Procedure

  1. Log on to the RAM console with an Alibaba Cloud account.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. On the Policies page, click Create Policy.
  4. Specify the Policy Name and Note parameters.
  5. Select Script for the Configure Mode parameter. In the Policy Document section, enter the script of a custom policy that is used to access MNS.
    The template of a custom policy is provided as follows.
    {
        "Statement":[
            {
                "Action":"mns:*",
                "Effect":"Allow",
                "Resource":"acs:mns:*:*:*"
            }
        ],
        "Version":"1"
    }
    Note
    • Action: the access operation to be authorized. The value of this parameter starts with ”mns:".

      For example, "mns:SendMessage" indicates the operation of sending messages. The corresponding MNS API operations include SendMessage and BatchSendMessage. For more information about the API operations, see Mapping between MNS API operations and RAM permissions.

    • Effect: specifies whether to allow or deny the operation. Valid values:Allow and Deny.
    • Resource: the name of the Alibaba Cloud resource (ARN) to be managed. Syntax: "acs:<Alibaba Cloud service name>:<region name>:<Alibaba Cloud account ID>:<resource URI>".

      For example, "acs:mns:cn-hangzhou:123456789:/queues/MyQueue1/messages" indicates MyQueue1 that is created in the China (Hangzhou) region by the Alibaba Cloud account whose ID is 123456789.

    • *: the wildcard that is used to indicate all available resources.

      For example: "acs:mns:*:*:*" indicates the RAM user is authorized to access all MNS resources of the Alibaba Cloud account. You can use a wildcard instead of specifying a region, account ID, or resource URI.

  6. Click OK.