You can create custom permission policies related to Application Real-Time Monitoring Service (ARMS) and grant Resource Access Management (RAM) users the read and write permissions on some applications monitored by ARMS. In addition, you can implement fine-grained permission management based on application names.
Prerequisites
Background information
ARMS provides the following system permission policies:
- AliyunARMSFullAccess: ARMS full access permission
- AliyunARMSReadOnlyAccess: ARMS read-only permission
Step 1: Create a custom permission policy related to ARMS
- Log on to the RAM console. In the left-side navigation pane, choose .
- On the Policies page, click Create Policy.
- On the Create Custom Policy page, set the following parameters and click OK.
Step 2: Add the custom policy related to ARMS application monitoring to a RAM user
- In the left-side navigation pane, choose .
- On the Users page, click the target user in the User Logon Name/Display Name column.
- On the Basic Information page, click the Permissions tab.
- On the Individual tab, add a custom permission policy for the RAM user.
- If the individual permission list contains the AliyunARMSFullAccess or AliyunARMSReadOnlyAccess system policy, click Remove Permission in the Actions column on the right. In the remove permission dialog box, click OK. After you remove all policies, click Add Permissions.
- If the individual permission list contains no policy, click Add Permissions.
- In the Add Permissions pane, select Custom Policy in the Select Policy section, and enter the name of the custom policy that you created in step 1. Then, in the Authorization Policy Name column, select the policy that was returned in the search result, click OK, and then click Complete.