All Products
Search
Document Center

Resource Access Management:Services that work with RAM

Last Updated:Mar 06, 2024

This topic lists the services that work with Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.

Overview

Each table in this topic contains the following columns:

  • Alibaba Cloud service: the name of the cloud service that supports RAM.

  • Sub-service or sub-module: the sub-service or sub-module of the cloud service. A hyphen (-) indicates none.

  • RAM code: the code that is used in RAM to indicate the cloud service.

  • Console: indicates whether RAM can be used to implement access control in the console of the service. A tick (√) indicates that RAM is supported. A cross (×) indicates that RAM is not supported. A circle (○) indicates that no console is provided for that service.

  • API: indicates whether RAM can be used to implement access control by calling the API of the service. A tick (√) indicates that RAM is supported by calling the API of the service. A cross (×) indicates that RAM is not supported by calling the API of the service. A circle (○) indicates that no API is provided for that service.

  • Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.

    The following authorization granularity is defined:

    • Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.

    • Operation: You can control whether RAM users or RAM roles can perform specific operations on a specific type of resource in the service.

    • Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.

  • System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.

  • References: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.

Elastic computing

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

ECS

ECS

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

  • AliyunECSWorkbenchFullAccess

Authentication rules

Elastic Block Storage (EBS)

EBS

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

-

EBS

EBS

ebs

Resource

  • AliyunEBSFullAccess

  • AliyunEBSReadOnlyAccess

-

ECS

Elastic GPU Service

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authentication rules

ECS

ECS Bare Metal Instance

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authentication rules

ECS

Super Computing Cluster

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authentication rules

ECS

Dedicated Host (DDH)

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authentication rules

ECS

Alibaba Cloud Linux 2

ecs

Resource

  • AliyunECSFullAccess

  • AliyunECSReadOnlyAccess

  • AliyunECSAssistantFullAccess

  • AliyunECSAssistantReadonlyAccess

  • AliyunECSNetworkInterfaceManagementAccess

Authentication rules

Auto Scaling

-

ess

Operation

  • AliyunESSFullAccess

  • AliyunESSReadOnlyAccess

API usage instructions

Container Service for Kubernetes (ACK)

-

cs

Resource

  • AliyunCSFullAccess

  • AliyunCSReadOnlyAccess

Use sub-accounts

Batch Compute

-

batchcompute

Service

-

-

Resource Orchestration Service (ROS)

-

ros

Resource

  • AliyunROSFullAccess

  • AliyunROSReadOnlyAccess

Use RAM to control resource access

Function Compute

-

fc

Resource

  • AliyunFCFullAccess

  • AliyunFCReadOnlyAccess

  • AliyunFCInvocationAccess

Grant permissions across Alibaba Cloud accounts by using a RAM role

Simple Application Server

-

swas

Service

AliyunSWASFullAccess

-

Elastic High Performance Computing

-

ehpc

Service

  • AliyunEHPCFullAccess

  • AliyunEHPCReadOnlyAccess

-

Container Registry

-

cr

Resource

  • AliyunContainerRegistryFullAccess

  • AliyunContainerRegistryReadOnlyAccess

Configure policies for RAM users to access Container Registry

WUYING Workspace

WUYING Workspace

ecd

Operation

  • AliyunECDFullAccess

  • AliyunECDReadOnlyAccess

  • AliyunECDRamUserAccess

  • AliyunECDTagFullAccess

  • AliyunECDOfficeSiteFullAccess

  • AliyunECDUserFullAccess

  • AliyunECDPolicyGroupFullAccess

  • AliyunECDDesktopFullAccess

  • AliyunECDTechnicalSupportFullAccess

Grant permissions to RAM users

Elastic Container Instance

-

eci

Resource

  • AliyunECIFullAccess

  • AliyunECIReadOnlyAccess

Grant permissions to RAM users

CloudFlow

-

fnf

Resource

  • AliyunFnFFullAccess

  • AliyunFnFReadOnlyAccess

Authorization policy

Web App Service

-

webplus

Operation

  • AliyunWebPlusFullAccess

  • AliyunWebPlusReadOnlyAccess

-

Compute Nest

-

  • computenest

  • computenestsupplier

Resource

  • AliyunComputeNestSupplierFullAccess

  • AliyunComputeNestUserFullAccess

  • AliyunComputeNestUserReadOnlyAccess

  • AliyunComputeNestSupplierReadOnlyAccess

-

Alibaba Cloud Distributed Cloud Container Platform (ACK One)

-

adcp

Operation

  • AliyunAdcpFullAccess

  • AliyunAdcpReadOnlyAccess

-

Databases

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

ApsaraDB RDS

ApsaraDB RDS

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

  • AliyunRDSGADFullAccess

  • AliyunRDSGADReadOnlyAccess

  • AliyunRDSReadOnlyWithSQLLogArchiveAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB RDS for MySQL

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB RDS for SQL Server

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB RDS for PostgreSQL

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

Use RAM for resource authorization

ApsaraDB RDS

ApsaraDB for MyBase

rds

Resource

  • AliyunRDSFullAccess

  • AliyunRDSReadOnlyAccess

-

ApsaraDB for Redis

-

kvstore

Resource

  • AliyunKvstoreFullAccess

  • AliyunKvstoreReadOnlyAccess

RAM authentication

ApsaraDB for MongoDB

-

dds

Resource

  • AliyunMongoDBFullAccess

  • AliyunMongoDBReadOnlyAccess

-

AnalyticDB for PostgreSQL

-

gpdb

Resource

  • AliyunGPDBFullAccess

  • AliyunGPDBReadOnlyAccess

-

Data Transmission Service (DTS)

-

dts

Operation

  • AliyunDTSFullAccess

  • AliyunDTSReadOnlyAccess

Authorize a RAM user to use DTS

Data Management (DMS)

-

dms

Service

  • AliyunDMSFullAccess

  • AliyunDMSReadOnlyAccess

Authorize DMS to access Alibaba Cloud resources

AnalyticDB for MySQL

-

adb

Operation

  • AliyunADBFullAccess

  • AliyunADBReadOnlyAccess

  • AliyunADBDeveloperAccess

RAM authorization

PolarDB for Xscale (PolarDB-X)

-

  • drds

  • polardbx

Resource

  • AliyunDRDSReadOnlyAccess

  • AliyunDRDSFullAccess

  • AliyunDRDSReadOnlyWithSQLLogArchiveAccess

Use RAM for resource authorization

ApsaraDB for HBase

-

hbase

Resource

  • AliyunHBaseFullAccess

  • AliyunHBaseReadOnlyAccess

Use RAM for resource authorization

Advanced Database & Application Migration (ADAM)

-

adam

Service

  • AliyunADAMReadOnlyAccess

  • AliyunADAMFullAccess

Authorize a RAM user to log on to the ADAM console

PolarDB

-

polardb

Operation

  • AliyunPolardbReadOnlyAccess

  • AliyunPolardbFullAccess

  • AliyunPolardbReadOnlyWithSQLLogArchiveAccess

Create and authorize a RAM user

Database Backup (DBS)

-

dbs

Service

  • AliyunDBSFullAccess

  • AliyunDBSReadOnlyAccess

-

Database Autonomy Service (DAS)

-

hdm

Service

  • AliyunHDMReadOnlyAccess

  • AliyunHDMFullAccess

  • AliyunHDMReadOnlyWithSQLLogArchiveAccess

What do I do if I fail to access DAS as a RAM user due to lack of permissions?

Data Lake Analytics (DLA)

-

openanalytics

Resource

  • AliyunDLAFullAccess

  • AliyunDLAReadOnlyAccess

  • AliyunDLADeveloperAccess

Grant RAM users fine-grained permissions to access DLA

ApsaraDB for OceanBase

-

oceanbase

Service

  • AliyunOceanBaseFullAccess

  • AliyunOceanBaseReadOnlyAccess

-

ApsaraDB for Cassandra

-

cassandra

Resource

  • AliyunCassandraFullAccess

  • AliyunCassandraReadOnlyAccess

Manage RAM users

LedgerDB

-

ledgerdb

Resource

  • AliyunLedgerDBFullAccess

  • AliyunLedgerDBReadOnlyAccess

RAM user authorization

ApsaraDB for ClickHouse

-

clickhouse

Resource

  • AliyunClickHouseFullAccess

  • AliyunClickHouseReadOnlyAccess

RAM-based authorization

Database Gateway (DG)

-

dg

Resource

  • AliyunDGFullAccess

  • AliyunDGReadOnlyAccess

-

Storage

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Object Storage Service (OSS)

-

oss

Resource

  • AliyunOSSFullAccess

  • AliyunOSSReadOnlyAccess

  • AliyunOSSImportReadOnlyAccess

  • AliyunOSSImportFullAccess

Overview

Apsara File Storage NAS (NAS)

-

nas

Resource

  • AliyunNASFullAccess

  • AliyunNASReadOnlyAccess

Perform access control based on RAM policies

Tablestore (OTS)

-

ots

Resource

  • AliyunOTSFullAccess

  • AliyunOTSReadOnlyAccess

  • AliyunOTSWriteOnlyAccess

Custom permissions

Cloud Storage Gateway (CSG)

-

hcs-sgw

Service

AliyunHCSSGWFullAccess

Use RAM to implement account-based access control

Cloud Backup

-

hbr

Resource

  • AliyunHBRFullAccess

  • AliyunHBRReadOnlyAccess

Create a RAM user and grant permissions to the RAM user

Hybrid Cloud Storage Array (CSA)

CSA

hgw

Operation

  • AliyunHgwFullAccess

  • AliyunHgwReadOnlyAccess

-

CSA

Remote Service

asrs

Resource

  • ASRSFullAccess

  • ASRSReadonlyAccess

-

Cloud communications

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Short Message Service (SMS)

-

dysms

Service

-

-

Network

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Virtual Private Cloud (VPC)

-

vpc

Resource

  • AliyunVPCFullAccess

  • AliyunVPCReadOnlyAccess

  • AliyunVPCNetworkIntelligenceReadOnlyAccess

  • AliyunVPCPrefixListAccess

  • AliyunVPCPrefixListReadOnlyAccess

  • AliyunVpcPeerFullAccess

  • AliyunVpcPeerReadOnlyAccess

RAM user authorization

Service Load Balancer (SLB)

SLB

slb

Resource

  • AliyunSLBReadOnlyAccess

  • AliyunSLBFullAccess

Authorize a RAM user

SLB

Application Load Balancer (ALB)

alb

Resource

  • AliyunALBFullAccess

  • AliyunALBReadOnlyAccess

-

SLB

Network Load Balancer (NLB)

nlb

Resource

  • AliyunNLBFullAccess

  • AliyunNLBReadOnlyAccess

-

Express Connect

-

vpc

Resource

  • AliyunExpressConnectFullAccess

  • AliyunExpressConnectReadOnlyAccess

System policies and sample custom policies for Express Connect

Elastic IP Address (EIP)

EIP

vpc

Resource

  • AliyunEIPFullAccess

  • AliyunEIPReadOnlyAccess

RAM user authorization

EIP

Anycast Elastic IP Address (Anycast EIP)

eipanycast

Resource

  • AliyunAnycastEIPFullAccess

  • AliyunAnycastEIPReadOnlyAccess

RAM authorization

NAT Gateway

-

vpc

Resource

  • AliyunNATGatewayReadOnlyAccess

  • AliyunNATGatewayFullAccess

RAM user authorization

VPN Gateway

-

vpc

Resource

  • AliyunVPNGatewayFullAccess

  • AliyunVPNGatewayReadOnlyAccess

RAM user authorization

Internet Shared Bandwidth

-

vpc

Resource

  • AliyunCommonBandwidthPackageReadOnlyAccess

  • AliyunCommonBandwidthPackageFullAccess

-

Global Accelerator (GA)

-

ga

Resource

  • AliyunGlobalAccelerationReadOnlyAccess

  • AliyunGlobalAccelerationFullAccess

RAM user authorization

Smart Access Gateway

-

smartag

Resource

-

RAM authentication

Cloud Enterprise Network (CEN)

-

cen

Resource

  • AliyunCENReadOnlyAccess

  • AliyunCENFullAccess

RAM authentication

PrivateLink

-

privatelink

Resource

  • AliyunPrivateLinkFullAccess

  • AliyunPrivateLinkReadOnlyAccess

  • AliyunPrivatelinkEndpointServiceReadOnlyAccess

  • AliyunPrivatelinkEndpointServiceFullAccess

  • AliyunPrivatelinkEndpointReadOnlyAccess

  • AliyunPrivatelinkEndpointFullAccess

RAM user authorization

Alibaba Cloud DNS PrivateZone

-

pvtz

Resource

  • AliyunPvtzFullAccess

  • AliyunPvtzReadOnlyAccess

RAM

Cloud Data Transfer (CDT)

-

cdt

Operation

  • AliyunCDTFullAccess

  • AliyunCDTReadOnlyAccess

RAM permission policy

VPC peering connection

-

vpc

Resource

  • AliyunVpcPeerFullAccess

  • AliyunVpcPeerReadOnlyAccess

-

IPv6 Gateway

-

vpc

Resource

  • AliyunIpv6FullAccess

  • AliyunIpv6ReadOnlyAccess

-

O&M and management

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Application Real-Time Monitoring Service (ARMS)

-

arms

Service

  • AliyunARMSFullAccess

  • AliyunARMSReadOnlyAccess

Grant different permissions to RAM users

CloudMonitor

-

cms

Operation

  • AliyunCloudMonitorFullAccess

  • AliyunCloudMonitorReadOnlyAccess

  • AliyunCloudMonitorMetricDataReadOnlyAccess

Control permissions of RAM users

Intelligent Advisor

-

advisor-intl

Operation

  • AliyunAdvisorFullAccess

  • AliyunAdvisorReadOnlyAccess

-

Cloud Shell

-

cloudshell

Operation

AliyunCloudShellFullAccess

-

Cloud Config

-

config

Operation

  • AliyunConfigFullAccess

  • AliyunConfigReadOnlyAccess

RAM authentication

Logic Composer

-

composer

Resource

  • AliyunLogicComposerFullAccess

  • AliyunLogicComposerReadOnlyAccess

Grant permissions to a RAM user

CloudOps Orchestration Service (OOS)

-

oos

Resource

  • AliyunOOSFullAccess

  • AliyunOOSReadOnlyAccess

RAM authorization

Cloud Governance Center (CGC)

CGC

governance

Operation

  • AliyunGovernanceFullAccess

  • AliyunGovernanceReadOnlyAccess

-

Middleware

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Enterprise Distributed Application Service (EDAS)

-

edas

Resource

  • AliyunEDASFullAccess

  • AliyunEDASReadOnlyAccess

  • AliyunEDASApplicationFullAccess

  • AliyunEDASApplicationReadOnlyAccess

  • AliyunEDASResourceReadOnlyAccess

  • AliyunEDASResourceFullAccess

Manage RAM users

ApsaraMQ

ApsaraMQ for RocketMQ

mq

Resource

  • AliyunMQFullAccess

  • AliyunMQReadOnlyAccess

  • AliyunMQPubOnlyAccess

  • AliyunMQSubOnlyAccess

Grant permissions to RAM users

ApsaraMQ

ApsaraMQ for MQTT

mq

Resource

  • AliyunMQFullAccess

  • AliyunMQReadOnlyAccess

  • AliyunMQPubOnlyAccess

  • AliyunMQSubOnlyAccess

Grant permissions to RAM users

ApsaraMQ

ApsaraMQ for RabbitMQ

amqp

Resource

  • AliyunAMQPFullAccess

  • AliyunAMQPReadOnlyAccess

Grant permissions to RAM users

Message Service (MNS)

-

mns

Resource

  • AliyunMNSFullAccess

  • AliyunMNSReadOnlyAccess

Create a custom policy

Application Configuration Management

-

acms

Resource

AliyunACMFullAccess

Access control

ApsaraMQ for Kafka

-

alikafka

Service

  • AliyunKafkaFullAccess

  • AliyunKafkaReadOnlyAccess

Grant permissions to RAM users

Application High Availability Service

-

ahas

Service

  • AliyunAHASFullAccess

  • AliyunAHASReadOnlyAccess

-

Service Mesh (ASM)

-

servicemesh

Resource

  • AliyunASMFullAccess

  • AliyunASMReadOnlyAccess

Overview

EventBridge

-

eventbridge

Resource

  • AliyunEventBridgeFullAccess

  • AliyunEventBridgeReadOnlyAccess

  • AliyunEventBridgeResourceCreatePolicy

  • AliyunEventBridgeResourceDeletePolicy

  • AliyunEventBridgeResourceUpdatePolicy

  • AliyunEventBridgePutEventsPolicy

Policies

Media services and CDN

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

CDN

-

cdn

Resource

  • AliyunCDNFullAccess

  • AliyunCDNReadOnlyAccess

RAM authentication

ApsaraVideo Media Processing (MPS)

-

mts

Service

  • AliyunMTSFullAccess

  • AliyunMTSPlayerAuth

-

ApsaraVideo VOD (VOD)

-

vod

Operation

  • AliyunVODFullAccess

  • AliyunVODReadOnlyAccess

  • AliyunVODPlayAuth

  • AliyunVODUploadAuth

-

ApsaraVideo Live

-

live

Resource

  • AliyunLiveFullAccess

  • AliyunLiveReadOnlyAccess

Sub-account console operating instructions

Real-Time Communication

-

rtc

Resource

-

-

Dynamic Content Delivery Network (DCDN)

-

dcdn

Resource

  • AliyunDCDNFullAccess

  • AliyunDCDNReadOnlyAccess

-

Enterprise applications

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Direct Mail

-

dm

Operation

  • AliyunDirectMailFullAccess

  • AliyunDirectMailReadOnlyAccess

-

API Gateway

-

apigateway

Service

  • AliyunApiGatewayFullAccess

  • AliyunApiGatewayReadOnlyAccess

Use RAM to manage user permissions for API Gateway

Alibaba Mail

-

alimail

Operation

  • AliyunAlimailFullAccess

  • AliyunAlimailReadOnlyAccess

-

Resource Management

Resource Management

resourcemanager

Operation

  • AliyunResourceDirectoryFullAccess

  • AliyunResourceDirectoryReadOnlyAccess

RAM authorization

Resource Management

Resource Sharing

resourcesharing

Operation

  • AliyunResourceSharingFullAccess

  • AliyunResourceSharingReadOnlyAccess

-

Resource Management

the Tag service

tag

Operation

  • AliyunTagManagerAccess

  • AliyunTAGReadOnlyAccess

  • AliyunTagAdministratorAccess

Tag

Resource Management

Resource Center

resourcecenter

Operation

  • AliyunResourceCenterFullAccess

  • AliyunResourceCenterReadOnlyAccess

Permissions for a RAM user to access Resource Center

Blockchain as a Service (BaaS)

BaaS

baas

Resource

  • AliyunBaaSFullAccess

  • AliyunBaaSReadOnlyAccess

Hyperledger Fabric RAM authentication

CloudQuotation (CQ)

-

assettech

Service

  • AliyunCQLoudFullAccess

  • AliyunCQLoudReadOnlyAccess

-

BizWorks

-

bizworks

Service

  • AliyunBizWorksFullAccess

  • AliyunBizWorksReadOnlyAccess

-

Domains and websites

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Alibaba Cloud Domain Name System (DNS)

DNS

alidns

Resource

  • AliyunDNSFullAccess

  • AliyunDNSReadOnlyAccess

RAM authorization

DNS

Alibaba Cloud Public DNS

pubdns

Resource

  • AliyunPubDNSReadOnlyAccess

  • AliyunPubDNSFullAccess

-

Domain name

-

domain

Resource

  • AliyunDomainFullAccess

  • AliyunDomainReadonlyAccess

Authentication rules for the Domains API

Artificial intelligence

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Intelligent Speech Interaction

Intelligent Speech Interaction

nls

Service

  • AliyunNLSFullAccess

  • AliyunNLSReadOnlyAccess

  • AliyunNLSSpeechServiceAccess

  • AliyunNLSSlpAccess

-

Platform for AI (PAI)

-

pai

Service

-

-

PAI

-

paiplugin

Operation

  • AliyunPaiPluginFullAccess

  • AliyunPaiPluginReadOnlyAccess

-

Image Search

-

imagesearch

Resource

  • AliyunImagesearchReadOnlyAccess

  • AliyunImagesearchFullAccess

Grant permissions to RAM users

Machine Translation

-

alimt

Operation

  • AliyunMTFullAccess

  • AliyunMTReadOnlyAccess

-

IoT

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

IoT Platform

-

iot

Resource

  • AliyunIOTFullAccess

  • AliyunIOTReadOnlyAccess

  • AliyunIOTConsoleCommonAccess

RAM user access

Link IoT Edge

-

iot

Resource

  • AliyunIOTFullAccess

  • AliyunIOTReadOnlyAccess

  • AliyunIOTConsoleCommonAccess

Access resources of other Alibaba Cloud services

Lindorm

Time Series Database (TSDB)

hitsdb

Operation

-

-

Big data

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

DataWorks

-

dataworks

Operation

  • AliyunDataWorksFullAccess

  • AliyunDataWorksReadOnlyAccess

  • AliyunDataWorksExclusiveResourceGroupModify

  • AliyunDataWorksAccessingRdsReadOnlyPolicy

  • AliyunDataWorksAccessingDLFReadOnlyPolicy

  • AliyunDataWorksAccessingEMRReadOnlyPolicy

  • AliyunDataWorksAccessingAlikafkaPolicy

Manage permissions on the DataWorks services and the entities in the DataWorks console by using RAM policies

Quick BI

-

-

Service

-

-

DataV

-

datav

Service

AliyunDataVFullAccess

-

Realtime Compute for Apache Flink

-

stream

Resource

  • AliyunStreamFullAccess

  • AliyunStreamReadOnlyAccess

Grant permissions to a RAM user

Elasticsearch

-

elasticsearch

Resource

  • AliyunElasticsearchReadOnlyAccess

  • AliyunElasticsearchFullAccess

  • AliyunElasticsearchServerlessFullAccess

  • AliyunElasticsearchServerlessReadOnlyAccess

Types of resources that can be authorized

E-MapReduce (EMR)

E-MapReduce

emr

Service

  • AliyunEMRFullAccess

  • AliyunEMRFlowAdmin

  • AliyunEMRDevelopAccess

  • AliyunEMRDlsFullAccess

  • AliyunEMRDlsReadOnlyAccess

Grant permissions to RAM users

Simple Log Service

-

log

Resource

  • AliyunLogFullAccess

  • AliyunLogReadOnlyAccess

  • AliyunLogPutOpenEventPolicy

  • AliyunLogInvokeFCAccess

RAM authentication rules

Hologres

-

hologram

Resource

  • AliyunHologresFullAccess

  • AliyunHologresReadOnlyAccess

Grant permissions to a RAM user

Developer services

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Apsara Devops

-

rdc

Resource

  • AliyunRDCFullAccess

  • AliyunRDCReadOnlyAccess

-

Managed Service for OpenTelemetry

-

xtrace

Operation

  • AliyunTracingAnalysisFullAccess

  • AliyunTracingAnalysisReadOnlyAccess

-

Security

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Security Center (SAS)

-

  • yundun-sas

  • yundun-aegis

Operation

  • AliyunYundunSASFullAccess

  • AliyunYundunSASReadOnlyAccess

-

Server Guard

-

yundun-aegis

Service

  • AliyunYundunAegisFullAccess

  • AliyunYundunAegisReadOnlyAccess

-

Anti-DDoS

Anti-DDoS

yundun-ddos

Service

  • AliyunYundunDDosFullAccess

  • AliyunYundunDDosReadOnlyAccess

  • AliyunYundunDDoSRewardsReadOnlyA

  • AliyunYundunDDoSRewardsFullAccess

-

Anti-DDoS

Anti-DDoS Proxy (Chinese Mainland)

  • yundun-high

  • yundun-ddoscoo

Service

  • AliyunYundunHighFullAccess

  • AliyunYundunHighReadOnlyAccess

-

Anti-DDoS

Anti-DDoS Proxy (Outside Chinese Mainland)

  • yundun-high

  • yundun-ddoscoo

Service

  • AliyunYundunAntiDDoSPremiumFullAccess

  • AliyunYundunAntiDDoSPremiumReadOnlyAccess

-

GameShield

-

yundun-gameshield

Service

AliyunYundunGameShieldReadOnlyAccess

-

Web Application Firewall (WAF)

WAF

yundun-waf

Operation

  • AliyunYundunWAFFullAccess

  • AliyunYundunWAFReadOnlyAccess

  • AliyunYundunWAFv3FullAccess

  • AliyunYundunWAFv3ReadOnlyAccess

-

Certificate Management Service

-

yundun-cert

Service

  • AliyunYundunCertFullAccess

  • AliyunYundunCertReadOnlyAccess

-

Cloud Firewall

-

yundun-cloudfirewall

Service

  • AliyunYundunCloudFirewallReadOnlyAccess

  • AliyunYundunCloudFirewallFullAccess

-

Managed Security Service (MSSP)

-

mssp

Service

-

-

Content Moderation

-

yundun-greenweb

Service

  • AliyunYundunGreenWebFullAccess

  • AliyunYundunGreenWebConsoleOnlyAccess

  • AliyunYundunGreenWebReadOnlyAccess

-

Bastionhost

Bastionhost

yundun-bastionhost

Service

  • AliyunYundunBastionHostFullAccess

  • AliyunYundunBastionHostReadOnlyAccess

  • AliyunYundunBastionHostOperateOnlyAccess

  • AliyunYundunBastionHostAuditOnlyAccess

-

Data Security Center (DSC)

-

yundun-sddp

Service

  • AliyunYundunSDDPFullAccess

  • AliyunYundunSDDPReadOnlyAccess

  • AliyunYundunSDDPDataManager

-

Identity as a Service (IDaaS)

IDaaS

yundun-idaas

Operation

  • AliyunYundunIdaasFullAccess

  • AliyunYundunIdaasReadOnlyAccess

-

Key Management Service (KMS)

-

kms

Resource

  • AliyunKMSFullAccess

  • AliyunKMSReadOnlyAccess

  • AliyunKMSSecretUserAccess

  • AliyunKMSCryptoAdminAccess

  • AliyunKMSCryptoUserAccess

  • AliyunKMSSecretAdminAccess

Use RAM to control access to KMS resources

RAM

RAM

  • ram

  • sts

  • ims

Resource

  • AliyunRAMFullAccess

  • AliyunRAMReadOnlyAccess

RAM authentication

RAM

CloudSSO

cloudsso

Resource

  • AliyunCloudSSOReadOnlyAccess

  • AliyunCloudSSOFullAccess

-

ActionTrail

-

actiontrail

Operation

-

RAM account authentication

Technical support

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Ticket Management

-

support

Service

AliyunSupportFullAccess

-

Marketplace

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Alibaba Cloud Marketplace

-

acm

×

Service

AliyunMarketplaceFullAccess

-

Others

Alibaba Cloud service

Sub-service or sub-module

RAM code

Console

API

Authorization granularity

System policy

References

Billing Management

-

  • bss

  • bssapi

  • efc

Operation

  • AliyunBSSFullAccess

  • AliyunBSSReadOnlyAccess

  • AliyunBSSOrderAccess

  • AliyunBSSRefundAccess

  • AliyunBSSRenewReadOnlyAccess

  • AliyunBSSRenewFullAccess

  • AliyunBSSCartReadOnlyAccess

  • AliyunBSSCartFullAccess

  • AliyunBSSMyFreetierFullAccess

-

ICP Filing

-

  • beian

  • bsn

Service

AliyunBeianFullAccess

-