本文为您介绍服务关联角色(AliyunServiceRoleForRPA)的背景信息和应用场景,以及如何删除服务关联角色和RAM用户(子账号)创建服务关联角色所需的权限。
背景信息
在某些场景下,为了实现RPA的成员账号管理功能,您需要获取其他云服务的访问权限。阿里云提供了服务关联角色 SLR(Service Linked Role)来满足此类场景的需求。
更多关于服务关联角色的信息,请参见服务关联角色。
应用场景
RPA需要访问阿里云应用身份服务(IDaaS)、文字识别(OCR)等相关的资源,通过服务关联角色能够获取访问权限。
AliyunServiceRoleForRPA介绍
角色名称:AliyunServiceRoleForRPA
角色权限策略:AliyunServiceRolePolicyForRPA
权限说明:允许阿里云RPA使用此角色访问您的IDaaS云身份服务、文字识别等产品服务
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eiam:CreateApplication",
"eiam:DeleteApplication",
"eiam:SetApplicationSsoConfig",
"eiam:GetApplicationSsoConfig",
"eiam:ListApplicationClientSecrets",
"eiam:ObtainApplicationClientSecret",
"eiam:EnableApplicationApiInvoke",
"eiam:SetApplicationProvisioningScope",
"eiam:SetApplicationGrantScope",
"eiam:ListInstances",
"eiam:ListApplications",
"eiam:UpdateApplicationAuthorizationType",
"eiam:EnableApplicationProvisioning",
"eiam:SetApplicationProvisioningConfig",
"eiam:GetApplicationProvisioningConfig",
"eiam:AuthorizeApplicationToOrganizationalUnits"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ocr:RecognizeAdvanced",
"ocr:RecognizeHandwriting",
"ocr:RecognizeTableOcr",
"ocr:RecognizeBasic",
"ocr:RecognizeGeneral",
"ocr:RecognizeDocumentStructure",
"ocr:RecognizeIdcard",
"ocr:RecognizeBankCard",
"ocr:RecognizeMixedInvoices",
"ocr:RecognizeInvoice",
"ocr:RecognizeQuotaInvoice",
"ocr:RecognizeAirItinerary",
"ocr:RecognizeTrainInvoice",
"ocr:RecognizeTaxiInvoice",
"ocr:RecognizeRollTicket",
"ocr:RecognizeRideHailingItinerary",
"ocr:RecognizeCarVinCode",
"ocr:RecognizeCarNumber",
"ocr:RecognizeDrivingLicense",
"ocr:RecognizeVehicleLicense"
],
"Resource": "*"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "rpa.aliyuncs.com"
}
}
}
]
}删除服务关联角色
如果您需要删除AliyunServiceRoleForRPA(服务关联角色),请先确保您账号下没有正在使用该角色进行成员管理、调用OCR能力等操作。如何删除,请参见删除服务关联角色。
文档内容是否对您有帮助?