This topic describes how to grant a RAM user the permission to use and manage alarms provided by Log Service.
Background information
- If you want to grant a RAM user the corresponding permissions to perform all required actions in Log Service, set the
AliyunLogFullAccessparameter. For more information, see Grant a RAM user account the permission to access Log Service. - If you only want to grant a RAM user the permission to create and modify an alarm, you need to create a permission policy and grant it to the user.
Procedure
- Copy the following, and then paste it to the Policy Document.
Note You need to replace
<Project name>in the following example with your target project name.{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "log:GetLogStore", "log:CreateLogStore", "log:GetIndex", "log:CreateIndex", "log:UpdateIndex" ], "Resource": "acs:log:*:*:project/<Project name>/logstore/internal-alert-history" }, { "Effect": "Allow", "Action": [ "log:CreateProject", "log:GetProject" ], "Resource": "acs:log:*:*:project/<Project name>" }, { "Effect": "Allow", "Action": [ "log:CreateDashboard", "log:CreateChart", "log:UpdateDashboard" ], "Resource": "acs:log:*:*:project/<Project name>/dashboard/*" }, { "Effect": "Allow", "Action": [ "log:*" ], "Resource": "acs:log:*:*:project/<Project name>/job/*" } ] }