如果您是RAM用户,并且计划从长期使用的SAE旧版控制台迁移至新版控制台,由于新版控制台新增功能的缘故,新旧版本所需的最低权限有所不同,如果您未及时更新权限策略,切换时会产生权限不足的报错。本文主要介绍新旧版控制台的权限差异和解决方法。
新旧版控制台权限助手生成的权限策略差异
本文以命名空间级别权限为例进行说明。
说明
您可以在权限助手页面生成所需的权限。具体操作,请参见SAE权限助手。
新版控制台权限助手生成的权限策略
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "sae:ListJobs" ], "Resource": [ "acs:sae:cn-shenzhen:*:job/******/*" ] }, { "Effect": "Allow", "Action": [ "sae:ListApplications", "sae:ListWebApplicationsInner", "sae:ListWebApplications" ], "Resource": [ "acs:sae:cn-shenzhen:*:application/******/*" ] }, { "Effect": "Allow", "Action": [ "sae:DescribeConfigurationPrice", "sae:DescribeContainerRegistry*", "sae:ListTagResources", "sae:GetLastSecurityGroupId", "sae:SyncUserLoadBalancer", "sae:AssignUploadSignature", "sae:ListNamespacesV2", "sae:DescribeVSwitches", "sae:DescribeVpcs", "sae:DescribeNamespaceList", "sae:DescribeSlbQuota", "sae:DescribeNamespaces", "sae:DescribeInstanceSpecifications", "sae:DescribeTagKeys", "sae:CheckAppName", "sae:DescribeTag", "sae:GetArmsDashboardUrl" ], "Resource": [ "acs:sae:cn-shenzhen:*:*" ] }, { "Effect": "Allow", "Action": [ "sae:DescribeComponents", "sae:*Metric", "sae:GetCustomDomain", "sae:ListEventType", "sae:DescribeUserMeasureInfo", "sae:ListEventSubscribeRule", "sae:DescribeEdasContainers", "sae:ListWebApplicationsWithStatus", "sae:DescribeUserAppsInfo", "sae:ListLogtails", "sae:ListUserMeasure", "sae:DescribeResourceQuota", "sae:ListCustomDomains", "sae:ListEventRecord", "sae:CheckInDebt" ], "Resource": [ "acs:sae:*:*:*" ] }, { "Effect": "Allow", "Action": [ "sae:DescribeNamespace*", "sae:ListNamespaceChangeOrders", "sae:ListWebCustomDomains", "sae:ListAppEvents", "sae:CheckIngressConfigWarn", "sae:DescribeConfigMap", "sae:ListSecrets", "sae:ListNamespacedConfigMaps", "sae:ListTimerRules", "sae:DescribeWebCustomDomain", "sae:DescribeIngress", "sae:ListIngresses" ], "Resource": [ "acs:sae:cn-shenzhen:*:namespace/******" ] }, { "Effect": "Allow", "Action": [ "sae:QueryResourceStatics", "sae:DescribeJob", "sae:*Services", "sae:DescribeApp*", "sae:ListLogConfigs", "sae:ListAppEvents", "sae:DescribeStage", "sae:DescribeChangeOrder", "sae:DescribeAggregationStage", "sae:ListChangeOrders", "sae:DescribeChangeOrderErrorTask", "sae:DescribeTask", "sae:DescribeInstanceLog", "sae:GetWebshellToken", "sae:DescribeJobHistory", "sae:DescribeJobStatus", "sae:ListAppVersions", "sae:DescribePipeline", "sae:DescribeNestedStage" ], "Resource": [ "acs:sae:cn-shenzhen:*:job/******/*" ] }, { "Effect": "Allow", "Action": [ "sae:QueryResourceStatics", "sae:GetApplicationScaleConfig", "sae:ListApplicationInstances", "sae:DescribeDebugSlb", "sae:DescribeWebApplication", "sae:GetWebApplication", "sae:DescribeApp*", "sae:DescribeStage", "sae:DescribeChangeOrder", "sae:DescribeAggregationStage", "sae:DescribeWebApplicationScalingConfig", "sae:ListAppAvailableSlbs", "sae:GetApplicationTrafficConfig", "sae:DescribeBuildPipeline", "sae:DescribeTask", "sae:DescribeInstanceLog", "sae:GetSystemMonitor", "sae:ListApplicationMetrics", "sae:ListBuildPipelineRuns", "sae:QueryArmsEnable", "sae:CheckApplicationSlbConfigWarn", "sae:DescribeGreyTagRoute", "sae:GetWebApplicationInner", "sae:ListAppVersions", "sae:ListAppServicesPage", "sae:GetWebApplicationLogs", "sae:*Services", "sae:ListApplicationVersions", "sae:DescribeWebInstanceLogs", "sae:DescribeSystemMonitor", "sae:InstanceExec", "sae:ListLogConfigs", "sae:ListAppEvents", "sae:DescribeWebApplicationResourceStatics", "sae:ListChangeOrders", "sae:DescribeBuildPipelineRun", "sae:DescribeChangeOrderErrorTask", "sae:DescribeWebApplicationRevision", "sae:GetWebshellToken", "sae:ListGreyTagRoute", "sae:GetWebResourceStatics", "sae:InstanceExecAuthorization", "sae:ListWebApplicationRevisions", "sae:DescribePipeline", "sae:ListIngresses" ], "Resource": [ "acs:sae:cn-shenzhen:*:application/******/*" ] } ] }旧版控制台权限助手生成的权限策略
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "sae:ListJobs" ], "Resource": [ "acs:sae:cn-shenzhen:*:job/******/*" ] }, { "Effect": "Allow", "Action": [ "sae:ListApplications" ], "Resource": [ "acs:sae:cn-shenzhen:*:application/******/*" ] }, { "Effect": "Allow", "Action": [ "sae:DescribeConfigurationPrice", "sae:DescribeContainerRegistry*", "sae:ListTagResources", "sae:GetLastSecurityGroupId", "sae:SyncUserLoadBalancer", "sae:AssignUploadSignature", "sae:DescribeVSwitches", "sae:DescribeVpcs", "sae:DescribeNamespaceList", "sae:DescribeSlbQuota", "sae:DescribeNamespaces", "sae:DescribeInstanceSpecifications", "sae:DescribeTagKeys", "sae:CheckAppName", "sae:DescribeTag", "sae:GetArmsDashboardUrl" ], "Resource": [ "acs:sae:cn-shenzhen:*:*" ] }, { "Effect": "Allow", "Action": [ "sae:ListEventSubscribeRule", "sae:DescribeEdasContainers", "sae:DescribeUserAppsInfo", "sae:ListLogtails", "sae:DescribeComponents", "sae:*Metric", "sae:ListUserMeasure", "sae:DescribeResourceQuota", "sae:ListEventType", "sae:ListEventRecord", "sae:CheckInDebt" ], "Resource": [ "acs:sae:*:*:*" ] }, { "Effect": "Allow", "Action": [ "sae:DescribeNamespace*", "sae:ListNamespaceChangeOrders", "sae:CheckIngressConfigWarn", "sae:DescribeConfigMap", "sae:ListSecrets", "sae:ListNamespacedConfigMaps", "sae:ListTimerRules", "sae:ListAppEvents", "sae:DescribeIngress", "sae:ListIngresses" ], "Resource": [ "acs:sae:cn-shenzhen:*:namespace/******" ] }, { "Effect": "Allow", "Action": [ "sae:QueryResourceStatics", "sae:DescribeJob", "sae:*Services", "sae:DescribeApp*", "sae:ListLogConfigs", "sae:ListAppEvents", "sae:DescribeStage", "sae:DescribeChangeOrder", "sae:DescribeAggregationStage", "sae:ListChangeOrders", "sae:DescribeChangeOrderErrorTask", "sae:DescribeTask", "sae:DescribeInstanceLog", "sae:GetWebshellToken", "sae:DescribeJobHistory", "sae:DescribeJobStatus", "sae:ListAppVersions", "sae:DescribePipeline", "sae:DescribeNestedStage" ], "Resource": [ "acs:sae:cn-shenzhen:*:job/******/*" ] }, { "Effect": "Allow", "Action": [ "sae:QueryResourceStatics", "sae:DescribeDebugSlb", "sae:DescribeApp*", "sae:DescribeStage", "sae:DescribeChangeOrder", "sae:DescribeAggregationStage", "sae:ListAppAvailableSlbs", "sae:DescribeTask", "sae:DescribeInstanceLog", "sae:GetSystemMonitor", "sae:QueryArmsEnable", "sae:CheckApplicationSlbConfigWarn", "sae:DescribeGreyTagRoute", "sae:ListAppVersions", "sae:ListAppServicesPage", "sae:*Services", "sae:DescribeSystemMonitor", "sae:InstanceExec", "sae:ListLogConfigs", "sae:ListAppEvents", "sae:ListChangeOrders", "sae:DescribeChangeOrderErrorTask", "sae:GetWebshellToken", "sae:ListGreyTagRoute", "sae:DescribePipeline", "sae:ListIngresses" ], "Resource": [ "acs:sae:cn-shenzhen:*:application/******/*" ] } ] }新旧版控制台权限助手生成的权限策略存在的差异
权限级别
差异
AppUniverse
ListWebApplicationsInner
ListWebApplications
GetApplicationScaleConfig
ListApplicationInstances
DescribeWebApplication
GetWebApplication
DescribeWebApplicationScalingConfig
GetApplicationTrafficConfig
DescribeBuildPipeline
ListApplicationMetrics
ListBuildPipelineRuns
GetWebApplicationInner
GetWebApplicationLogs
ListApplicationVersions
DescribeWebInstanceLogs
DescribeWebApplicationResourceStatics
DescribeBuildPipelineRun
DescribeWebApplicationRevision
GetWebResourceStatics
InstanceExecAuthorization
ListWebApplicationRevisions
RegionUniverse
ListNamespacesV2
Universe
GetCustomDomain
DescribeUserMeasureInfo
ListWebApplicationsWithStatus
ListCustomDomains
Namespace
ListWebCustomDomains
DescribeWebCustomDomain
切换新版控制台时遇到报错的解决方法
当您从旧版控制台切换到新版控制台时,如果未授予新版控制台所需的API权限,则会遇到权限不足的错误提示。
联系阿里云主账号管理员,使用主账号在权限助手页面生成RAM用户(子账号)所需权限策略并进行复制。具体操作,请参见SAE权限助手。
在主账号上使用脚本编辑的方式创建权限策略。具体操作,请参见通过脚本编辑模式创建自定义权限策略。
使用主账号为RAM用户(子账号)授予创建的自定义权限。具体操作,请参见为RAM角色授权。
文档内容是否对您有帮助?