AI 助理
备案控制台
官方文档
输入文档关键字查找
首页 访问控制 开发参考 系统策略参考 AliyunServiceRolePolicyForDianJinAccessingPai

AliyunServiceRolePolicyForDianJinAccessingPai

更新时间:
产品详情
我的收藏

AliyunServiceRolePolicyForDianJinAccessingPai 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForDianJinAccessingPai 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。

策略详情

  • 类型:系统策略

  • 创建时间:2025-07-03 16:28:57

  • 更新时间:2025-07-03 16:28:57

  • 当前版本:v1

策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "pai:GetResourceGroup",
        "pai:GetResourceGroupMachineGroup",
        "pai:CreateQuota",
        "pai:CreateResourceGroup",
        "pai:DeleteQuota",
        "pai:DeleteResourceGroup",
        "pai:GetQuota",
        "pai:ListQuotas",
        "pai:UpdateResourceGroup",
        "pai:ListResourceGroupMachineGroups",
        "pai:ListResourceGroups",
        "pai:AdministratePAI"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "paiworkspace:ListPermissions",
        "paiworkspace:DeleteWorkspaceResource",
        "paiworkspace:UpdateWorkspaceResource",
        "paiworkspace:ListResources",
        "paiworkspace:CreateWorkspaceResource",
        "paiworkspace:AddMemberRole",
        "paiworkspace:RemoveMemberRole",
        "paiworkspace:DeleteMembers",
        "paiworkspace:GetMember",
        "paiworkspace:ListMembers",
        "paiworkspace:CreateMember",
        "paiworkspace:UpdateConfigs",
        "paiworkspace:GetConfig",
        "paiworkspace:ListConfigs",
        "paiworkspace:DeleteConfig",
        "paiworkspace:UpdateConfig",
        "paiworkspace:ListWorkspaces",
        "paiworkspace:CreateWorkspace",
        "paiworkspace:GetWorkspace",
        "paiworkspace:DeleteWorkspace",
        "paiworkspace:UpdateWorkspace",
        "paiworkspace:GetDefaultWorkspace",
        "paiworkspace:UpdateDefaultWorkspace",
        "paiworkspace:ListWorkspaceUsers"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "paidlc:GenerateJobScript",
        "paidlc:GetJob",
        "paidlc:GetJobEvents",
        "paidlc:GetJobMetrics",
        "paidlc:GetJobPagedEvents",
        "paidlc:GetJobPagedLogs",
        "paidlc:GetJobSanityCheckResult",
        "paidlc:GetJobsStatistics",
        "paidlc:GetPodContextEvents",
        "paidlc:GetPodContextLogs",
        "paidlc:GetPodEvents",
        "paidlc:GetPodLogs",
        "paidlc:GetPodPagedEvents",
        "paidlc:GetPodPagedLogs",
        "paidlc:GetTensorboard",
        "paidlc:GetToken",
        "paidlc:GetWebTerminal",
        "paidlc:ListJobRetries",
        "paidlc:ListJobs",
        "paidlc:ListTensorboards",
        "paidlc:CreateJob",
        "paidlc:CreateTensorboard",
        "paidlc:DeleteJob",
        "paidlc:DeleteTensorboard",
        "paidlc:GetMetrics",
        "paidlc:ListJobPods",
        "paidlc:StartTensorboard",
        "paidlc:StopJob",
        "paidlc:StopTensorboard",
        "paidlc:UpdateJob",
        "paidlc:UpdateTensorboard"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "eas:CheckServiceExists",
        "eas:CreateServiceInstanceToken",
        "eas:DescribeBenchmarkTask",
        "eas:DescribeBenchmarkTaskReport",
        "eas:DescribeGateway",
        "eas:DescribeGatewayMonitor",
        "eas:DescribeGroup",
        "eas:DescribeResource",
        "eas:DescribeResourceDLink",
        "eas:DescribeResourceLog",
        "eas:DescribeService",
        "eas:DescribeServiceAutoScaler",
        "eas:DescribeServiceCronScaler",
        "eas:DescribeServiceDiagnosis",
        "eas:DescribeServiceEndpoints",
        "eas:DescribeServiceEvent",
        "eas:DescribeServiceInstanceDiagnosis",
        "eas:DescribeServiceLog",
        "eas:DescribeServiceMirror",
        "eas:DescribeServiceStatistic",
        "eas:DescribeVirtualResource",
        "eas:GetOssAuthorize",
        "eas:GetResourceInstances",
        "eas:GetService",
        "eas:GetServiceRegion",
        "eas:GetServiceWorker",
        "eas:ListGatewayIntranetSupportedZone",
        "eas:ListGroups",
        "eas:ListResourceInstances",
        "eas:ListResourceInstanceWorker",
        "eas:ListResourceServices",
        "eas:ListServiceContainers",
        "eas:ListServiceInstances",
        "eas:ListServices",
        "eas:ListTenantAddons",
        "eas:AttachGatewayDomain",
        "eas:CloneService",
        "eas:CommitService",
        "eas:CreateAclPolicy",
        "eas:CreateAppService",
        "eas:CreateAutoscaler",
        "eas:CreateBenchmarkTask",
        "eas:CreateGateway",
        "eas:CreateGatewayIntranetLinkedVpc",
        "eas:CreateGatewayIntranetLinkedVpcPeer",
        "eas:CreateGatewayMonitor",
        "eas:CreateResource",
        "eas:CreateResourceInstances",
        "eas:CreateResourceLog",
        "eas:CreateService",
        "eas:CreateServiceAutoScaler",
        "eas:CreateServiceCronScaler",
        "eas:CreateServiceMirror",
        "eas:CreateVirtualResource",
        "eas:DeleteAclPolicy",
        "eas:DeleteBenchmarkTask",
        "eas:DeleteGateway",
        "eas:DeleteGatewayIntranetLinkedVpc",
        "eas:DeleteGatewayIntranetLinkedVpcPeer",
        "eas:DeleteGatewayMonitor",
        "eas:DeleteResource",
        "eas:DeleteResourceDLink",
        "eas:DeleteResourceInstance",
        "eas:DeleteResourceInstances",
        "eas:DeleteResourceLog",
        "eas:DeleteService",
        "eas:DeleteServiceAutoScaler",
        "eas:DeleteServiceCronScaler",
        "eas:DeleteServiceInstances",
        "eas:DeleteServiceLabel",
        "eas:DeleteServiceMirror",
        "eas:DeleteVirtualResource",
        "eas:DescribeServiceSignedUrl",
        "eas:DetachGatewayDomain",
        "eas:DevelopService",
        "eas:MigrateResourceInstance",
        "eas:ModifyService",
        "eas:ReinstallTenantAddon",
        "eas:ReleaseService",
        "eas:RestartService",
        "eas:StartBenchmarkTask",
        "eas:StartService",
        "eas:StopBenchmarkTask",
        "eas:StopService",
        "eas:TagResources",
        "eas:UpdateAppService",
        "eas:UpdateBenchmarkTask",
        "eas:UpdateGateway",
        "eas:UpdateResource",
        "eas:UpdateResourceDLink",
        "eas:UpdateResourceInstance",
        "eas:UpdateService",
        "eas:UpdateServiceAutoScaler",
        "eas:UpdateServiceCronScaler",
        "eas:UpdateServiceInstance",
        "eas:UpdateServiceLabel",
        "eas:UpdateServiceMirror",
        "eas:UpdateServiceSafetyLock",
        "eas:UpdateServiceVersion",
        "eas:UpdateVirtualResource",
        "eas:ListAclPolicy",
        "eas:ListBenchmarkTask",
        "eas:ListGateway",
        "eas:ListGatewayDomains",
        "eas:ListGatewayIntranetLinkedVpc",
        "eas:ListGatewayIntranetLinkedVpcPeer",
        "eas:ListResources",
        "eas:ListServiceVersions",
        "eas:ListVirtualResources"
      ],
      "Resource": "*"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "pai.dianjin.aliyuncs.com"
        }
      }
    },
    {
      "Action": "ram:CreateServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "eas.pai.aliyuncs.com"
        }
      }
    }
  ]
}

相关文档

上一篇:AliyunServiceRolePolicyForDianJinAccessingOss下一篇:AliyunServiceRolePolicyForDevCloud