AI 助理
备案控制台
官方文档
输入文档关键字查找
首页 访问控制 开发参考 系统策略参考 AliyunCSManagedCsiProvisionerRolePolicy

AliyunCSManagedCsiProvisionerRolePolicy

更新时间:
产品详情
我的收藏

AliyunCSManagedCsiProvisionerRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。

策略详情

  • 类型:系统策略

  • 创建时间:2024-06-04 16:25:39

  • 更新时间:2025-09-10 07:03:04

  • 当前版本:v3

策略内容

{
	"Version": "1",
	"Statement": [{
			"Action": [
				"ecs:AttachDisk",
				"ecs:DetachDisk",
				"ecs:DescribeDisks",
				"ecs:CreateDisk",
				"ecs:ResizeDisk",
				"ecs:CreateSnapshot",
				"ecs:DeleteSnapshot",
				"ecs:AddTags",
				"ecs:RemoveTags",
				"ecs:DescribeTags",
				"ecs:DescribeSnapshots",
				"ecs:ListTagResources",
				"ecs:TagResources",
				"ecs:UntagResources",
				"ecs:ModifyDiskSpec",
				"ecs:CreateSnapshot",
				"ecs:DescribeSnapshotGroups",
				"ecs:CreateSnapshotGroup",
				"ecs:DeleteSnapshotGroup",
				"ecs:DeleteDisk",
				"ecs:DescribeInstanceAttribute",
				"ecs:DescribeInstanceHistoryEvents",
				"ecs:DescribeTaskAttribute",
				"ecs:DescribeInstances"
			],
			"Resource": [
				"*"
			],
			"Effect": "Allow"
		},
		{
			"Action": [
				"nas:DescribeFileSystems",
				"nas:DescribeMountTargets",
				"nas:AddTags",
				"nas:DescribeTags",
				"nas:RemoveTags",
				"nas:CreateFileSystem",
				"nas:DeleteFileSystem",
				"nas:ModifyFileSystem",
				"nas:CreateMountTarget",
				"nas:DeleteMountTarget",
				"nas:ModifyMountTarget",
				"nas:TagResources",
				"nas:SetDirQuota",
				"nas:EnableRecycleBin",
				"nas:GetRecycleBinAttribute",
				"nas:DescribeProtocolMountTarget",
				"nas:CancelDirQuota",
				"nas:DescribeDirQuotas",
				"nas:CreateDir",
				"nas:GetRecycleBinAttribute",
				"nas:DescribeAccessPoint",
				"nas:CreateAccessPoint",
				"nas:AttachVscToFilesystems",
				"nas:DetachVscFromFilesystems",
				"nas:DescribeFilesystemsVscAttachInfo",
				"nas:DescribeAccessPoints"
			],
			"Resource": [
				"*"
			],
			"Effect": "Allow"
		},
		{
			"Action": [
				"cs:CreateResourcesSystemTags",
				"cs:DescribeTemplateAttribute",
				"cs:DescribeTemplates"
			],
			"Resource": [
				"*"
			],
			"Effect": "Allow"
		},
		{
			"Effect": "Allow",
			"Action": [
				"eflo:CreateVsc",
				"eflo:DescribeVsc",
				"eflo:ListVscs"
			],
			"Resource": "*"
		},
		{
			"Action": [
				"ens:DescribeInstances",
				"ens:DescribeDisks",
				"ens:ModifyDiskAttribute",
				"ens:CreateDisk",
				"ens:DetachDisk",
				"ens:AttachDisk",
				"ens:DeleteDisk"
			],
			"Resource": [
				"*"
			],
			"Effect": "Allow"
		},
		{
			"Effect": "Allow",
			"Action": [
				"oss:PutObject",
				"oss:IsObjectExist",
				"oss:ListObjects",
				"oss:GetObject",
				"oss:DeleteObject",
				"oss:GetBucket"
			],
			"Resource": "acs:oss:*:*:cnfs-oss*"
		}
	]
}

相关文档

上一篇:AliyunCSManagedCsiPluginRolePolicy下一篇:AliyunCSManagedCsiRolePolicy