This topic describes how to grant a RAM user the permission to use and manage alarms provided by Log Service.

Background information

  • If you want to grant a RAM user the corresponding permissions to perform all required actions in Log Service, set the AliyunLogFullAccess parameter. For more information, see Grant a RAM user account the permission to access Log Service.
  • If you only want to grant a RAM user the permission to create and modify an alarm, you need to create a permission policy and grant it to the user.

Procedure

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. Click Create Policy.
  4. Enter a Policy Name and Note.
  5. Select the Script radio box.
  6. Copy the following, and then paste it to the Policy Document.
    Note You need to replace <Project name> in the following example with your target project name.
    
    {
        "Version": "1",
        "Statement": [
         {
             "Effect": "Allow",
             "Action": [
             "log:GetLogStore",
             "log:CreateLogStore",
             "log:GetIndex",
             "log:CreateIndex",
             "log:UpdateIndex"
           ],
             "Resource": "acs:log:*:*:project/<Project name>/logstore/internal-alert-history"
         },
         {
             "Effect": "Allow",
             "Action": [
                 "log:CreateProject",
                 "log:GetProject"
            ],
             "Resource": "acs:log:*:*:project/<Project name>"
         },
         {
              "Effect": "Allow",
              "Action": [
                  "log:CreateDashboard",
                  "log:CreateChart",
                  "log:UpdateDashboard"
             ],
              "Resource": "acs:log:*:*:project/<Project name>/dashboard/*"
         },
         {
              "Effect": "Allow",
              "Action": [
                   "log:*"
             ],
               "Resource": "acs:log:*:*:project/<Project name>/job/*"
          }
       ]
    }
  7. Click OK.
  8. In the left-side navigation pane, choose Identities > Users.
  9. Click Add Permissions on the right of the target user account.
  10. Select the policy created in the preceding step, and then click OK.