当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了微服务引擎对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内微服务引擎资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
微服务引擎支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
微服务引擎 |
mse |
cluster : 集群 |
|
微服务引擎 |
mse |
gateway : 网关 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
微服务引擎中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
mse:AddAuthPolicy |
通过 AddAuthPolicy 接口创建服务鉴权规则。 |
|
mse:AddCustomPlugin |
- |
|
mse:AddGatewayOrder |
- |
|
mse:AddGatewayRetry |
- |
|
mse:AddGatewayService |
- |
|
mse:AddLoadBalancePolicy |
- |
|
mse:AddMigrationTask |
调用接口添加迁移任务。 |
|
mse:AddMockRule |
创建Mock规则。 |
|
mse:AddRateLimit |
- |
|
mse:AddRoutePolicy |
- |
|
mse:AddServiceTimeConfig |
- |
|
mse:AddWhiteScreenRule |
- |
|
mse:ApplyCanaryPolicy |
- |
|
mse:ApplyGlobalReadWriteSplitRule |
- |
|
mse:ApplyReadWriteSplitRule |
- |
|
mse:ApplyTagPolicies |
修改标签路由规则。 |
|
mse:BatchUpdateRulesEnable |
- |
|
mse:BindSentinelBlockFallbackDefinition |
绑定流量防护行为。 |
|
mse:BindSentinelBlockFallbackDefinitionBatch |
- |
|
mse:ChangeOperateTaskTime |
- |
|
mse:CheckAuthPolicyName |
- |
|
mse:CheckCanaryPolicy |
- |
|
mse:CheckCsRole |
- |
|
mse:CheckEciRole |
- |
|
mse:CheckGatewayIngressMigrateTask |
- |
|
mse:CheckKmsStatus |
- |
|
mse:CheckMigrationServiceAnnotation |
- |
|
mse:CheckRole |
- |
|
mse:CheckServiceLinkRole |
- |
|
mse:CheckUserReadinessConfig |
- |
|
mse:CheckXTraceServiceStatus |
- |
|
mse:CloneSentinelRuleFromAhas |
AHAS规则迁移。 |
|
mse:ConvertSwaggerToMcpConfig |
- |
|
mse:CreateApplication |
创建应用。 |
|
mse:CreateCircuitBreakerRule |
创建熔断规则。 |
|
mse:CreateDemoToUserCluster |
- |
|
mse:CreateFlowRule |
创建流控规则。 |
|
mse:CreateGovernanceKubernetesCluster |
- |
|
mse:CreateGovernanceService |
- |
|
mse:CreateHotParamRule |
- |
|
mse:CreateIsolationRule |
创建隔离规则。 |
|
mse:CreateLicenseKey |
- |
|
mse:CreateMseServiceApplication |
创建应用。 |
|
mse:CreateNamespace |
创建微服务治理命名空间。 |
|
mse:CreateOrUpdateEmptyPushSetting |
- |
|
mse:CreateOrUpdateSwimmingLane |
用于创建或者更新全链路灰度泳道。 |
|
mse:CreateOrUpdateSwimmingLaneGroup |
用于创建或者更新全链路灰度泳道组。 |
|
mse:CreateOutlierConfig |
- |
|
mse:CreateSentinelBlockFallbackDefinition |
创建行为管理 |
|
mse:CreateWebFlowRule |
创建热点参数防护规则(HTTP 请求)。 |
|
mse:DeleteBackupTask |
- |
|
mse:DeleteCircuitBreakerRules |
删除熔断规则。 |
|
mse:DeleteCustomPlugin |
- |
|
mse:DeleteFaultInjectionRule |
- |
|
mse:DeleteFlowRules |
删除流控规则。 |
|
mse:DeleteGatewayCircuitBreakerRule |
删除该网关熔断规则。 |
|
mse:DeleteGatewayIngressMigrateTask |
- |
|
mse:DeleteGatewayIsolationRule |
删除该网关并发规则。 |
|
mse:DeleteGovernanceKubernetesCluster |
- |
|
mse:DeleteHotParamRules |
- |
|
mse:DeleteIsolationRules |
删除隔离规则。 |
|
mse:DeleteMigrationTask |
调用接口删除迁移上云任务。 |
|
mse:DeleteNacosDatasourceResource |
- |
|
mse:DeleteNamespace |
删除MSE命名空间。 |
|
mse:DeleteRateLimit |
- |
|
mse:DeleteRetryRule |
- |
|
mse:DeleteSSLCert |
- |
|
mse:DeleteSentinelBlockFallbackDefinition |
- |
|
mse:DeleteServiceTimeConfig |
- |
|
mse:DeleteSwimmingLane |
用于删除全链路泳道。 |
|
mse:DeleteSwimmingLaneGroup |
用于删除全链路泳道组。 |
|
mse:DeleteTimeoutRule |
- |
|
mse:DeleteTrace |
- |
|
mse:DeleteUpstreamGroupOfSingleService |
- |
|
mse:DeleteWebFlowRules |
删除热点参数防护规则(HTTP 请求)。 |
|
mse:DeleteWhiteScreenRule |
- |
|
mse:DescribeAppAgentStatus |
- |
|
mse:DescribeScenarioRecordsForAhas |
- |
|
mse:FallbackGateway |
- |
|
mse:FetchAppLogConfig |
- |
|
mse:FetchDataSourceConfig |
- |
|
mse:FetchGlobalReadWriteSplitRules |
- |
|
mse:FetchLogConfig |
- |
|
mse:FetchLosslessRuleList |
获取无损上下线规则列表。 |
|
mse:FetchReadWriteSplitRules |
- |
|
mse:FetchRoutePolicyList |
- |
|
mse:FixGateway |
- |
|
mse:GatewayAdmin |
- |
|
mse:GetAccountMockRule |
- |
|
mse:GetApiTestHistory |
- |
|
mse:GetAppMessageQueueRoute |
获取应用消息灰度相关的信息。 |
|
mse:GetApplicationDetail |
- |
|
mse:GetApplicationInstanceList |
查询微服务应用实例列表。 |
|
mse:GetApplicationInstancesWithMetircs |
- |
|
mse:GetApplicationList |
通过GetApplicationList接口获取应用列表。 |
|
mse:GetApplicationListWithMetircs |
- |
|
mse:GetApplicationTagList |
- |
|
mse:GetArmsAlarms |
- |
|
mse:GetAuthPolicyInfo |
- |
|
mse:GetCanaryStatus |
- |
|
mse:GetConfig |
- |
|
mse:GetDubboServicePageWithMetrics |
- |
|
mse:GetDubboTestMethod |
- |
|
mse:GetEventDetail |
- |
|
mse:GetEventFilterOptions |
- |
|
mse:GetFaultInjectionRule |
- |
|
mse:GetGatewayAlarms |
- |
|
mse:GetGatewayIngressMigrateTaskDetail |
- |
|
mse:GetGatewayMigrateNamespacedServices |
- |
|
mse:GetGatewayNotice |
- |
|
mse:GetGatewaySelection |
- |
|
mse:GetGovernanceKubernetesClusterList |
- |
|
mse:GetGraySwimmingLaneGroupInfo |
- |
|
mse:GetHistorys |
- |
|
mse:GetImage |
查询当前版本可升级的最大版本号。 |
|
mse:GetLicenseKey |
- |
|
mse:GetLocalityDistributionMetrics |
- |
|
mse:GetLocalityRule |
获取同可用区优先路由规则 |
|
mse:GetLosslessRuleByApp |
获取指定应用无损上下线规则。 |
|
mse:GetMockRuleByConsumerAppId |
- |
|
mse:GetMockRuleById |
- |
|
mse:GetMockRuleByProviderAppId |
- |
|
mse:GetMseFeatureSwitch |
获取MSE能力开关。 |
|
mse:GetNacosDatasourceResource |
- |
|
mse:GetNetworkInfo |
- |
|
mse:GetOutlierApplicationList |
- |
|
mse:GetOutlierPolicyInfo |
- |
|
mse:GetOverview |
查询治理概览信息。 |
|
mse:GetPluginGuide |
- |
|
mse:GetRegExpCheck |
- |
|
mse:GetRegExpTest |
- |
|
mse:GetResourcePackageStatus |
- |
|
mse:GetResourcePackageStatusWithVersion |
- |
|
mse:GetRetryRule |
- |
|
mse:GetRoutePolicy |
- |
|
mse:GetServiceConsumersPage |
- |
|
mse:GetServiceDetail |
- |
|
mse:GetServiceList |
通过GetServiceList接口查询应用服务信息。 |
|
mse:GetServiceListPage |
获取服务列表 |
|
mse:GetServiceMethodPage |
获取服务接口列表。 |
|
mse:GetServiceMethodPageWithMetrics |
- |
|
mse:GetServiceProvidersPage |
- |
|
mse:GetSpringCloudTestMethod |
- |
|
mse:GetTagKey |
- |
|
mse:GetTagVal |
- |
|
mse:GetTagsBySwimmingLaneGroupId |
用于获取当前泳道组内的所有标签。 |
|
mse:GetTimeoutRule |
- |
|
mse:GetTrace |
- |
|
mse:GetUpstreamGroupOfSingleService |
- |
|
mse:GetUserStatus |
- |
|
mse:ImportMcpConfigFromSwagger |
- |
|
mse:InitializeServiceLinkRole |
创建MSE SLR。 |
|
mse:InvokeDubboTestMethod |
- |
|
mse:InvokeIstioTestMethod |
- |
|
mse:InvokeSpringCloudTestMethod |
- |
|
mse:ListAdaptiveOverloadProtectionConfig |
- |
|
mse:ListAppBySwimmingLaneGroupTag |
用于获取当前泳道组内的指定标签的应用列表。 |
|
mse:ListAppBySwimmingLaneGroupTags |
获取指定泳道组内的指定标签的应用列表。 |
|
mse:ListAppResource |
- |
|
mse:ListAppResourceWithMetrics |
- |
|
mse:ListApplicationTagInstancese |
- |
|
mse:ListApplicationsWithTagRules |
通过ListApplicationsWithTagRules接口获取应用的路由规则。 |
|
mse:ListAuthPolicy |
通过ListAuthPolicy接口查询服务鉴权规则列表。 |
|
mse:ListAutoDeployAvailableVsws |
- |
|
mse:ListAutoDeployAvailableZones |
- |
|
mse:ListBackupTasks |
- |
|
mse:ListBackups |
- |
|
mse:ListCircuitBreakerRules |
获取熔断规则列表。 |
|
mse:ListClusterConnectionTypes |
查询支持的集群连接类型。 |
|
mse:ListClusterSelection |
- |
|
mse:ListClusterTypes |
查询支持开通的引擎类型。 |
|
mse:ListClusterVersions |
查询支持的集群版本信息。 |
|
mse:ListCommunites |
- |
|
mse:ListCsKubernetesClusters |
- |
|
mse:ListCsSecurityGroup |
- |
|
mse:ListDefaultCircuitBreakerRules |
- |
|
mse:ListEurekaInstances |
查询Eureka实例列表。 |
|
mse:ListEventOfReource |
- |
|
mse:ListEventRecords |
- |
|
mse:ListEventsByType |
- |
|
mse:ListEventsPageByType |
- |
|
mse:ListFcServiceAliases |
- |
|
mse:ListFcServiceVersions |
- |
|
mse:ListFcServices |
- |
|
mse:ListFlowRules |
获取流控规则列表。 |
|
mse:ListGatewayDomainSSL |
- |
|
mse:ListGatewayIngressMigrateTask |
- |
|
mse:ListGatewayZone |
获取网关可用区列表。 |
|
mse:ListHotParamRules |
- |
|
mse:ListInstanceCount |
列举集群可开通的节点数。 |
|
mse:ListInstances |
- |
|
mse:ListIpOrHosts |
- |
|
mse:ListIsolationRules |
查询隔离规则。 |
|
mse:ListKubernetesNamespace |
- |
|
mse:ListLogSpanServices |
- |
|
mse:ListMethods |
- |
|
mse:ListMigrationTask |
调用接口查询迁移上云任务。 |
|
mse:ListMscEventRecords |
- |
|
mse:ListNacosDatasourceResourceChangeEvent |
- |
|
mse:ListNamespaces |
展示命名空间列表,同时可以展示出每个命名空间下的在线节点数和总应用数。此外,该接口也可以按照命名空间名称进行模糊查询。 |
|
mse:ListOutlierPolicy |
- |
|
mse:ListProtectedAppResourceWithMetrics |
- |
|
mse:ListResourceWhiteListConfigs |
- |
|
mse:ListResources |
- |
|
mse:ListSentinelBlockFallbackDefinitions |
获取流量防护自定义行为。 |
|
mse:ListServiceQuotas |
- |
|
mse:ListSpanNames |
- |
|
mse:ListSwimPathPercent |
- |
|
mse:ListTaskBackups |
- |
|
mse:ListUpgradableGatewayVersions |
- |
|
mse:ListUserK8sByVpc |
- |
|
mse:ListWebFlowRules |
查询热点参数防护规则(HTTP 请求)。 |
|
mse:ModifyAdaptiveOverloadProtectionConfig |
- |
|
mse:ModifyLosslessRule |
修改用户无损上下线配置。 |
|
mse:ModifyNamespace |
- |
|
mse:ModifyServiceQuota |
- |
|
mse:OnAhas |
- |
|
mse:OpenXTraceService |
- |
|
mse:ProcessMessage |
- |
|
mse:QueryAhasUserStatus |
- |
|
mse:QueryAllSwimmingLane |
获取所有泳道信息 |
|
mse:QueryAllSwimmingLaneGroup |
用于查询所有泳道组。 |
|
mse:QueryAppDataSourceList |
- |
|
mse:QueryAppListMetrics |
- |
|
mse:QueryAppMethodMetrics |
- |
|
mse:QueryAppMethodMetricsWithSentinel |
- |
|
mse:QueryAppRPCMacMetrics |
- |
|
mse:QueryAppResourceMetrics |
- |
|
mse:QueryAppResourceMetricsByInstance |
- |
|
mse:QueryAppSummaryMetricsOverview |
- |
|
mse:QueryAppSummaryMetricsOverviewWithSentinel |
- |
|
mse:QueryAppSystemMetricsOfGroup |
- |
|
mse:QueryAppSystemMetricsOfGroupByInstance |
- |
|
mse:QueryAppTopNMacs |
- |
|
mse:QueryBusinessLocations |
查询地域信息。 |
|
mse:QueryClusterDiskSpecification |
查询支持的集群磁盘规格信息。 |
|
mse:QueryClusterSpecification |
查询支持的集群规格列表。 |
|
mse:QueryClustersWithLabel |
- |
|
mse:QueryDatabaseRoute |
- |
|
mse:QueryEmptyPushSetting |
- |
|
mse:QueryEventOverview |
- |
|
mse:QueryGatewayRegion |
查询网关支持的地域。 |
|
mse:QueryGatewayTask |
- |
|
mse:QueryGatewayType |
查询网关可用类型。 |
|
mse:QueryGatewaysWithLabel |
- |
|
mse:QueryGovernanceKubernetesCluster |
获取微服务治理K8s集群信息列表。 |
|
mse:QueryMetricsAveragedByInstance |
- |
|
mse:QueryMseHomeDetail |
- |
|
mse:QueryNacosAi |
- |
|
mse:QueryNacosConfig |
- |
|
mse:QueryNacosGrayConfig |
- |
|
mse:QueryNacosNaming |
- |
|
mse:QueryNamespace |
查询MSE命名空间。 |
|
mse:QueryQuickStartStatus |
- |
|
mse:QueryResourceTopN |
- |
|
mse:QuerySentinelBlockFallbackDefinition |
- |
|
mse:QueryServiceAppId |
- |
|
mse:QueryServiceDetailWithMetrics |
- |
|
mse:QueryServiceMethodConsumerPageWithMetrics |
- |
|
mse:QueryServiceTimeConfig |
- |
|
mse:QuerySlbSpec |
查询SLB类型。 |
|
mse:QuerySwimmingLaneById |
用于通过泳道ID查询泳道信息。 |
|
mse:QueryUserKmsType |
- |
|
mse:RemoveApplication |
删除单个应用。 |
|
mse:RemoveApplications |
- |
|
mse:RemoveAuthPolicy |
通过RemoveAuthPolicy接口删除服务鉴权规则。 |
|
mse:RemoveOutlierPolicy |
- |
|
mse:RemoveRoutePolicy |
- |
|
mse:ReportMetadata |
- |
|
mse:ReportOnePilotInfo |
- |
|
mse:RevertApplicationRoutePolicy |
- |
|
mse:RevertBackup |
- |
|
mse:RunApiTest |
- |
|
mse:RunServiceTest |
- |
|
mse:SearchTraces |
- |
|
mse:TestService |
- |
|
mse:UnbindSentinelBlockFallbackDefinition |
- |
|
mse:UpdateAppLogConfig |
- |
|
mse:UpdateAuthPolicy |
通过UpdateAuthPolicy接口更新服务鉴权规则。 |
|
mse:UpdateBackupTask |
- |
|
mse:UpdateCircuitBreakerRule |
更新熔断规则。 |
|
mse:UpdateCircuitBreakerRulesStatus |
- |
|
mse:UpdateCustomPlugin |
- |
|
mse:UpdateDataSourceConfig |
- |
|
mse:UpdateDatabaseRoute |
- |
|
mse:UpdateDefaultCircuitBreakerRule |
- |
|
mse:UpdateFlowRule |
更新流控规则。 |
|
mse:UpdateFlowRulesStatus |
- |
|
mse:UpdateGatewayIngressMigrateTask |
- |
|
mse:UpdateGatewayIngressMigrateTaskStatus |
- |
|
mse:UpdateGatewayServicePort |
- |
|
mse:UpdateGovernanceServiceSubscribe |
- |
|
mse:UpdateHotParamRule |
- |
|
mse:UpdateHotParamRulesStatus |
- |
|
mse:UpdateInstanceRegisterStatus |
- |
|
mse:UpdateIsolationRule |
更新隔离规则。 |
|
mse:UpdateIsolationRulesStatus |
- |
|
mse:UpdateLocalityRule |
更新同可用区优先路由规则 |
|
mse:UpdateLogConfig |
- |
|
mse:UpdateMessageQueueRoute |
更新应用消息灰度的配置。 |
|
mse:UpdateMigrationTask |
调用接口更新迁移上云任务。 |
|
mse:UpdateNacosAi |
- |
|
mse:UpdateNacosDatasourceResource |
- |
|
mse:UpdateNacosNaming |
- |
|
mse:UpdateOutlierConfig |
- |
|
mse:UpdateQuickStartStatus |
- |
|
mse:UpdateRateLimit |
- |
|
mse:UpdateResourceWhiteListConfig |
- |
|
mse:UpdateSentinelBlockFallbackDefinition |
- |
|
mse:UpdateUpstreamGroupOfSingleService |
- |
|
mse:UpdateWebFlowRule |
更新热点参数防护规则(HTTP 请求)。 |
|
mse:UpdateWebFlowRulesStatus |
- |
|
mse:UpdateWhiteScreenRule |
- |
|
mse:listGrayTag |
- |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "mse:CheckServiceLinkRole", "mse:GetAccountMockRule", "mse:GetApiTestHistory", "mse:GetAppMessageQueueRoute", "mse:GetApplicationDetail", "mse:GetApplicationInstanceList", "mse:GetApplicationInstancesWithMetircs", "mse:GetApplicationList", "mse:GetApplicationListWithMetircs", "mse:GetApplicationTagList", "mse:GetArmsAlarms", "mse:GetAuthPolicyInfo", "mse:GetCanaryStatus", "mse:GetConfig", "mse:GetDubboServicePageWithMetrics", "mse:GetDubboTestMethod", "mse:GetEventDetail", "mse:GetEventFilterOptions", "mse:GetFaultInjectionRule", "mse:GetGatewayAlarms", "mse:GetGatewayIngressMigrateTaskDetail", "mse:GetGatewayMigrateNamespacedServices", "mse:GetGatewayNotice", "mse:GetGatewaySelection", "mse:GetGovernanceKubernetesClusterList", "mse:GetGraySwimmingLaneGroupInfo", "mse:GetHistorys", "mse:GetImage", "mse:GetLicenseKey", "mse:GetLocalityDistributionMetrics", "mse:GetLocalityRule", "mse:GetLosslessRuleByApp", "mse:GetMockRuleByConsumerAppId", "mse:GetMockRuleById", "mse:GetMockRuleByProviderAppId", "mse:GetMseFeatureSwitch", "mse:GetNacosDatasourceResource", "mse:GetNetworkInfo", "mse:GetOutlierApplicationList", "mse:GetOutlierPolicyInfo", "mse:GetOverview", "mse:GetPluginGuide", "mse:GetRegExpCheck", "mse:GetRegExpTest", "mse:GetResourcePackageStatus", "mse:GetResourcePackageStatusWithVersion", "mse:GetRetryRule", "mse:GetRoutePolicy", "mse:GetServiceConsumersPage", "mse:GetServiceDetail", "mse:GetServiceList", "mse:GetServiceListPage", "mse:GetServiceMethodPage", "mse:GetServiceMethodPageWithMetrics", "mse:GetServiceProvidersPage", "mse:GetSpringCloudTestMethod", "mse:GetTagKey", "mse:GetTagVal", "mse:GetTagsBySwimmingLaneGroupId", "mse:GetTimeoutRule", "mse:GetTrace", "mse:GetUpstreamGroupOfSingleService", "mse:GetUserStatus", "mse:ListAdaptiveOverloadProtectionConfig", "mse:ListAppBySwimmingLaneGroupTag", "mse:ListAppBySwimmingLaneGroupTags", "mse:ListAppResource", "mse:ListAppResourceWithMetrics", "mse:ListApplicationTagInstancese", "mse:ListApplicationsWithTagRules", "mse:ListAuthPolicy", "mse:ListAutoDeployAvailableVsws", "mse:ListAutoDeployAvailableZones", "mse:ListBackupTasks", "mse:ListBackups", "mse:ListCircuitBreakerRules", "mse:ListClusterConnectionTypes", "mse:ListClusterSelection", "mse:ListClusterTypes", "mse:ListClusterVersions", "mse:ListCommunites", "mse:ListCsKubernetesClusters", "mse:ListCsSecurityGroup", "mse:ListDefaultCircuitBreakerRules", "mse:ListEurekaInstances", "mse:ListEventOfReource", "mse:ListEventRecords", "mse:ListEventsByType", "mse:ListEventsPageByType", "mse:ListFcServiceAliases", "mse:ListFcServiceVersions", "mse:ListFcServices", "mse:ListFlowRules", "mse:ListGatewayDomainSSL", "mse:ListGatewayIngressMigrateTask", "mse:ListGatewayZone", "mse:ListHotParamRules", "mse:ListInstanceCount", "mse:ListInstances", "mse:ListIpOrHosts", "mse:ListIsolationRules", "mse:ListKubernetesNamespace", "mse:ListLogSpanServices", "mse:ListMethods", "mse:ListMigrationTask", "mse:ListMscEventRecords", "mse:ListNacosDatasourceResourceChangeEvent", "mse:ListNamespaces", "mse:ListOutlierPolicy", "mse:ListProtectedAppResourceWithMetrics", "mse:ListResourceWhiteListConfigs", "mse:ListResources", "mse:ListSentinelBlockFallbackDefinitions", "mse:ListServiceQuotas", "mse:ListSpanNames", "mse:ListSwimPathPercent", "mse:ListTaskBackups", "mse:ListUpgradableGatewayVersions", "mse:ListUserK8sByVpc", "mse:ListWebFlowRules", "mse:QueryAhasUserStatus", "mse:QueryAllSwimmingLane", "mse:QueryAllSwimmingLaneGroup", "mse:QueryAppDataSourceList", "mse:QueryAppListMetrics", "mse:QueryAppMethodMetrics", "mse:QueryAppMethodMetricsWithSentinel", "mse:QueryAppRPCMacMetrics", "mse:QueryAppResourceMetrics", "mse:QueryAppResourceMetricsByInstance", "mse:QueryAppSummaryMetricsOverview", "mse:QueryAppSummaryMetricsOverviewWithSentinel", "mse:QueryAppSystemMetricsOfGroup", "mse:QueryAppSystemMetricsOfGroupByInstance", "mse:QueryAppTopNMacs", "mse:QueryBusinessLocations", "mse:QueryClusterDiskSpecification", "mse:QueryClusterSpecification", "mse:QueryClustersWithLabel", "mse:QueryDatabaseRoute", "mse:QueryEmptyPushSetting", "mse:QueryEventOverview", "mse:QueryGatewayRegion", "mse:QueryGatewayTask", "mse:QueryGatewayType", "mse:QueryGatewaysWithLabel", "mse:QueryGovernanceKubernetesCluster", "mse:QueryMetricsAveragedByInstance", "mse:QueryMseHomeDetail", "mse:QueryNacosAi", "mse:QueryNacosConfig", "mse:QueryNacosGrayConfig", "mse:QueryNacosNaming", "mse:QueryNamespace", "mse:QueryQuickStartStatus", "mse:QueryResourceTopN", "mse:QuerySentinelBlockFallbackDefinition", "mse:QueryServiceAppId", "mse:QueryServiceDetailWithMetrics", "mse:QueryServiceMethodConsumerPageWithMetrics", "mse:QueryServiceTimeConfig", "mse:QuerySlbSpec", "mse:QuerySwimmingLaneById", "mse:QueryUserKmsType" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "mse:AddAuthPolicy", "mse:AddCustomPlugin", "mse:AddGatewayOrder", "mse:AddGatewayRetry", "mse:AddGatewayService", "mse:AddLoadBalancePolicy", "mse:AddMigrationTask", "mse:AddMockRule", "mse:AddRateLimit", "mse:AddRoutePolicy", "mse:AddServiceTimeConfig", "mse:AddWhiteScreenRule", "mse:ApplyCanaryPolicy", "mse:ApplyGlobalReadWriteSplitRule", "mse:ApplyReadWriteSplitRule", "mse:ApplyTagPolicies", "mse:BatchUpdateRulesEnable", "mse:BindSentinelBlockFallbackDefinition", "mse:BindSentinelBlockFallbackDefinitionBatch", "mse:ChangeOperateTaskTime", "mse:CheckAuthPolicyName", "mse:CheckCanaryPolicy", "mse:CheckCsRole", "mse:CheckEciRole", "mse:CheckGatewayIngressMigrateTask", "mse:CheckKmsStatus", "mse:CheckMigrationServiceAnnotation", "mse:CheckRole", "mse:CheckServiceLinkRole", "mse:CheckUserReadinessConfig", "mse:CheckXTraceServiceStatus", "mse:CloneSentinelRuleFromAhas", "mse:ConvertSwaggerToMcpConfig", "mse:CreateApplication", "mse:CreateCircuitBreakerRule", "mse:CreateDemoToUserCluster", "mse:CreateFlowRule", "mse:CreateGovernanceKubernetesCluster", "mse:CreateGovernanceService", "mse:CreateHotParamRule", "mse:CreateIsolationRule", "mse:CreateLicenseKey", "mse:CreateMseServiceApplication", "mse:CreateNamespace", "mse:CreateOrUpdateEmptyPushSetting", "mse:CreateOrUpdateSwimmingLane", "mse:CreateOrUpdateSwimmingLaneGroup", "mse:CreateOutlierConfig", "mse:CreateSentinelBlockFallbackDefinition", "mse:CreateWebFlowRule", "mse:DeleteBackupTask", "mse:DeleteCircuitBreakerRules", "mse:DeleteCustomPlugin", "mse:DeleteFaultInjectionRule", "mse:DeleteFlowRules", "mse:DeleteGatewayCircuitBreakerRule", "mse:DeleteGatewayIngressMigrateTask", "mse:DeleteGatewayIsolationRule", "mse:DeleteGovernanceKubernetesCluster", "mse:DeleteHotParamRules", "mse:DeleteIsolationRules", "mse:DeleteMigrationTask", "mse:DeleteNacosDatasourceResource", "mse:DeleteNamespace", "mse:DeleteRateLimit", "mse:DeleteRetryRule", "mse:DeleteSSLCert", "mse:DeleteSentinelBlockFallbackDefinition", "mse:DeleteServiceTimeConfig", "mse:DeleteSwimmingLane", "mse:DeleteSwimmingLaneGroup", "mse:DeleteTimeoutRule", "mse:DeleteTrace", "mse:DeleteUpstreamGroupOfSingleService", "mse:DeleteWebFlowRules", "mse:DeleteWhiteScreenRule", "mse:DescribeAppAgentStatus", "mse:DescribeScenarioRecordsForAhas", "mse:FallbackGateway", "mse:FetchAppLogConfig", "mse:FetchDataSourceConfig", "mse:FetchGlobalReadWriteSplitRules", "mse:FetchLogConfig", "mse:FetchLosslessRuleList", "mse:FetchReadWriteSplitRules", "mse:FetchRoutePolicyList", "mse:FixGateway", "mse:GatewayAdmin", "mse:GetAccountMockRule", "mse:GetApiTestHistory", "mse:GetAppMessageQueueRoute", "mse:GetApplicationDetail", "mse:GetApplicationInstanceList", "mse:GetApplicationInstancesWithMetircs", "mse:GetApplicationList", "mse:GetApplicationListWithMetircs", "mse:GetApplicationTagList", "mse:GetArmsAlarms", "mse:GetAuthPolicyInfo", "mse:GetCanaryStatus", "mse:GetConfig", "mse:GetDubboServicePageWithMetrics", "mse:GetDubboTestMethod", "mse:GetEventDetail", "mse:GetEventFilterOptions", "mse:GetFaultInjectionRule", "mse:GetGatewayAlarms", "mse:GetGatewayIngressMigrateTaskDetail", "mse:GetGatewayMigrateNamespacedServices", "mse:GetGatewayNotice", "mse:GetGatewaySelection", "mse:GetGovernanceKubernetesClusterList", "mse:GetGraySwimmingLaneGroupInfo", "mse:GetHistorys", "mse:GetImage", "mse:GetLicenseKey", "mse:GetLocalityDistributionMetrics", "mse:GetLocalityRule", "mse:GetLosslessRuleByApp", "mse:GetMockRuleByConsumerAppId", "mse:GetMockRuleById", "mse:GetMockRuleByProviderAppId", "mse:GetMseFeatureSwitch", "mse:GetNacosDatasourceResource", "mse:GetNetworkInfo", "mse:GetOutlierApplicationList", "mse:GetOutlierPolicyInfo", "mse:GetOverview", "mse:GetPluginGuide", "mse:GetRegExpCheck", "mse:GetRegExpTest", "mse:GetResourcePackageStatus", "mse:GetResourcePackageStatusWithVersion", "mse:GetRetryRule", "mse:GetRoutePolicy", "mse:GetServiceConsumersPage", "mse:GetServiceDetail", "mse:GetServiceList", "mse:GetServiceListPage", "mse:GetServiceMethodPage", "mse:GetServiceMethodPageWithMetrics", "mse:GetServiceProvidersPage", "mse:GetSpringCloudTestMethod", "mse:GetTagKey", "mse:GetTagVal", "mse:GetTagsBySwimmingLaneGroupId", "mse:GetTimeoutRule", "mse:GetTrace", "mse:GetUpstreamGroupOfSingleService", "mse:GetUserStatus", "mse:ImportMcpConfigFromSwagger", "mse:InitializeServiceLinkRole", "mse:InvokeDubboTestMethod", "mse:InvokeIstioTestMethod", "mse:InvokeSpringCloudTestMethod", "mse:ListAdaptiveOverloadProtectionConfig", "mse:ListAppBySwimmingLaneGroupTag", "mse:ListAppBySwimmingLaneGroupTags", "mse:ListAppResource", "mse:ListAppResourceWithMetrics", "mse:ListApplicationTagInstancese", "mse:ListApplicationsWithTagRules", "mse:ListAuthPolicy", "mse:ListAutoDeployAvailableVsws", "mse:ListAutoDeployAvailableZones", "mse:ListBackupTasks", "mse:ListBackups", "mse:ListCircuitBreakerRules", "mse:ListClusterConnectionTypes", "mse:ListClusterSelection", "mse:ListClusterTypes", "mse:ListClusterVersions", "mse:ListCommunites", "mse:ListCsKubernetesClusters", "mse:ListCsSecurityGroup", "mse:ListDefaultCircuitBreakerRules", "mse:ListEurekaInstances", "mse:ListEventOfReource", "mse:ListEventRecords", "mse:ListEventsByType", "mse:ListEventsPageByType", "mse:ListFcServiceAliases", "mse:ListFcServiceVersions", "mse:ListFcServices", "mse:ListFlowRules", "mse:ListGatewayDomainSSL", "mse:ListGatewayIngressMigrateTask", "mse:ListGatewayZone", "mse:ListHotParamRules", "mse:ListInstanceCount", "mse:ListInstances", "mse:ListIpOrHosts", "mse:ListIsolationRules", "mse:ListKubernetesNamespace", "mse:ListLogSpanServices", "mse:ListMethods", "mse:ListMigrationTask", "mse:ListMscEventRecords", "mse:ListNacosDatasourceResourceChangeEvent", "mse:ListNamespaces", "mse:ListOutlierPolicy", "mse:ListProtectedAppResourceWithMetrics", "mse:ListResourceWhiteListConfigs", "mse:ListResources", "mse:ListSentinelBlockFallbackDefinitions", "mse:ListServiceQuotas", "mse:ListSpanNames", "mse:ListSwimPathPercent", "mse:ListTaskBackups", "mse:ListUpgradableGatewayVersions", "mse:ListUserK8sByVpc", "mse:ListWebFlowRules", "mse:ModifyAdaptiveOverloadProtectionConfig", "mse:ModifyLosslessRule", "mse:ModifyNamespace", "mse:ModifyServiceQuota", "mse:OnAhas", "mse:OpenXTraceService", "mse:ProcessMessage", "mse:QueryAhasUserStatus", "mse:QueryAllSwimmingLane", "mse:QueryAllSwimmingLaneGroup", "mse:QueryAppDataSourceList", "mse:QueryAppListMetrics", "mse:QueryAppMethodMetrics", "mse:QueryAppMethodMetricsWithSentinel", "mse:QueryAppRPCMacMetrics", "mse:QueryAppResourceMetrics", "mse:QueryAppResourceMetricsByInstance", "mse:QueryAppSummaryMetricsOverview", "mse:QueryAppSummaryMetricsOverviewWithSentinel", "mse:QueryAppSystemMetricsOfGroup", "mse:QueryAppSystemMetricsOfGroupByInstance", "mse:QueryAppTopNMacs", "mse:QueryBusinessLocations", "mse:QueryClusterDiskSpecification", "mse:QueryClusterSpecification", "mse:QueryClustersWithLabel", "mse:QueryDatabaseRoute", "mse:QueryEmptyPushSetting", "mse:QueryEventOverview", "mse:QueryGatewayRegion", "mse:QueryGatewayTask", "mse:QueryGatewayType", "mse:QueryGatewaysWithLabel", "mse:QueryGovernanceKubernetesCluster", "mse:QueryMetricsAveragedByInstance", "mse:QueryMseHomeDetail", "mse:QueryNacosAi", "mse:QueryNacosConfig", "mse:QueryNacosGrayConfig", "mse:QueryNacosNaming", "mse:QueryNamespace", "mse:QueryQuickStartStatus", "mse:QueryResourceTopN", "mse:QuerySentinelBlockFallbackDefinition", "mse:QueryServiceAppId", "mse:QueryServiceDetailWithMetrics", "mse:QueryServiceMethodConsumerPageWithMetrics", "mse:QueryServiceTimeConfig", "mse:QuerySlbSpec", "mse:QuerySwimmingLaneById", "mse:QueryUserKmsType", "mse:RemoveApplication", "mse:RemoveApplications", "mse:RemoveAuthPolicy", "mse:RemoveOutlierPolicy", "mse:RemoveRoutePolicy", "mse:ReportMetadata", "mse:ReportOnePilotInfo", "mse:RevertApplicationRoutePolicy", "mse:RevertBackup", "mse:RunApiTest", "mse:RunServiceTest", "mse:SearchTraces", "mse:TestService", "mse:UnbindSentinelBlockFallbackDefinition", "mse:UpdateAppLogConfig", "mse:UpdateAuthPolicy", "mse:UpdateBackupTask", "mse:UpdateCircuitBreakerRule", "mse:UpdateCircuitBreakerRulesStatus", "mse:UpdateCustomPlugin", "mse:UpdateDataSourceConfig", "mse:UpdateDatabaseRoute", "mse:UpdateDefaultCircuitBreakerRule", "mse:UpdateFlowRule", "mse:UpdateFlowRulesStatus", "mse:UpdateGatewayIngressMigrateTask", "mse:UpdateGatewayIngressMigrateTaskStatus", "mse:UpdateGatewayServicePort", "mse:UpdateGovernanceServiceSubscribe", "mse:UpdateHotParamRule", "mse:UpdateHotParamRulesStatus", "mse:UpdateInstanceRegisterStatus", "mse:UpdateIsolationRule", "mse:UpdateIsolationRulesStatus", "mse:UpdateLocalityRule", "mse:UpdateLogConfig", "mse:UpdateMessageQueueRoute", "mse:UpdateMigrationTask", "mse:UpdateNacosAi", "mse:UpdateNacosDatasourceResource", "mse:UpdateNacosNaming", "mse:UpdateOutlierConfig", "mse:UpdateQuickStartStatus", "mse:UpdateRateLimit", "mse:UpdateResourceWhiteListConfig", "mse:UpdateSentinelBlockFallbackDefinition", "mse:UpdateUpstreamGroupOfSingleService", "mse:UpdateWebFlowRule", "mse:UpdateWebFlowRulesStatus", "mse:UpdateWhiteScreenRule", "mse:listGrayTag" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。