This topic describes how to authorize a Resource Access Management (RAM) user to manage Elastic Compute Service (ECS) security groups within an Alibaba Cloud account. This topic provides a policy as an example.

The following policy specifies that the authorized RAM user can manage ECS security groups within an Alibaba Cloud account.

{
  "Version": "1",
  "Statement": [
    {
      "Action": "ecs:*SecurityGroup*",
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}
Note If you require a more fine-grained policy, which allows you to manage a specific security group or perform a specific operation on security groups, you can configure the Resource or Action field. For more information, see Authentication rules.