This topic describes how to create custom policies to grant permissions to RAM users so that they can log on to the ActionTrail console and use the corresponding ActionTrail resources.
Prerequisites
- An Alibaba Cloud account is created. If not, create an Alibaba Cloud account first.
- View the supported ActionTrail API operations and RAM permission policies. For more information, see RAM account authentication.
Procedure
Examples of permission policies
- Example 1: Grant read-only permissions to a RAM user.
{ "Version": "1", "Statement": [{ "Effect": "Allow", "Action": [ "actiontrail:LookupEvents", "actiontrail:Describe*", "actiontrail:Get*" ], "Resource": "*" }] }
- Example 2: Grant read-only permissions to a RAM user when the RAM user logs on from
a specified IP address.
{ "Version": "1", "Statement": [{ "Effect": "Allow", "Action": [ "actiontrail:LookupEvents", "actiontrail:Describe*", "actiontrail:Get*" ], "Resource": "*", "Condition":{ "IpAddress": { "acs:SourceIp": "42.120.XX.X/24" } } }] }