管理服务关联角色AliyunServiceRoleForSLSFullObserverbility

日志服务应用（例如全栈可观测、智能异常分析等）需要扮演服务关联角色AliyunServiceRoleForSLSFullObserverbility从而创建或修改相关的日志服务的资源。本文介绍AliyunServiceRoleForSLSFullObserverbility角色的应用场景和权限策略。

使用场景

当您在日志服务应用（例如全栈可观测、智能异常分析等）中进行日志采集时，日志服务会调用OpenAPI接口创建或删除相关资源。服务关联角色的概念和管理，请参见服务关联角色。您在开通全栈可观测、智能异常分析服务时，自动创建AliyunServiceRoleForSLSFullObserverbility角色。

AliyunServiceRoleForSLSFullObserverbility角色说明

角色名称：AliyunServiceRoleForSLSFullObserverbility
角色权限策略：AliyunServiceRoleForSLSFullObserverbility

权限说明

{
  "Version": "1",
  "Statement": [
      {
          "Action": [
              "log:Get*",
              "log:List*",
              "log:CreateProject",
              "log:CreateLogstore",
              "log:CreateIndex",
              "log:CreateDashboard",
              "log:CreateJob",
              "log:UpdateConfig",
              "log:UpdateJob",
              "log:UpdateDashboard",
              "log:UpdateIndex",
              "log:DeleteLogstore",
              "log:DeleteDashboard",
              "log:DeleteJob",
              "log:DeleteIndex",
              "log:DeleteConfig",
              "log:PostProjectQuery",
              "log:PutProjectQuery",
              "log:DeleteProjectQuery",
              "log:GetProjectQuery",
              "log:PostLogStoreLogs",
              "log:BatchPostLogStoreLogs",
              "log:CreateConsumerGroup",
              "log:UpdateConsumerGroup",
              "log:DeleteConsumerGroup",
              "log:ListConsumerGroup",
              "log:ConsumerGroupUpdateCheckPoint",
              "log:ConsumerGroupHeartBeat",
              "log:GetConsumerGroupCheckPoint"
          ],
          "Resource": "acs:log:*:*:project/*",
          "Effect": "Allow"
      },
      {
          "Action": "ram:PassRole",
          "Resource": "*",
          "Effect": "Allow"
      },
      {
          "Action": [
              "log:GetDataExpression",
              "log:CreateDataExpression",
              "log:UpdateDataExpression"
          ],
          "Resource": "acs:log:*:*:dataexpression/sls_default_data_expression/*",
          "Effect": "Allow"
      },
      {
          "Action": [
              "log:Get*"
          ],
          "Resource": [
            "acs:log:*:*:mlservice/sls_builtin_service_*/*"
          ],
          "Effect": "Allow"
      },
      {
          "Action": [
              "log:CreateAnnotationDataSet",
              "log:DeleteAnnotationDataSet",
              "log:GetAnnotationDataSet",
              "log:ListAnnotationDataSets",
              "log:UpdateAnnotationDataSet",
              "log:CreateAnnotationLabel",
              "log:DeleteAnnotationLabel",
              "log:GetAnnotationLabel",
              "log:UpdateAnnotationLabel",
              "log:ListAnnotationLabels",
              "log:DeleteAnnotationData",
              "log:GetAnnotationData",
              "log:ListAnnotationData",
              "log:PutAnnotationData"
          ],
          "Resource": [
            "acs:log:*:*:mlannotationdataset/*",
            "acs:log:*:*:mlannotationlabel/*"
          ],
          "Effect": "Allow"
      }
  ]
}