This topic lists the services that work with Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.
Overview
Each table in this topic contains the following columns:
Alibaba Cloud service: the name of the cloud service that supports RAM.
Sub-service or sub-module: the sub-service or sub-module of the cloud service. A hyphen (-) indicates none.
RAM code: the code that is used in RAM to indicate the cloud service.
Console: indicates whether RAM can be used to implement access control in the console of the service. A tick (√) indicates that RAM is supported. A cross (×) indicates that RAM is not supported. A circle (○) indicates that no console is provided for that service.
API: indicates whether RAM can be used to implement access control by calling the API of the service. A tick (√) indicates that RAM is supported by calling the API of the service. A cross (×) indicates that RAM is not supported by calling the API of the service. A circle (○) indicates that no API is provided for that service.
Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.
The following authorization granularity is defined:
Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.
Operation: You can control whether RAM users or RAM roles can perform specific operations on a specific type of resource in the service.
Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.
System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.
References: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.
Elastic computing
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
ECS | ECS | ecs | √ | √ | Resource |
| |
Elastic Block Storage (EBS) | EBS | ecs | √ | √ | Resource |
| - |
EBS | EBS | ebs | √ | √ | Resource |
| - |
ECS | Elastic GPU Service | ecs | √ | √ | Resource |
| |
ECS | ECS Bare Metal Instance | ecs | √ | √ | Resource |
| |
ECS | Super Computing Cluster | ecs | √ | √ | Resource |
| |
ECS | Dedicated Host (DDH) | ecs | √ | √ | Resource |
| |
ECS | Alibaba Cloud Linux 2 | ecs | √ | √ | Resource |
| |
Auto Scaling | - | ess | √ | √ | Operation |
| |
Container Service for Kubernetes (ACK) | - | cs | √ | √ | Resource |
| |
Batch Compute | - | batchcompute | √ | √ | Service | - | - |
Resource Orchestration Service (ROS) | - | ros | √ | √ | Resource |
| |
Function Compute | - | fc | √ | √ | Resource |
| Grant permissions across Alibaba Cloud accounts by using a RAM role |
Simple Application Server | - | swas | √ | ○ | Service | AliyunSWASFullAccess | - |
Elastic High Performance Computing | - | ehpc | √ | √ | Service |
| - |
Container Registry | - | cr | √ | √ | Resource |
| Configure policies for RAM users to access Container Registry |
WUYING Workspace | WUYING Workspace | ecd | √ | √ | Operation |
| |
Elastic Container Instance | - | eci | √ | √ | Resource |
| |
CloudFlow | - | fnf | √ | √ | Resource |
| |
Web App Service | - | webplus | √ | √ | Operation |
| - |
Compute Nest | - |
| √ | ○ | Resource |
| - |
Alibaba Cloud Distributed Cloud Container Platform (ACK One) | - | adcp | √ | √ | Operation |
| - |
Databases
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
ApsaraDB RDS | ApsaraDB RDS | rds | √ | √ | Resource |
| |
ApsaraDB RDS | ApsaraDB RDS for MySQL | rds | √ | √ | Resource |
| |
ApsaraDB RDS | ApsaraDB RDS for SQL Server | rds | √ | √ | Resource |
| |
ApsaraDB RDS | ApsaraDB RDS for PostgreSQL | rds | √ | √ | Resource |
| |
ApsaraDB RDS | ApsaraDB for MyBase | rds | √ | √ | Resource |
| - |
ApsaraDB for Redis | - | kvstore | √ | √ | Resource |
| |
ApsaraDB for MongoDB | - | dds | √ | √ | Resource |
| - |
AnalyticDB for PostgreSQL | - | gpdb | √ | √ | Resource |
| - |
Data Transmission Service (DTS) | - | dts | √ | √ | Operation |
| |
Data Management (DMS) | - | dms | √ | √ | Service |
| |
AnalyticDB for MySQL | - | adb | √ | √ | Operation |
| |
PolarDB for Xscale (PolarDB-X) | - |
| √ | √ | Resource |
| |
ApsaraDB for HBase | - | hbase | √ | √ | Resource |
| |
Advanced Database & Application Migration (ADAM) | - | adam | √ | ○ | Service |
| |
PolarDB | - | polardb | √ | √ | Operation |
| |
Database Backup (DBS) | - | dbs | √ | √ | Service |
| - |
Database Autonomy Service (DAS) | - | hdm | √ | √ | Service |
| What do I do if I fail to access DAS as a RAM user due to lack of permissions? |
Data Lake Analytics (DLA) | - | openanalytics | √ | √ | Resource |
| |
ApsaraDB for OceanBase | - | oceanbase | √ | ○ | Service |
| - |
ApsaraDB for Cassandra | - | cassandra | √ | √ | Resource |
| |
LedgerDB | - | ledgerdb | √ | √ | Resource |
| |
ApsaraDB for ClickHouse | - | clickhouse | √ | √ | Resource |
| |
Database Gateway (DG) | - | dg | √ | √ | Resource |
| - |
Storage
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Object Storage Service (OSS) | - | oss | √ | √ | Resource |
| |
Apsara File Storage NAS (NAS) | - | nas | √ | √ | Resource |
| |
Tablestore (OTS) | - | ots | √ | √ | Resource |
| |
Cloud Storage Gateway (CSG) | - | hcs-sgw | √ | √ | Service | AliyunHCSSGWFullAccess | |
Cloud Backup | - | hbr | √ | √ | Resource |
| |
Hybrid Cloud Storage Array (CSA) | CSA | hgw | √ | ○ | Operation |
| - |
CSA | Remote Service | asrs | √ | ○ | Resource |
| - |
Cloud communications
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Short Message Service (SMS) | - | dysms | √ | √ | Service | - | - |
Network
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Virtual Private Cloud (VPC) | - | vpc | √ | √ | Resource |
| |
Service Load Balancer (SLB) | SLB | slb | √ | √ | Resource |
| |
SLB | Application Load Balancer (ALB) | alb | √ | √ | Resource |
| - |
SLB | Network Load Balancer (NLB) | nlb | √ | √ | Resource |
| - |
Express Connect | - | vpc | √ | √ | Resource |
| System policies and sample custom policies for Express Connect |
Elastic IP Address (EIP) | EIP | vpc | √ | √ | Resource |
| |
EIP | Anycast Elastic IP Address (Anycast EIP) | eipanycast | √ | √ | Resource |
| |
NAT Gateway | - | vpc | √ | √ | Resource |
| |
VPN Gateway | - | vpc | √ | √ | Resource |
| |
Internet Shared Bandwidth | - | vpc | √ | √ | Resource |
| - |
Global Accelerator (GA) | - | ga | √ | √ | Resource |
| |
Smart Access Gateway | - | smartag | √ | √ | Resource | - | |
Cloud Enterprise Network (CEN) | - | cen | √ | √ | Resource |
| |
PrivateLink | - | privatelink | √ | √ | Resource |
| |
Alibaba Cloud DNS PrivateZone | - | pvtz | √ | √ | Resource |
| |
Cloud Data Transfer (CDT) | - | cdt | √ | √ | Operation |
| |
VPC peering connection | - | vpc | √ | √ | Resource |
| - |
IPv6 Gateway | - | vpc | √ | √ | Resource |
| - |
O&M and management
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Application Real-Time Monitoring Service (ARMS) | - | arms | √ | √ | Service |
| |
CloudMonitor | - | cms | √ | √ | Operation |
| |
Intelligent Advisor | - | advisor-intl | √ | √ | Operation |
| - |
Cloud Shell | - | cloudshell | √ | ○ | Operation | AliyunCloudShellFullAccess | - |
Cloud Config | - | config | √ | √ | Operation |
| |
Logic Composer | - | composer | √ | √ | Resource |
| |
CloudOps Orchestration Service (OOS) | - | oos | √ | √ | Resource |
| |
Cloud Governance Center (CGC) | CGC | governance | √ | ○ | Operation |
| - |
Middleware
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Enterprise Distributed Application Service (EDAS) | - | edas | √ | √ | Resource |
| |
ApsaraMQ | ApsaraMQ for RocketMQ | mq | √ | √ | Resource |
| |
ApsaraMQ | ApsaraMQ for MQTT | mq | √ | √ | Resource |
| |
ApsaraMQ | ApsaraMQ for RabbitMQ | amqp | √ | √ | Resource |
| |
Message Service (MNS) | - | mns | √ | √ | Resource |
| |
Application Configuration Management | - | acms | √ | √ | Resource | AliyunACMFullAccess | |
ApsaraMQ for Kafka | - | alikafka | √ | √ | Service |
| |
Application High Availability Service | - | ahas | √ | √ | Service |
| - |
Service Mesh (ASM) | - | servicemesh | √ | √ | Resource |
| |
EventBridge | - | eventbridge | √ | √ | Resource |
|
Media services and CDN
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
CDN | - | cdn | √ | √ | Resource |
| |
ApsaraVideo Media Processing (MPS) | - | mts | √ | √ | Service |
| - |
ApsaraVideo VOD (VOD) | - | vod | √ | √ | Operation |
| - |
ApsaraVideo Live | - | live | √ | √ | Resource |
| |
Real-Time Communication | - | rtc | √ | √ | Resource | - | - |
Dynamic Content Delivery Network (DCDN) | - | dcdn | √ | √ | Resource |
| - |
Enterprise applications
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Direct Mail | - | dm | √ | √ | Operation |
| - |
API Gateway | - | apigateway | √ | √ | Service |
| |
Alibaba Mail | - | alimail | √ | ○ | Operation |
| - |
Resource Management | Resource Management | resourcemanager | √ | √ | Operation |
| |
Resource Management | Resource Sharing | resourcesharing | √ | √ | Operation |
| - |
Resource Management | the Tag service | tag | √ | √ | Operation |
| |
Resource Management | Resource Center | resourcecenter | √ | √ | Operation |
| |
Blockchain as a Service (BaaS) | BaaS | baas | √ | √ | Resource |
| |
CloudQuotation (CQ) | - | assettech | √ | ○ | Service |
| - |
BizWorks | - | bizworks | √ | ○ | Service |
| - |
Domains and websites
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Alibaba Cloud Domain Name System (DNS) | DNS | alidns | √ | √ | Resource |
| |
DNS | Alibaba Cloud Public DNS | pubdns | √ | √ | Resource |
| - |
Domain name | - | domain | √ | √ | Resource |
|
Artificial intelligence
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Intelligent Speech Interaction | Intelligent Speech Interaction | nls | √ | √ | Service |
| - |
Platform for AI (PAI) | - | pai | √ | √ | Service | - | - |
PAI | - | paiplugin | ○ | √ | Operation |
| - |
Image Search | - | imagesearch | √ | √ | Resource |
| |
Machine Translation | - | alimt | √ | √ | Operation |
| - |
IoT
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
IoT Platform | - | iot | √ | √ | Resource |
| |
Link IoT Edge | - | iot | √ | √ | Resource |
| |
Lindorm | Time Series Database (TSDB) | hitsdb | √ | √ | Operation | - | - |
Big data
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
DataWorks | - | dataworks | √ | √ | Operation |
| |
Quick BI | - | - | √ | √ | Service | - | - |
DataV | - | datav | √ | ○ | Service | AliyunDataVFullAccess | - |
Realtime Compute for Apache Flink | - | stream | √ | √ | Resource |
| |
Elasticsearch | - | elasticsearch | √ | √ | Resource |
| |
E-MapReduce (EMR) | E-MapReduce | emr | √ | √ | Service |
| |
Simple Log Service | - | log | √ | √ | Resource |
| |
Hologres | - | hologram | √ | √ | Resource |
|
Developer services
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Apsara Devops | - | rdc | √ | √ | Resource |
| - |
Managed Service for OpenTelemetry | - | xtrace | √ | √ | Operation |
| - |
Security
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Security Center (SAS) | - |
| √ | √ | Operation |
| - |
Server Guard | - | yundun-aegis | √ | √ | Service |
| - |
Anti-DDoS | Anti-DDoS | yundun-ddos | √ | √ | Service |
| - |
Anti-DDoS | Anti-DDoS Proxy (Chinese Mainland) |
| √ | √ | Service |
| - |
Anti-DDoS | Anti-DDoS Proxy (Outside Chinese Mainland) |
| √ | ○ | Service |
| - |
GameShield | - | yundun-gameshield | √ | ○ | Service | AliyunYundunGameShieldReadOnlyAccess | - |
Web Application Firewall (WAF) | WAF | yundun-waf | √ | √ | Operation |
| - |
Certificate Management Service | - | yundun-cert | √ | √ | Service |
| - |
Cloud Firewall | - | yundun-cloudfirewall | √ | √ | Service |
| - |
Managed Security Service (MSSP) | - | mssp | √ | ○ | Service | - | - |
Content Moderation | - | yundun-greenweb | √ | √ | Service |
| - |
Bastionhost | Bastionhost | yundun-bastionhost | √ | ○ | Service |
| - |
Data Security Center (DSC) | - | yundun-sddp | √ | √ | Service |
| - |
Identity as a Service (IDaaS) | IDaaS | yundun-idaas | √ | ○ | Operation |
| - |
Key Management Service (KMS) | - | kms | √ | √ | Resource |
| |
RAM | RAM |
| √ | √ | Resource |
| |
RAM | CloudSSO | cloudsso | √ | ○ | Resource |
| - |
ActionTrail | - | actiontrail | √ | √ | Operation | - |
Technical support
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Ticket Management | - | support | √ | √ | Service | AliyunSupportFullAccess | - |
Marketplace
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Alibaba Cloud Marketplace | - | acm | √ | × | Service | AliyunMarketplaceFullAccess | - |
Others
Alibaba Cloud service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Billing Management | - |
| √ | √ | Operation |
| - |
ICP Filing | - |
| √ | ○ | Service | AliyunBeianFullAccess | - |