All Products
Search
Document Center

:Authorize a RAM user to manage alerts

Last Updated:Aug 04, 2023

This topic describes how to authorize a Resource Access Management (RAM) user to manage alerts.

Prerequisites

A RAM user is created. For more information, see Create a RAM user.

Background information

You can authorize a RAM user to manage alerts in one of the following modes:

  • Simple mode: You can attach the AliyunLogFullAccess policy to the RAM user. This way, the RAM user has all permissions on Simple Log Service. For more information, see Grant permissions to RAM users.

  • Custom mode: You can create custom policies and attach the policies to the RAM user. This way, the RAM user can only create or modify alerts. In this topic, the custom mode is used as an example.

Procedure

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. Create a policy.

    1. In the left-side navigation pane, choose Permissions > Policies.
    2. On the Policies page, click Create Policy.
    3. On the Create Policy page, click the JSON tab, replace the existing script in the code editor with the following policy document, and then click Next to edit policy information.

      Replace Project name with the actual project name.

      {
        "Version": "1",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "log:CreateLogStore",
              "log:CreateIndex",
              "log:UpdateIndex"
            ],
            "Resource": "acs:log:*:*:project/Project name/logstore/internal-alert-history"
          },
          {
            "Effect": "Allow",
            "Action": [
              "log:CreateDashboard",
              "log:CreateChart",
              "log:UpdateDashboard"
            ],
            "Resource": "acs:log:*:*:project/Project name/dashboard/*"
          },
          {
            "Effect": "Allow",
            "Action": [
              "log:*"
            ],
            "Resource": "acs:log:*:*:project/Project name/job/*"
          }
        ]
      }
    4. Configure the Name parameter and click OK.
  3. Attach the policy to the RAM user.
    1. In the left-side navigation pane, choose Identities > Users.
    2. On the Users page, find the RAM user to which you want to attach the policy and click Add Permissions in the Actions column.
    3. In the Select Policy section of the Add Permissions panel, click Custom Policy. Then, select the policy that you created in Step 2 and click OK.
    4. Verify that the policy is attached to the RAM user and click Complete.