After a Resource Access Management (RAM) user is created, you can create a permission policy for the RAM user.

Procedure

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. On the Policies page, click Create Policy.
  4. On the Create Custom Policy page, enter a policy name and note, select Script as Configuration Mode, enter a script in the Policy Document field, and then click OK.
    The following script shows an example of a custom policy:
    {
        "Statement":[
            {
                "Action":"mns:*",
                "Effect":"Allow",
                "Resource":"acs:mns:*:*:*"
            }
        ],
        "Version":"1"
    }
    Parameter Example Description
    Action mns:* The operation that requires authorization.
    Note Example: mns:SendMessage. mns:SendMessage indicates the operation of sending messages. The corresponding Message Service (MNS) API operations include SendMessage and BatchSendMessage. For more information, see Sample RAM policies.
    Effect Allow The type of authorization. Valid values:
    • Allow: allows the operation
    • Deny: denies the operation
    Resource acs:mns:*:*:*" The Alibaba Cloud MNS resources that can be accessed by the RAM user.
    Note The asterisk (*) wildcard character indicates all available resources.