AI 助理
备案控制台
文档
输入文档关键字查找
首页 访问控制 开发参考 系统策略参考 AliyunGovernanceReadOnlyAccess

AliyunGovernanceReadOnlyAccess

更新时间:
产品详情
我的收藏

AliyunGovernanceReadOnlyAccess 是阿里云管理的产品系统策略,您可以将 AliyunGovernanceReadOnlyAccess 授权给 RAM 身份(RAM 用户、RAM 用户组和 RAM 角色),本策略定义了只读管理云治理中心(Governance)的权限。

策略详情

  • 类型:系统策略

  • 创建时间:2021-07-08 09:30:13

  • 更新时间:2023-08-08 06:17:12

  • 当前版本:v9

策略内容

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "governance:List*",
        "governance:Get*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "resourcemanager:GetResourceDirectory",
        "resourcemanager:ListResources",
        "resourcemanager:ListFoldersForParent",
        "resourcemanager:GetAccount",
        "resourcemanager:GetPayerForAccount",
        "resourcemanager:GetFolder",
        "resourcemanager:ListAccountRecordsForParent",
        "resourcemanager:ListChildrenForParent",
        "resourcemanager:ListAccounts",
        "resourcemanager:ListAccountsForParent",
        "resourcemanager:ListAncestors",
        "resourcemanager:ListDelegatedAdministrators"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:GetAccountSummary",
        "ram:ListSAMLProviders"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "config:DescribeDeliveryChannels",
        "config:GetAggregateConfigRuleComplianceByPack",
        "config:ListSupportedProducts",
        "config:ListAggregateConfigRuleEvaluationResults",
        "config:ListCompliancePackTemplates",
        "config:GetManagedRule",
        "config:GetConfigRule",
        "config:ListAggregators",
        "config:DescribeConfigurationRecorder",
        "config:GetAggregateDiscoveredResource",
        "config:ListAggregateResourceEvaluationResults",
        "config:ListAggregateConfigDeliveryChannels",
        "actiontrail:DescribeTrails",
        "config:GetAggregateResourceComplianceByConfigRule"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudsso:GetServiceStatus",
        "cloudsso:ListDirectories",
        "cloudsso:GetExternalSAMLIdentityProvider",
        "cloudsso:GetDirectorySAMLServiceProviderInfo",
        "cloudsso:GetMFAAuthenticationStatus"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cen:ListTransitRouterAvailableResource"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "ram:ListPolicies",
      "Resource": "acs:ram:*:system:policy/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ecs:DescribeImages",
        "ecs:DescribeImageSharePermission",
        "ecs:DescribeRegions"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "log:ListProject",
      "Resource": "acs:log:*:*:project/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "quotas:GetProductQuota"
      ],
      "Resource": "*"
    }
  ],
  "Version": "1"
}

相关文档

上一篇:AliyunGlobalAccelerationReadOnlyAccess下一篇:AliyunGovernanceLogArchiveRolePolicy
文档推荐