Resource Access Management (RAM) is an Alibaba Cloud service that helps you manage user identities and control resource accesses. With RAM, you can authorize sub-accounts (RAM users) to perform actions on NAS.
We recommend that you follow best security practices and use a RAM user account to access NAS. This document describes the NAS actions and resources available for RAM.
In RAM, you can authorize RAM users to perform the following NAS actions.
|DescribeFileSystems||List file systems.|
|DescribeMountTargets||List mount points of the file system.|
|DescribeAccessGroup||List permission groups.|
|DescribeAccessRule||List permission group rules.|
|CreateMountTarget||Add a mount point for the file system.|
|CreateAccessGroup||Create a permission group.|
|CreateAccessRule||Add a permission group rule.|
|DeleteFileSystem||Delete a file system.|
|DeleteMountTarget||Delete a mount point.|
|DeleteAccessGroup||Delete a permission group.|
|DeleteAccessRule||Delete a permission group rule.|
|ModifyMountTargetStatus||Disable or enable a mount point.|
|ModifyMountTargetAccessGroup||Change the permission group of a mount point.|
|ModifyAccessGroup||Edit a permission group.|
|ModifyAccessRule||Edit a permission rule.|
In RAM authorization policies, NAS only supports the following resource abstraction.
|*||Indicate all the NAS resources.|
The following policy allows read-only actions on all the NAS resources.