文档

服务关联角色

更新时间:

本文为您介绍服务关联角色(AliyunServiceRoleForRPA)的背景信息和应用场景,以及如何删除服务关联角色和RAM用户(子账号)创建服务关联角色所需的权限。

背景信息

在某些场景下,为了实现RPA的成员账号管理功能,您需要获取其他云服务的访问权限。阿里云提供了服务关联角色 SLR(Service Linked Role)来满足此类场景的需求。

更多关于服务关联角色的信息,请参见服务关联角色

应用场景

RPA需要访问阿里云应用身份服务(IDaaS)、文字识别(OCR)等相关的资源,通过服务关联角色能够获取访问权限。

AliyunServiceRoleForRPA介绍

  • 角色名称:AliyunServiceRoleForRPA

  • 角色权限策略:AliyunServiceRolePolicyForRPA

  • 权限说明:允许阿里云RPA使用此角色访问您的IDaaS云身份服务、文字识别等产品服务

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "eiam:CreateApplication",
        "eiam:DeleteApplication",
        "eiam:SetApplicationSsoConfig",
        "eiam:GetApplicationSsoConfig",
        "eiam:ListApplicationClientSecrets",
        "eiam:ObtainApplicationClientSecret",
        "eiam:EnableApplicationApiInvoke",
        "eiam:SetApplicationProvisioningScope",
        "eiam:SetApplicationGrantScope",
        "eiam:ListInstances",
        "eiam:ListApplications",
        "eiam:UpdateApplicationAuthorizationType",
        "eiam:EnableApplicationProvisioning",
        "eiam:SetApplicationProvisioningConfig",
        "eiam:GetApplicationProvisioningConfig",
        "eiam:AuthorizeApplicationToOrganizationalUnits"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ocr:RecognizeAdvanced",
        "ocr:RecognizeHandwriting",
        "ocr:RecognizeTableOcr",
        "ocr:RecognizeBasic",
        "ocr:RecognizeGeneral",
        "ocr:RecognizeDocumentStructure",
        "ocr:RecognizeIdcard",
        "ocr:RecognizeBankCard",
        "ocr:RecognizeMixedInvoices",
        "ocr:RecognizeInvoice",
        "ocr:RecognizeQuotaInvoice",
        "ocr:RecognizeAirItinerary",
        "ocr:RecognizeTrainInvoice",
        "ocr:RecognizeTaxiInvoice",
        "ocr:RecognizeRollTicket",
        "ocr:RecognizeRideHailingItinerary",
        "ocr:RecognizeCarVinCode",
        "ocr:RecognizeCarNumber",
        "ocr:RecognizeDrivingLicense",
        "ocr:RecognizeVehicleLicense"
      ],
      "Resource": "*"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "rpa.aliyuncs.com"
        }
      }
    }
  ]
}

删除服务关联角色

如果您需要删除AliyunServiceRoleForRPA(服务关联角色),请先确保您账号下没有正在使用该角色进行成员管理、调用OCR能力等操作。如何删除,请参见删除服务关联角色

  • 本页导读 (0)