All Products
Search
Document Center

:AliyunServiceRoleForOTSDataDelivery role

Last Updated:Jan 14, 2022

Before you use the data delivery feature of Tablestore, you must have the permissions to access Object Storage Service (OSS) resources. To grant the permissions to access OSS resources to you, the system automatically creates the Tablestore service-linked role AliyunServiceRoleForOTSDataDelivery in the Tablestore console.

Note

For more information about service-linked roles, see Service linked roles.

Create the service-linked role

Before you use the data delivery feature of Tablestore, the system automatically creates the Tablestore service-linked role AliyunServiceRoleForOTSDataDelivery in the Tablestore console.

The permission policy for AliyunServiceRoleForOTSDataDelivery is AliyunServiceRolePolicyForOTSDataDelivery. The following operations on OSS resources are supported: PutObject, AbortMultipartUpload, PutObjectTagging, GetObject, and DeleteObjectTagging.

Delete the service-linked role

Before you delete the service-linked role AliyunServiceRoleForOTSDataDelivery, make sure that data delivery is not in use for all instances in the current account.

Notice

After you delete the Tablestore service-linked role, data in the current account cannot be delivered to OSS.

To delete the service-linked role, perform the following steps:

  1. Log on to the RAM console.

  2. In the left-side navigation pane, choose Identities > Roles.

  3. On the Roles page, enter AliyunServiceRoleForOTSDataDelivery in the search box. The AliyunServiceRoleForOTSDataDelivery role is displayed.

  4. Click Delete in the Actions column.

  5. In the message that appears, click OK.

    • If data delivery is in use for instances in the current account, you cannot delete the AliyunServiceRoleForOTSDataDelivery role. You must delete the delivery tasks from the instances before you can delete the role.

    • If no instances in the current account are using data delivery, you can delete the AliyunServiceRoleForOTSDataDelivery role.

FAQ

Why is the system unable to create the Tablestore service-linked role AliyunServiceRoleForOTSDataDelivery for a RAM user?

The system creates the Tablestore service-linked role only for users that have the required permissions. If the Tablestore service-linked role cannot be automatically created for a RAM user, you must attach the following policy to the RAM user.

Replace The ID of the Alibaba Cloud account with the ID of your Alibaba Cloud account.

{
    "Statement": [
        {
            "Action": [
                "ram:CreateServiceLinkedRole"
            ],
            "Resource": "acs:ram:*: 
The ID of the Alibaba Cloud account. 
:role/*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": [
                        "arms.aliyuncs.com"
                    ]
                }
            }
        }
    ],
    "Version": "1"
}