AliyunServiceRolePolicyForRCSecuritySense 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForRCSecuritySense 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-12-12 09:39:33
更新时间:2026-05-06 05:57:28
当前版本:v13
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"yundun-sas:ListCheckResult",
"yundun-sas:VerifyCheckResult",
"yundun-sas:DescribeEmgVulItem",
"yundun-sas:DescribeSuspEvents",
"yundun-sas:DescribeGroupedVul",
"yundun-sas:GetAssetDetailByUuid",
"yundun-sas:DescribeSimilarSecurityEvents",
"yundun-sas:CreateSimilarSecurityEventsQueryTask",
"yundun-sas:DescribeSecurityEventOperationStatus",
"yundun-sas:HandleSimilarSecurityEvents",
"yundun-sas:HandleSecurityEvents",
"yundun-sas:DescribeCloudCenterInstances",
"yundun-sas:DescribeVersionConfig",
"yundun-sas:UpdateSelectionKeyByType",
"yundun-sas:CreateAssetSelectionConfig",
"yundun-sas:AddAssetSelectionCriteria",
"yundun-sas:CreateVirusScanOnceTask",
"yundun-sas:ListVirusScanMachineEvent",
"yundun-sas:GetVirusScanLatestTaskStatistic",
"yundun-sas:DescribeServiceLinkedRoleStatus",
"yundun-sas:CreateServiceLinkedRole",
"yundun-sas:GetCanTrySas",
"yundun-sas:GetValidDeductInstances",
"yundun-sas:CreateSasTrial",
"yundun-sas:OpenTrialPackage",
"yundun-sas:InitSasModuleRule",
"yundun-sas:BindAuthToMachine",
"yundun-sas:UpdatePostPaidBindRel"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"accountcenter:AccountContactQueryPageList"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"yundun-aegis:ModifyStartVulScan",
"yundun-aegis:DescribeAccesskeyLeakList"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"config:GetConfigurationRecorder",
"config:ListConfigRules",
"config:CreateCompliancePack",
"config:GetCompliancePack",
"config:GetConfigRule",
"config:DeactiveConfigRules",
"config:ActiveConfigRules",
"config:ListConfigRuleEvaluationResults",
"config:ListCompliancePacks",
"config:StartConfigurationRecorder"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ram:ListRoles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecs:DescribeInstancesFullStatus"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"swas-open:ListInstanceStatus"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"notifications:ReadAllCommonContacts",
"notifications:ReadUserSubscriptionList",
"notifications:UpdateUserSubscription"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"governance:ListRegions",
"governance:GetCloudHealthReportStatus"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"riskpunish:QueryAccountSafetyIncident",
"riskpunish:QueryResourceControlEvents",
"riskpunish:GetResourceControlEvent",
"riskpunish:SubmitApplyRecord",
"riskpunish:DeleteCpmcPunish"
],
"Resource": "*"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "security-sense.riskcontrol.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"cspm.sas.aliyuncs.com",
"agentless.sas.aliyuncs.com"
]
}
}
}
]
}相关文档
该文章对您有帮助吗?