AliyunServiceRolePolicyForDataWorksAccessDLF 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForDataWorksAccessDLF 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2026-02-26 13:29:28
更新时间:2026-02-26 09:46:09
当前版本:v7
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"dlf:GetCatalog",
"dlf:GetDatabase",
"dlf:GetFunction",
"dlf:GetTable",
"dlf:GetRole",
"dlf:ListCatalogs",
"dlf:ListDatabases",
"dlf:ListFunctionNames",
"dlf:ListFunctions",
"dlf:ListTableNames",
"dlf:ListTables",
"dlf:ListRoles",
"dlf:ListRoleUsers",
"dlf:CheckPermissions",
"dlf:BatchGrantPermissions",
"dlf:BatchRevokePermissions",
"dlf:GrantPermissions",
"dlf:RevokePermissions",
"dlf:UpdatePermissions",
"dlf:ListPermissions",
"dlf-dss:GetCatalog",
"dlf-dss:GetDatabase",
"dlf-dss:GetFunction",
"dlf-dss:GetTable",
"dlf-dss:ListCatalogs",
"dlf-dss:ListDatabases",
"dlf-dss:ListFunctionNames",
"dlf-dss:ListFunctions",
"dlf-dss:ListTableNames",
"dlf-dss:ListTables",
"dlf-dss:ListRoleUsers",
"dlf-dss:ListRoles",
"dlf-dss:CheckPermissions",
"dlf-dss:GrantPermissions",
"dlf-dss:RevokePermissions",
"dlf-dss:UpdatePermissions",
"dlf-dss:ListPermissions",
"dlf-dss:BatchGrantPermissions",
"dlf-dss:BatchRevokePermissions",
"dlf-dss:CreateTable",
"dlf-dss:AlterTable",
"dlf-dss:DropTable",
"dlf-dss:DescribeTable",
"dlf-dss:SelectTable",
"dlf-dss:UpdateTable",
"dlf-dss:DescribeDatabase",
"dlf-dss:CreateDatabase",
"dlf-dss:AlterDatabase",
"dlf-dss:DropDatabase",
"dlf-dss:DescribeFunction",
"dlf-dss:AlterFunction",
"dlf-dss:CreateFunction",
"dlf-dss:DropFunction",
"dlf-dss:ExecuteFunction",
"dlf-auth:ActOnBehalfOfAnotherUser",
"dlf:GetRegionStatus"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "dlf.dataworks.aliyuncs.com"
}
}
}
]
}相关文档
该文章对您有帮助吗?