AI 助理
备案控制台
官方文档
输入文档关键字查找
首页 访问控制 开发参考 系统策略参考 PowerUserAccess

PowerUserAccess

更新时间:
产品详情
我的收藏

PowerUserAccess 是阿里云管理的产品系统策略,您可以将 PowerUserAccess 授权给 RAM 身份(RAM 用户、RAM 用户组和 RAM 角色),本策略定义了提供对阿里云服务和资源的完全访问权限,但不允许管理 RAM 身份及其权限,管理资源目录和资源共享关系,或是修改资金账号信息。

策略详情

  • 类型:系统策略

  • 创建时间:2025-06-27 09:48:58

  • 更新时间:2025-09-17 02:26:00

  • 当前版本:v2

策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "NotAction": [
        "ram:*",
        "ims:*",
        "resourcemanager:*",
        "resourcesharing:*",
        "cloudsso:*",
        "bss:ModifyAccount",
        "bss:ModifyBillingAccount",
        "bss:ModifyPaymentRelationship",
        "bssapi:ModifyAccountRelation"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:ListUserBasicInfos",
        "ram:ListRoles",
        "ram:CreateServiceLinkedRole",
        "ram:DeleteServiceLinkedRole",
        "ram:GetServiceLinkedRoleDeletionStatus",
        "ram:CheckServiceLinkedRoleExistence",
        "resourcemanager:GetAccount",
        "resourcemanager:GetFolder",
        "resourcemanager:GetResourceDirectory",
        "resourcemanager:ListAccounts",
        "resourcemanager:ListFoldersForParent",
        "resourcemanager:ListAccountsForParent"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:CreateResourceGroup",
        "ram:DeleteResourceGroup",
        "ram:UpdateResourceGroup",
        "ram:LookupResourceGroupEvents",
        "ram:EnableAssociatedTransfer",
        "ram:DisableAssociatedTransfer",
        "ram:UpdateAssociatedTransferSetting",
        "ram:ListAssociatedTransferSetting",
        "resourcemanager:EnableAutoGrouping",
        "resourcemanager:DisableAutoGrouping",
        "resourcemanager:UpdateAutoGroupingConfig",
        "resourcemanager:GetAutoGroupingStatus",
        "resourcemanager:CreateAutoGroupingRule",
        "resourcemanager:DeleteAutoGroupingRule",
        "resourcemanager:UpdateAutoGroupingRule",
        "resourcemanager:ListAutoGroupingRules",
        "resourcemanager:GetAutoGroupingRule",
        "resourcemanager:EnableResourceGroupNotification",
        "resourcemanager:DisableResourceGroupNotification",
        "resourcemanager:GetResourceGroupNotificationSetting",
        "resourcemanager:UpdateResourceGroupAdminSetting",
        "resourcemanager:GetResourceGroupAdminSetting"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:CreateRole",
        "ram:AttachPolicyToRole"
      ],
      "Resource": "acs:ram:*:*:role/*",
      "Condition": {
        "ForAllValues:StringEquals": {
          "ram:TrustedPrincipalTypes": "Service"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:AttachPolicyToRole",
        "ram:ListPolicies"
      ],
      "Resource": "acs:ram:*:system:policy/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:TagResources",
        "ram:UntagResources",
        "ram:ListTagResources"
      ],
      "Resource": "acs:ram:*:*:resourcegroup/*"
    }
  ]
}

相关文档

上一篇:AliyunYundunXianzhiReadOnlyAccess下一篇:AliyunYundunDbAuditFullAccess