This topic describes how to create custom policies to grant permissions to RAM users so that they can log on to the ActionTrail console and use the corresponding ActionTrail resources.

Prerequisites

Procedure

  1. Create a RAM user.
  2. Create a custom policy.

    You can create custom policies to grant permissions to RAM users based on the following examples of permission policies.

  3. Grant permissions to a RAM user.

Examples of permission policies

  • Example 1: Grant read-only permissions to a RAM user.
    {
        "Version": "1",
        "Statement": [{
            "Effect": "Allow",
            "Action": [
                "actiontrail:LookupEvents", 
                "actiontrail:Describe*", 
                "actiontrail:Get*"
            ],
            "Resource": "*"
        }]
    }
    					
  • Example 2: Grant read-only permissions to a RAM user when the RAM user logs on from a specified IP address.
    {
        "Version": "1",
        "Statement": [{
            "Effect": "Allow",
            "Action": [
                "actiontrail:LookupEvents", 
                "actiontrail:Describe*", 
                "actiontrail:Get*"
            ],
            "Resource": "*",
            "Condition":{
                "IpAddress": {
                    "acs:SourceIp": "42.120.XX.X/24"
                }
            }
        }]
    }