AliyunServiceRolePolicyForDianJinAccessingPai 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForDianJinAccessingPai 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-07-03 16:28:57
更新时间:2025-07-03 16:28:57
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"pai:GetResourceGroup",
"pai:GetResourceGroupMachineGroup",
"pai:CreateQuota",
"pai:CreateResourceGroup",
"pai:DeleteQuota",
"pai:DeleteResourceGroup",
"pai:GetQuota",
"pai:ListQuotas",
"pai:UpdateResourceGroup",
"pai:ListResourceGroupMachineGroups",
"pai:ListResourceGroups",
"pai:AdministratePAI"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"paiworkspace:ListPermissions",
"paiworkspace:DeleteWorkspaceResource",
"paiworkspace:UpdateWorkspaceResource",
"paiworkspace:ListResources",
"paiworkspace:CreateWorkspaceResource",
"paiworkspace:AddMemberRole",
"paiworkspace:RemoveMemberRole",
"paiworkspace:DeleteMembers",
"paiworkspace:GetMember",
"paiworkspace:ListMembers",
"paiworkspace:CreateMember",
"paiworkspace:UpdateConfigs",
"paiworkspace:GetConfig",
"paiworkspace:ListConfigs",
"paiworkspace:DeleteConfig",
"paiworkspace:UpdateConfig",
"paiworkspace:ListWorkspaces",
"paiworkspace:CreateWorkspace",
"paiworkspace:GetWorkspace",
"paiworkspace:DeleteWorkspace",
"paiworkspace:UpdateWorkspace",
"paiworkspace:GetDefaultWorkspace",
"paiworkspace:UpdateDefaultWorkspace",
"paiworkspace:ListWorkspaceUsers"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"paidlc:GenerateJobScript",
"paidlc:GetJob",
"paidlc:GetJobEvents",
"paidlc:GetJobMetrics",
"paidlc:GetJobPagedEvents",
"paidlc:GetJobPagedLogs",
"paidlc:GetJobSanityCheckResult",
"paidlc:GetJobsStatistics",
"paidlc:GetPodContextEvents",
"paidlc:GetPodContextLogs",
"paidlc:GetPodEvents",
"paidlc:GetPodLogs",
"paidlc:GetPodPagedEvents",
"paidlc:GetPodPagedLogs",
"paidlc:GetTensorboard",
"paidlc:GetToken",
"paidlc:GetWebTerminal",
"paidlc:ListJobRetries",
"paidlc:ListJobs",
"paidlc:ListTensorboards",
"paidlc:CreateJob",
"paidlc:CreateTensorboard",
"paidlc:DeleteJob",
"paidlc:DeleteTensorboard",
"paidlc:GetMetrics",
"paidlc:ListJobPods",
"paidlc:StartTensorboard",
"paidlc:StopJob",
"paidlc:StopTensorboard",
"paidlc:UpdateJob",
"paidlc:UpdateTensorboard"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"eas:CheckServiceExists",
"eas:CreateServiceInstanceToken",
"eas:DescribeBenchmarkTask",
"eas:DescribeBenchmarkTaskReport",
"eas:DescribeGateway",
"eas:DescribeGatewayMonitor",
"eas:DescribeGroup",
"eas:DescribeResource",
"eas:DescribeResourceDLink",
"eas:DescribeResourceLog",
"eas:DescribeService",
"eas:DescribeServiceAutoScaler",
"eas:DescribeServiceCronScaler",
"eas:DescribeServiceDiagnosis",
"eas:DescribeServiceEndpoints",
"eas:DescribeServiceEvent",
"eas:DescribeServiceInstanceDiagnosis",
"eas:DescribeServiceLog",
"eas:DescribeServiceMirror",
"eas:DescribeServiceStatistic",
"eas:DescribeVirtualResource",
"eas:GetOssAuthorize",
"eas:GetResourceInstances",
"eas:GetService",
"eas:GetServiceRegion",
"eas:GetServiceWorker",
"eas:ListGatewayIntranetSupportedZone",
"eas:ListGroups",
"eas:ListResourceInstances",
"eas:ListResourceInstanceWorker",
"eas:ListResourceServices",
"eas:ListServiceContainers",
"eas:ListServiceInstances",
"eas:ListServices",
"eas:ListTenantAddons",
"eas:AttachGatewayDomain",
"eas:CloneService",
"eas:CommitService",
"eas:CreateAclPolicy",
"eas:CreateAppService",
"eas:CreateAutoscaler",
"eas:CreateBenchmarkTask",
"eas:CreateGateway",
"eas:CreateGatewayIntranetLinkedVpc",
"eas:CreateGatewayIntranetLinkedVpcPeer",
"eas:CreateGatewayMonitor",
"eas:CreateResource",
"eas:CreateResourceInstances",
"eas:CreateResourceLog",
"eas:CreateService",
"eas:CreateServiceAutoScaler",
"eas:CreateServiceCronScaler",
"eas:CreateServiceMirror",
"eas:CreateVirtualResource",
"eas:DeleteAclPolicy",
"eas:DeleteBenchmarkTask",
"eas:DeleteGateway",
"eas:DeleteGatewayIntranetLinkedVpc",
"eas:DeleteGatewayIntranetLinkedVpcPeer",
"eas:DeleteGatewayMonitor",
"eas:DeleteResource",
"eas:DeleteResourceDLink",
"eas:DeleteResourceInstance",
"eas:DeleteResourceInstances",
"eas:DeleteResourceLog",
"eas:DeleteService",
"eas:DeleteServiceAutoScaler",
"eas:DeleteServiceCronScaler",
"eas:DeleteServiceInstances",
"eas:DeleteServiceLabel",
"eas:DeleteServiceMirror",
"eas:DeleteVirtualResource",
"eas:DescribeServiceSignedUrl",
"eas:DetachGatewayDomain",
"eas:DevelopService",
"eas:MigrateResourceInstance",
"eas:ModifyService",
"eas:ReinstallTenantAddon",
"eas:ReleaseService",
"eas:RestartService",
"eas:StartBenchmarkTask",
"eas:StartService",
"eas:StopBenchmarkTask",
"eas:StopService",
"eas:TagResources",
"eas:UpdateAppService",
"eas:UpdateBenchmarkTask",
"eas:UpdateGateway",
"eas:UpdateResource",
"eas:UpdateResourceDLink",
"eas:UpdateResourceInstance",
"eas:UpdateService",
"eas:UpdateServiceAutoScaler",
"eas:UpdateServiceCronScaler",
"eas:UpdateServiceInstance",
"eas:UpdateServiceLabel",
"eas:UpdateServiceMirror",
"eas:UpdateServiceSafetyLock",
"eas:UpdateServiceVersion",
"eas:UpdateVirtualResource",
"eas:ListAclPolicy",
"eas:ListBenchmarkTask",
"eas:ListGateway",
"eas:ListGatewayDomains",
"eas:ListGatewayIntranetLinkedVpc",
"eas:ListGatewayIntranetLinkedVpcPeer",
"eas:ListResources",
"eas:ListServiceVersions",
"eas:ListVirtualResources"
],
"Resource": "*"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "pai.dianjin.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "eas.pai.aliyuncs.com"
}
}
}
]
}
相关文档
该文章对您有帮助吗?