
- 对于不支持资源级授权的操作，用全部资源表示。
条件关键字：是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字。
关联操作：是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限，操作才能成功。

操作	API	访问级别	资源类型	条件关键字	关联操作
ga:CreateApplicationMonitor	CreateApplicationMonitor	create	ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/*`	无	无
ga:OpenAcceleratorService	OpenAcceleratorService	none	全部资源 ``	无	无
ga:DescribeCommodity	DescribeCommodity	get	全部资源 ``	无	无
ga:DeleteBasicIpSet	DeleteBasicIpSet	delete	*BasicIpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#BasicIpSetId}`	无	无
ga:ListForwardingRules	ListForwardingRules	list	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:DescribeIpSet	DescribeIpSet	get	*IpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}`	无	无
ga:DeleteBasicAccelerateIpEndpointRelation	DeleteBasicAccelerateIpEndpointRelation	delete	BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}` *BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}`	无	无
ga:GetBasicEndpointGroup	GetBasicEndpointGroup	get	*BasicEndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}`	无	无
ga:DetectApplicationMonitor	DetectApplicationMonitor	update	*ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}`	无	无
ga:DeleteBasicEndpoint	DeleteBasicEndpoint	create	*BasicEndpoint `acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}`	无	无
ga:ListBandwidthPackages	ListBandwidthPackages	list	BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/`	无	无
ga:ListListeners	ListListeners	list	Listener `acs:ga:{#regionId}:{#accountId}:listener/`	无	无
ga:CreateBasicEndpoint	CreateBasicEndpoint	create	BasicEndpoint `acs:ga:{#regionId}:{#accountId}:basicendpoint/`	无	无
ga:DescribeListener	DescribeListener	get	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:UpdateEndpointGroup	UpdateEndpointGroup	update	*EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}`	无	无
ga:DescribeAcceleratorServiceStatus	DescribeAcceleratorServiceStatus	none	全部资源 ``	无	无
ga:DeleteEndpointGroup	DeleteEndpointGroup	delete	*EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}`	无	无
ga:DissociateAclsFromListener	DissociateAclsFromListener	update	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:ListAvailableAccelerateAreas	ListAvailableAccelerateAreas	list	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:ListCustomRoutingPortMappings	ListCustomRoutingPortMappings	list	CustomRoutingPortMapping `acs:ga::{#accountId}:ga/{#gaId}`	无	无
ga:UpdateIpSet	UpdateIpSet	update	*IpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}`	无	无
ga:ListAvailableBusiRegions	ListAvailableBusiRegions	list	全部资源 ``	无	无
ga:UpdateBandwidthPackage	UpdateBandwidthPackage	update	*BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}`	无	无
ga:UpdateCustomRoutingEndpointTrafficPolicies	UpdateCustomRoutingEndpointTrafficPolicies	update	*CustomRoutingEndpointTrafficPolicy `acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointTrafficPolicyId}`	无	无
ga:UpdateAclAttribute	UpdateAclAttribute	update	*Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}`	无	无
ga:CreateDomain	CreateDomain	create	Domain `acs:ga:{#regionId}:{#accountId}:ga/`	无	无
ga:ListEndpointGroups	ListEndpointGroups	list	EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/`	无	无
ga:DescribeBandwidthPackage	DescribeBandwidthPackage	get	*BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}`	无	无
ga:CreateEndpointGroups	CreateEndpointGroups	create	EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/` Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}` Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	ga:AcceleratorMainland	无
ga:ListTagResources	ListTagResources	list	全部资源 ``	无	无
ga:UpdateCustomRoutingEndpoints	UpdateCustomRoutingEndpoints	update	*CustomRoutingEndpointGroup `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}`	无	无
ga:DeleteIpSet	DeleteIpSet	delete	*IpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}`	无	无
ga:ListBandwidthackages	ListBandwidthackages	list	全部资源 ``	无	无
ga:ListCustomRoutingEndpointGroupDestinations	ListCustomRoutingEndpointGroupDestinations	list	*CustomRoutingEndpointGroupDestination `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:AddEntriesToAcl	AddEntriesToAcl	update	*Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}`	无	无
ga:DeleteCustomRoutingEndpointGroupDestinations	DeleteCustomRoutingEndpointGroupDestinations	delete	*CustomRoutingEndpointGroupDestination `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}`	无	无
ga:ListBasicAccelerators	ListBasicAccelerators	list	BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/`	无	无
ga:DescribeBandwidthPackageAutoRenewAttribute	DescribeBandwidthPackageAutoRenewAttribute	get	*BandwidthPackage `acs:ga:{#regionId}:{#accountId}:ga/{#BandwidthPackageId}`	无	无
ga:ListSystemSecurityPolicies	ListSystemSecurityPolicies	list	SystemSecurityPolicy `acs:ga:{#regionId}:{#accountId}:ga/`	无	无
ga:UpdateDomain	UpdateDomain	update	全部资源 ``	无	无
ga:CreateForwardingRules	CreateForwardingRules	create	Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}` Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:CreateBasicIpSet	CreateBasicIpSet	create	BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}` BasicIpSet `acs:ga:{#regionId}:{#accountId}:ipset/*`	无	无
ga:UpdateCustomRoutingEndpointGroupDestinations	UpdateCustomRoutingEndpointGroupDestinations	update	*CustomRoutingEndpointGroupDestination `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}`	无	无
ga:DeleteBasicAccelerator	DeleteBasicAccelerator	delete	*BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}`	无	无
ga:ListAccelerateAreas	ListAccelerateAreas	list	AccelerateArea `acs:ga:{#regionId}:{#accountId}:region/`	无	无
ga:UpdateAcceleratorAutoRenewAttribute	UpdateAcceleratorAutoRenewAttribute	update	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:UpdateBandwidthPackagaAutoRenewAttribute	UpdateBandwidthPackagaAutoRenewAttribute	update	*BandwidthPackage `acs:ga:{#regionId}:{#accountId}:ga/{#BandwidthPackageId}`	无	无
ga:DescribeApplicationMonitor	DescribeApplicationMonitor	get	*ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}`	无	无
ga:GetGlobalAcceleratorResources	GetGlobalAcceleratorResources	get	全部资源 ``	无	无
ga:CreateAcl	CreateAcl	create	Acl `acs:ga:{#regionId}:{#accountId}:acl/`	无	无
ga:ListApplicationMonitor	ListApplicationMonitor	list	ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/`	无	无
ga:DescribeAccelerator	DescribeAccelerator	get	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:DeleteApplicationMonitor	DeleteApplicationMonitor	delete	*ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}`	无	无
ga:AssociateAclsWithListener	AssociateAclsWithListener	update	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#ListenerId}`	无	无
ga:GetSpareIp	GetSpareIp	get	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:DeleteAcl	DeleteAcl	delete	*Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}`	无	无
ga:DeleteForwardingRules	DeleteForwardingRules	delete	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:GetBasicIpSet	GetBasicIpSet	get	*BasicIpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#BasicIpSetId}`	无	无
ga:DeleteBasicEndpointGroup	DeleteBasicEndpointGroup	delete	*BasicEndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}`	无	无
ga:ListCommonAreas	ListCommonAreas	list	全部资源 ``	无	无
ga:EnableApplicationMonitor	EnableApplicationMonitor	update	*ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/{#sitemonitorId}`	无	无
ga:CreateSpareIps	CreateSpareIps	create	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:CreateCustomRoutingEndpointGroups	CreateCustomRoutingEndpointGroups	create	*CustomRoutingEndpointGroup `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:ListEndpointGroupIpAddressCidrBlocks	ListEndpointGroupIpAddressCidrBlocks	get	全部资源 ``	无	无
ga:AttachLogStoreToEndpointGroup	AttachLogStoreToEndpointGroup	update	EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endPointGroupId}` Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:UpdateBasicEndpointGroup	UpdateBasicEndpointGroup	update	*BasicEndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}`	无	无
ga:DeleteSpareIps	DeleteSpareIps	delete	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:ListIspTypes	ListIspTypes	list	全部资源 ``	无	无
ga:ListBasicAccelerateIps	ListBasicAccelerateIps	list	*BasicAccelerateIp `acs:ga:{#regionId}:{#accountId}:ipset/{#IpSetId}`	无	无
ga:DeleteEndpointGroups	DeleteEndpointGroups	delete	*EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}`	无	无
ga:ListApplicationMonitorDetectResult	ListApplicationMonitorDetectResult	list	全部资源 ``	无	无
ga:ListCustomRoutingEndpointTrafficPolicies	ListCustomRoutingEndpointTrafficPolicies	list	CustomRoutingEndpointTrafficPolicy `acs:ga::{#accountId}:ga/{#gaId}`	无	无
ga:CreateBasicAccelerateIpEndpointRelation	CreateBasicAccelerateIpEndpointRelation	update	BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}` *BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}`	无	无
ga:CreateCustomRoutingEndpointTrafficPolicies	CreateCustomRoutingEndpointTrafficPolicies	create	*CustomRoutingEndpointTrafficPolicy `acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId}`	无	无
ga:DescribeEndpointGroup	DescribeEndpointGroup	get	*EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}`	无	无
ga:QueryCrossBorderApprovalStatus	QueryCrossBorderApprovalStatus	get	全部资源 ``	无	无
ga:DescribeRegions	DescribeRegions	get	*BusiRegion `acs:ga:{#regionId}:{#accountId}:region/{#regionId}`	无	无
ga:DisableApplicationMonitor	DisableApplicationMonitor	update	*ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/{#sitemonitorId}`	无	无
ga:UpdateBasicEndpoint	UpdateBasicEndpoint	update	*BasicEndpoint `acs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId}`	无	无
ga:DeleteCustomRoutingEndpointGroups	DeleteCustomRoutingEndpointGroups	delete	*CustomRoutingEndpointGroup `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}` CustomRoutingEndpointGroup `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}`	无	无
ga:CreateCustomRoutingEndpoints	CreateCustomRoutingEndpoints	create	*CustomRoutingEndpointGroup `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}`	无	无
ga:CreateEndpointGroup	CreateEndpointGroup	create	EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/` Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}` Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	ga:AcceleratorMainland	无
ga:GetBasicAccelerator	GetBasicAccelerator	get	*BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}`	无	无
ga:UpdateBasicAccelerator	UpdateBasicAccelerator	update	*BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}`	无	无
ga:DeleteDomainAcceleratorRelation	DeleteDomainAcceleratorRelation	delete	*Domain `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:DeleteCustomRoutingEndpointTrafficPolicies	DeleteCustomRoutingEndpointTrafficPolicies	delete	*CustomRoutingEndpointTrafficPolicy `acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#customroutingendpointId}`	无	无
ga:UpdateEndpointGroupAttribute	UpdateEndpointGroupAttribute	update	*EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}`	无	无
ga:UpdateAcceleratorCrossBorderMode	UpdateAcceleratorCrossBorderMode	update	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:GetIpsetsBandwidthLimit	GetIpsetsBandwidthLimit	get	全部资源 ``	无	无
ga:GetInvalidDomainCount	GetInvalidDomainCount	get	全部资源 ``	无	无
ga:DescribeCustomRoutingEndpoint	DescribeCustomRoutingEndpoint	get	*CustomRoutingEndpoint `acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId}`	无	无
ga:UpdateApplicationMonitor	UpdateApplicationMonitor	update	*ApplicationMonitor `acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}`	无	无
ga:CreateAccelerator	CreateAccelerator	create	Accelerator `acs:ga:{#regionId}:{#accountId}:ga/`	无	无
ga:ListListenerCertificates	ListListenerCertificates	list	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:DeleteBandwidthPackage	DeleteBandwidthPackage	delete	*BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}`	无	无
ga:ListIpSets	ListIpSets	list	IpSet `acs:ga:{#regionId}:{#accountId}:ipset/`	无	无
ga:DeleteBasicAccelerateIp	DeleteBasicAccelerateIp	delete	*BasicAccelerateIp `acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}`	无	无
ga:UpdateServiceManagedControl	UpdateServiceManagedControl	update	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:GetBasicEndpoint	GetBasicEndpoint	get	*BasicEndpoint `acs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId}`	无	无
ga:UpdateAdditionalCertificateWithListener	UpdateAdditionalCertificateWithListener	update	*AdditionalCertificate `acs:ga:{#regionId}:{#accountId}:listener/{#ListenerId}`	无	无
ga:UpdateAcceleratorCrossBorderStatus	UpdateAcceleratorCrossBorderStatus	update	Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:ChangeResourceGroup	ChangeResourceGroup	update	Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}` BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthpackageId}` BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#basicGaId}`	无	无
ga:ConfigEndpointProbe	ConfigEndpointProbe	update	*EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}`	无	无
ga:DeleteIpSets	DeleteIpSets	delete	*IpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}`	无	无
ga:ListCustomRoutingPortMappingsByDestination	ListCustomRoutingPortMappingsByDestination	list	CustomRoutingEndpoint `acs:ga::{#accountId}:customroutingendpoint/{#customroutingendpointId}`	无	无
ga:DissociateAdditionalCertificatesFromListener	DissociateAdditionalCertificatesFromListener	update	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:CreateCustomRoutingEndpointGroupDestinations	CreateCustomRoutingEndpointGroupDestinations	create	*CustomRoutingEndpointGroupDestination `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}`	无	无
ga:CreateBasicEndpoints	CreateBasicEndpoints	create	BasicEndpoint `acs:ga:{#regionId}:{#accountId}:basicendpoint/`	无	无
ga:CreateListener	CreateListener	create	Listener `acs:ga:{#regionId}:{#accountId}:listener/` *Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	ga:TLSVersion	无
ga:CreateBasicAccelerator	CreateBasicAccelerator	create	BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/`	无	无
ga:DeleteCustomRoutingEndpoints	DeleteCustomRoutingEndpoints	delete	*CustomRoutingEndpoint `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customRoutingEndpointGroupId}`	无	无
ga:UpdateAccelerator	UpdateAccelerator	update	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:GetHealthStatus	GetHealthStatus	get	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:UpdateBasicIpSet	UpdateBasicIpSet	update	*BasicIpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#ipsetId}`	无	无
ga:CreateBasicEndpointGroup	CreateBasicEndpointGroup	create	BasicEndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/`	无	无
ga:DetachDdosFromAccelerator	DetachDdosFromAccelerator	delete	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:GetBasicAccelerateIpIdleCount	GetBasicAccelerateIpIdleCount	get	全部资源 ``	无	无
ga:UpdateCustomRoutingEndpointGroupAttribute	UpdateCustomRoutingEndpointGroupAttribute	update	*CustomRoutingEndpointGroup `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}`	无	无
ga:ListCustomRoutingEndpoints	ListCustomRoutingEndpoints	list	CustomRoutingEndpoint `acs:ga::{#accountId}:ga/{#gaId}`	无	无
ga:CreateBasicAccelerateIpEndpointRelations	CreateBasicAccelerateIpEndpointRelations	update	*BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:CreateIpSets	CreateIpSets	create	IpSet `acs:ga:{#regionId}:{#accountId}:ipset/` *Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	ga:AcceleratorMainland	无
ga:CreateBandwidthPackage	CreateBandwidthPackage	create	BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/`	ga:BandwidthPackageType	无
ga:ListAcls	ListAcls	list	Acl `acs:ga:{#regionId}:{#accountId}:acl/`	无	无
ga:DescribeCommodityPrice	DescribeCommodityPrice	get	全部资源 ``	无	无
ga:ListBasicAccelerateIpEndpointRelations	ListBasicAccelerateIpEndpointRelations	list	*BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:BandwidthPackageAddAccelerator	BandwidthPackageAddAccelerator	update	BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}` Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:AttachDdosToAccelerator	AttachDdosToAccelerator	update	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:AssociateAdditionalCertificatesWithListener	AssociateAdditionalCertificatesWithListener	update	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:DetachLogStoreFromEndpointGroup	DetachLogStoreFromEndpointGroup	update	EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}` Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:RemoveEntriesFromAcl	RemoveEntriesFromAcl	update	*Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}`	无	无
ga:GetAcl	GetAcl	get	*Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}`	无	无
ga:UpdateListener	UpdateListener	update	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:UpdateForwardingRules	UpdateForwardingRules	update	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:TagResources	TagResources	update	Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}` BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthpackageId}` BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#basicGaId}` EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#EndpointGroupId}`	无	无
ga:GetBasicAccelerateIpEndpointRelation	GetBasicAccelerateIpEndpointRelation	get	BasicAccelerateIpEndpointRelation `acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}` BasicAccelerateIp `acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}`	无	无
ga:DescribeLogStoreOfEndpointGroup	DescribeLogStoreOfEndpointGroup	get	*AccessLog `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}`	无	无
ga:ListDomains	ListDomains	list	Domain `acs:ga:{#regionId}:{#accountId}:ga/`	无	无
ga:DeleteListener	DeleteListener	delete	*Listener `acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}`	无	无
ga:DeleteAccelerator	DeleteAccelerator	delete	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:UntagResources	UntagResources	update	Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` BasicAccelerator `acs:ga:{#regionId}:{#accountId}:ga/{#basicGaId}` EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}` Acl `acs:ga:{#regionId}:{#accountId}:acl/{#aclId}` BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}`	无	无
ga:DescribeCustomRoutingEndPointTrafficPolicy	DescribeCustomRoutingEndPointTrafficPolicy	get	*CustomRoutingEndpointTrafficPolicy `acs:ga:{#regionId}:{#accountId}:trafficpolicy/{#trafficpolicyId}`	无	无
ga:ListSpareIps	ListSpareIps	list	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:DescribeAcceleratorAutoRenewAttribute	DescribeAcceleratorAutoRenewAttribute	get	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}`	无	无
ga:UpdateDomainState	UpdateDomainState	update	全部资源 ``	无	无
ga:UpdateAcceleratorConfirm	UpdateAcceleratorConfirm	update	*Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:DescribeCustomRoutingEndpointGroupDestinations	DescribeCustomRoutingEndpointGroupDestinations	get	*CustomRoutingEndpointGroupDestination `acs:ga:{#regionId}:{#accountId}:destination/{#DestinationId}`	无	无
ga:UpdateIpSets	UpdateIpSets	update	*IpSet `acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}`	无	无
ga:UpdateEndpointGroups	UpdateEndpointGroups	update	*EndpointGroup `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}`	无	无
ga:DescribeCustomRoutingEndpointGroup	DescribeCustomRoutingEndpointGroup	get	*CustomRoutingEndpointGroup `acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}`	无	无
ga:ListBasicEndpoints	ListBasicEndpoints	list	*BasicEndpoint `acs:ga:{#regionId}:{#accountId}:endpointgroup/{#EndpointGroupId}`	无	无
ga:ListAccelerators	ListAccelerators	list	Accelerator `acs:ga:{#regionId}:{#accountId}:ga/`	无	无
ga:ListCustomRoutingEndpointGroups	ListCustomRoutingEndpointGroups	list	CustomRoutingEndpointGroup `acs:ga::{#accountId}:ga/{#gaId}`	无	无
ga:ListBusiRegions	ListBusiRegions	list	BusiRegion `acs:ga:{#regionId}:{#accountId}:region/`	无	无
ga:GetBasicAccelerateIp	GetBasicAccelerateIp	get	*BasicAccelerateIp `acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}`	无	无
ga:ReplaceBandwidthPackage	ReplaceBandwidthPackage	update	*BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}`	无	无
ga:BandwidthPackageRemoveAccelerator	BandwidthPackageRemoveAccelerator	update	BandwidthPackage `acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}` Accelerator `acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}`	无	无
ga:CreateBasicAccelerateIp	CreateBasicAccelerateIp	create	BasicAccelerateIp `acs:ga:{#regionId}:{#accountId}:ga/{#gaId}` BasicAccelerateIp `acs:ga:{#regionId}:{#accountId}:ipset/*`	无	无

资源（Resource）

下表是全球加速定义的资源，这些资源可以在 RAM 权限策略语句的Resource元素中使用，用来授予对该资源执行具体操作的权限。其中，资源 ARN 是资源在阿里云上的唯一标识。具体说明如下：

{#}为变量标识，需要您替换为实际值。例如：{#ramcode}需要您替换为实际的云服务RAM代码。
*表示全部。例如：
- {#resourceType}为*时：表示全部资源。
- {#regionId}为*时：表示全部地域。
- {#accountId}为*时：表示全部阿里云账号。

资源类型	资源 ARN
ApplicationMonitor	acs:ga:{#regionId}:{#accountId}:ga/{#gaId} acs:ga:{#regionId}:{#accountId}:sitemonitor/* acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId} acs:ga:{#regionId}:{#accountId}:sitemonitor/{#sitemonitorId}
BasicIpSet	acs:ga:{#regionId}:{#accountId}:ipset/{#BasicIpSetId} acs:ga:{#regionId}:{#accountId}:ipset/* acs:ga:{#regionId}:{#accountId}:ipset/{#ipsetId}
Listener	acs:ga:{#regionId}:{#accountId}:listener/{#listenerId} acs:ga:{#regionId}:{#accountId}:listener/*
IpSet	acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId} acs:ga:{#regionId}:{#accountId}:ipset/*
Accelerator	acs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId} acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId} acs:ga:{#regionId}:{#accountId}:ga/* acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
BasicAccelerateIpEndpointRelation	acs:ga:{#regionId}:{#accountId}:ga/{#gaId} acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId} acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}
BasicEndpointGroup	acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId} acs:ga:{#regionId}:{#accountId}:endpointgroup/*
BasicEndpoint	acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId} acs:ga:{#regionId}:{#accountId}:basicendpoint/* acs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId} acs:ga:{#regionId}:{#accountId}:endpointgroup/{#EndpointGroupId}
BandwidthPackage	acs:ga:{#regionId}:{#accountId}:bandwidthpackage/* acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId} acs:ga:{#regionId}:{#accountId}:ga/{#BandwidthPackageId}
EndpointGroup	acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId} acs:ga:{#regionId}:{#accountId}:endpointgroup/*
CustomRoutingPortMapping	acs:ga:*:{#accountId}:ga/{#gaId}
CustomRoutingEndpointTrafficPolicy	acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointTrafficPolicyId} acs:ga:*:{#accountId}:ga/{#gaId} acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId} acs:ga:{#regionId}:{#accountId}:trafficpolicy/{#trafficpolicyId}
Acl	acs:ga:{#regionId}:{#accountId}:acl/{#aclId} acs:ga:{#regionId}:{#accountId}:acl/*
Domain	acs:ga:{#regionId}:{#accountId}:ga/* acs:ga:{#regionId}:{#accountId}:ga/{#gaId}
BasicAccelerator	acs:ga:{#regionId}:{#accountId}:ga/* acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId} acs:ga:{#regionId}:{#accountId}:ga/{#gaId} acs:ga:{#regionId}:{#accountId}:ga/{#basicGaId}
CustomRoutingEndpointGroup	acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId} acs:ga:{#regionId}:{#accountId}:ga/{#gaId} acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId} acs:ga:*:{#accountId}:ga/{#gaId}
CustomRoutingEndpointGroupDestination	acs:ga:{#regionId}:{#accountId}:ga/{#gaId} acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId} acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId} acs:ga:{#regionId}:{#accountId}:destination/{#DestinationId}
SystemSecurityPolicy	acs:ga:{#regionId}:{#accountId}:ga/*
AccelerateArea	acs:ga:{#regionId}:{#accountId}:region/*
BasicAccelerateIp	acs:ga:{#regionId}:{#accountId}:ipset/{#IpSetId} acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId} acs:ga:{#regionId}:{#accountId}:ga/{#gaId} acs:ga:{#regionId}:{#accountId}:ipset/*
BusiRegion	acs:ga:{#regionId}:{#accountId}:region/{#regionId} acs:ga:{#regionId}:{#accountId}:region/*
CustomRoutingEndpoint	acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId} acs:ga::{#accountId}:customroutingendpoint/{#customroutingendpointId} acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customRoutingEndpointGroupId} acs:ga::{#accountId}:ga/{#gaId}
AdditionalCertificate	acs:ga:{#regionId}:{#accountId}:listener/{#ListenerId}
AccessLog	acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}

条件（Condition）

下表是全球加速 定义的产品级条件关键字，这些条件关键字可以在 RAM 权限策略语句的Condition元素中使用，用来描述授予权限的条件。以下仅列举产品级的条件关键字，阿里云定义的通用条件关键字也同样适用全球加速。

其中，数据类型决定了您可以使用哪些条件运算符将请求中的值与权限策略语句中的值进行比较。您必须使用与数据类型匹配的条件运算符，否则无法匹配策略语句，授权行为无效。数据类型与条件运算符的对应关系，请参见条件操作类型。

条件关键字	描述	类型
ga:AcceleratorMainland	加速区域	String
ga:BandwidthPackageType	带宽包类型	String
ga:TLSVersion	TLS版本支持	String

授权信息

权限策略通用结构

操作（Action）

资源（Resource）

条件（Condition）

相关操作