This topic lists the Alibaba Cloud services that support Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.

Overview

Each table in this topic contains the following columns:

  • Alibaba Cloud service: the name of the cloud service that supports RAM.
  • Sub-service or sub-module: the sub-service or sub-module of the cloud service. A hyphen (-) indicates none.
  • RAM code: the code that is used in RAM to indicate the cloud service.
  • Console: indicates whether STS can be used to implement access control in the console of the service. A tick (✓) indicates that STS is supported. A cross (×) indicates that STS is not supported. A circle (○) indicates that no console is provided for that service.
  • API: indicates whether RAM can be used to implement access control by calling the API of the service. A tick (✓) indicates that RAM is supported by calling the API of the service. A cross (×) indicates that RAM is not supported by calling the API of the service. A circle (○) indicates that no API is provided for that service.
  • Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.

    The following authorization granularity is defined:

    • Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.
    • Operation: You can control whether RAM users or RAM roles can perform specific operations on a specific type of resource in the service.
    • Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.
  • System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.
  • References: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.

Elastic computing

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
ECS ECS ecs Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Elastic Block Storage (EBS) ecs Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Elastic GPU Service ecs Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS ECS Bare Metal Instance ecs Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Super Computing Cluster ecs Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Dedicated Host (DDH) ecs Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Alibaba Cloud Linux 2 ecs Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
Auto Scaling (ESS) - ess Service
  • AliyunESSFullAccess
  • AliyunESSReadOnlyAccess
API usage instructions
Container Service for Kubernetes (ACK) - cs Resource
  • AliyunCSFullAccess
  • AliyunCSReadOnlyAccess
Use sub-accounts
Batch Compute - batchcompute Service

-

-
Resource Orchestration Service (ROS) - ros Service
  • AliyunROSFullAccess
  • AliyunROSReadOnlyAccess
Use RAM to control resource access
Function Compute - fc Resource
  • AliyunFCFullAccess
  • AliyunFCReadOnlyAccess
  • AliyunFCInvocationAccess
Quick start for using the console as RAM users
Simple Application Server - swas Service AliyunSWASFullAccess -
Elastic High Performance Computing (E-HPC) - ehpc Service
  • AliyunEHPCFullAccess
  • AliyunEHPCReadOnlyAccess
-
Container Registry - cr Resource
  • AliyunContainerRegistryFullAccess
  • AliyunContainerRegistryReadOnlyAccess
Repository access control
Elastic Desktop Service (EDS) Wuying Cloud Desktop ecd Operation
  • AliyunECDFullAccess
  • AliyunECDReadOnlyAccess
  • AliyunECDRamUserAccess
Authorize RAM users
Elastic Container Instance (ECI) - eci Resource
  • AliyunECIFullAccess
  • AliyunECIReadOnlyAccess
Grant permissions to a RAM user
Serverless Workflow - fnf Resource
  • AliyunFnFFullAccess
  • AliyunFnFReadOnlyAccess
Authorization policy
Web App Service - webplus Operation
  • AliyunWebPlusFullAccess
  • AliyunWebPlusReadOnlyAccess
-

Database

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
ApsaraDB RDS ApsaraDB RDS rds Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for MySQL rds Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for SQL Server rds Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for PostgreSQL rds Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for PPAS rds Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB for MyBase rds Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
-
ApsaraDB for Redis - kvstore Resource
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
RAM authentication
ApsaraDB for Memcache - kvstore Service
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
-
ApsaraDB for MongoDB - dds Resource
  • AliyunMongoDBFullAccess
  • AliyunMongoDBReadOnlyAccess

-

AnalyticDB for PostgreSQL - gpdb Resource
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
Authentication rules for APIs
Data Transmission Service (DTS) - dts Operation
  • AliyunDTSFullAccess
  • AliyunDTSReadOnlyAccess
Authorize a RAM user to use DTS
Data Management (DMS) - dms Service -

-

AnalyticDB for MySQL - adb Operation
  • AliyunADBFullAccess
  • AliyunADBReadOnlyAccess
RAM users and permissions
Distribute Relational Database Service (DRDS) -
  • drds
  • polardbx
Resource
  • AliyunDRDSReadOnlyAccess
  • AliyunDRDSFullAccess
Use RAM for resource authorization
ApsaraDB for HBase - hbase Resource
  • AliyunHBaseFullAccess
  • AliyunHBaseReadOnlyAccess
Use RAM for resource authorization
Advanced Database & Application Migration (ADAM) - adam Service
  • AliyunADAMReadOnlyAccess
  • AliyunADAMFullAccess
Authorize a RAM user to log on to the ADAM console
PolarDB - polardb Operation
  • AliyunPolardbReadOnlyAccess
  • AliyunPolardbFullAccess
Create and authorize a RAM user
Database Backup (DBS) - dbs Service
  • AliyunDBSFullAccess
  • AliyunDBSReadOnlyAccess
-
Database Autonomy Service (DAS) - hdm Service
  • AliyunHDMReadOnlyAccess
  • AliyunHDMFullAccess
What do I do if I fail to access DAS as a RAM user due to lack of permissions?
Data Lake Analytics (DLA) - openanalytics Operation
  • AliyunDLAFullAccess
  • AliyunDLAReadOnlyAccess
  • AliyunDLADeveloperAccess
Grant RAM users fine-grained permissions to access DLA
ApsaraDB for OceanBase - oceanbase Service
  • AliyunOceanBaseFullAccess
  • AliyunOceanBaseReadOnlyAccess
-
ApsaraDB for Cassandra - cassandra Resource
  • AliyunCassandraFullAccess
  • AliyunCassandraReadOnlyAccess
Manage RAM users
LedgerDB - ledgerdb Resource
  • AliyunLedgerDBFullAccess
  • AliyunLedgerDBReadOnlyAccess
RAM user authorization
ApsaraDB for ClickHouse - clickhouse Resource
  • AliyunClickHouseFullAccess
  • AliyunClickHouseReadOnlyAccess
RAM-based authorization
Database Gateway - dg Resource
  • AliyunDGFullAccess
  • AliyunDGReadOnlyAccess
-

Storage

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Object Storage Service (OSS) - oss Resource
  • AliyunOSSFullAccess
  • AliyunOSSReadOnlyAccess
Overview
Apsara File Storage NAS (NAS) - nas Operation
  • AliyunNASFullAccess
  • AliyunNASReadOnlyAccess
Perform access control based on RAM policies
Tablestore - ots Resource
  • AliyunOTSFullAccess
  • AliyunOTSReadOnlyAccess
  • AliyunOTSWriteOnlyAccess
Custom permissions
Cloud Storage Gateway (CSG) - hcs-sgw Service AliyunHCSSGWFullAccess Use RAM to implement account-based access control
Hybrid Backup Recovery (HBR) - hbr Resource
  • AliyunHBRFullAccess
  • AliyunHBRReadOnlyAccess
Manage user permissions

Cloud communications

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Short Message Service (SMS) - dysms Service

-

-

Networking

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Virtual Private Cloud (VPC) - vpc Resource
  • AliyunVPCFullAccess
  • AliyunVPCReadOnlyAccess
RAM user authorization
Server Load Balancer (SLB) Server Load Balancer (SLB) slb Resource
  • AliyunSLBReadOnlyAccess
  • AliyunSLBFullAccess
Authorize a RAM user
Server Load Balancer (SLB) Application Load Balancer (ALB) alb Resource
  • AliyunALBFullAccess
  • AliyunALBReadOnlyAccess
-
Express Connect - vpc Resource
  • AliyunExpressConnectFullAccess
  • AliyunExpressConnectReadOnlyAccess
RAM user authorization
Elastic IP Address (EIP) - eip Resource
  • AliyunEIPFullAccess
  • AliyunEIPReadOnlyAccess
RAM user authorization
NAT Gateway (NAT) - vpc Resource
  • AliyunNATGatewayReadOnlyAccess
  • AliyunNATGatewayFullAccess
RAM user authorization
VPN Gateway - vpc Resource
  • AliyunVPNGatewayFullAccess
  • AliyunVPNGatewayReadOnlyAccess
RAM user authorization
EIP Bandwidth Plan - vpc Resource
  • AliyunCommonBandwidthPackageReadOnlyAccess
  • AliyunCommonBandwidthPackageFullAccess
-
Global Accelerator (GA) - ga Resource
  • AliyunGlobalAccelerationReadOnlyAccess
  • AliyunGlobalAccelerationFullAccess
RAM user authorization
Smart Access Gateway (SAG) - smartag Resource

-

RAM authentication
Cloud Enterprise Network - cen Resource
  • AliyunCENReadOnlyAccess
  • AliyunCENFullAccess
RAM authentication
PrivateLink - privatelink Resource
  • AliyunPrivateLinkFullAccess
  • AliyunPrivateLinkReadOnlyAccess
Alibaba Cloud DNS PrivateZone - pvtz Resource
  • AliyunPvtzFullAccess
  • AliyunPvtzReadOnlyAccess
RAM

O&M management

Alibaba Cloud service Sub-service or sub-module RAM code State in the ApsaraDB for Redis console API Authorization granularity System policy References
Application Real-Time Monitoring Service (ARMS) - arms Service
  • AliyunARMSFullAccess
  • AliyunARMSReadOnlyAccess
Grant different permissions to RAM users
CloudMonitor - cms Operation
  • AliyunCloudMonitorFullAccess
  • AliyunCloudMonitorReadOnlyAccess
  • AliyunCloudMonitorMetricDataReadOnlyAccess
Control permissions of RAM users
Cloud Shell - cloudshell Service - -
Cloud Config - config Service
  • AliyunConfigFullAccess
  • AliyunConfigReadOnlyAccess
RAM user authorization
Logic Composer - composer Resource
  • AliyunLogicComposerFullAccess
  • AliyunLogicComposerReadOnlyAccess
Grant permissions to a RAM user
Operation Orchestration Service (OOS) - oos Resource
  • AliyunOOSFullAccess
  • AliyunOOSReadOnlyAccess
Access control

Middleware

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Enterprise Distributed Application Service (EDAS) - edas Service
  • AliyunEDASFullAccess
  • AliyunEDASReadOnlyAccess
  • AliyunEDASApplicationFullAccess
  • AliyunEDASApplicationReadOnlyAccess
  • AliyunEDASResourceReadOnlyAccess
  • AliyunEDASResourceFullAccess
Manage RAM users
Message Queue Message Queue for Apache RocketMQ mq Resource
  • AliyunMQFullAccess
  • AliyunMQReadOnlyAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
Grant permissions to RAM users
Message Queue Message Queue for MQTT mq Resource
  • AliyunMQFullAccess
  • AliyunMQReadOnlyAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
Grant permissions to RAM users
Message Queue Message Queue for RabbitMQ amqp Resource
  • AliyunAMQFullAccess
  • AliyunAMQPReadOnlyAccess
Grant permissions to RAM users
Message Service (MNS) - mns Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
Create a custom policy
Application Configuration Management - acms Resource AliyunACMFullAccess Access control
Message Queue for Apache Kafka - alikafka Service
  • AliyunKafkaFullAccess
  • AliyunKafkaReadOnlyAccess
Grant permissions to RAM users
Application High Availability Service - ahas Service
  • AliyunAHASFullAccess
  • AliyunAHASReadOnlyAccess

-

Alibaba Cloud Service Mesh (ASM) - servicemesh Resource - Overview
EventBridge - eventbridge Resource
  • AliyunEventBridgeFullAccess
  • AliyunEventBridgeReadOnlyAccess
  • AliyunEventBridgeResourceCreatePolicy
  • AliyunEventBridgeResourceDeletePolicy
  • AliyunEventBridgeResourceUpdatePolicy
  • AliyunEventBridgePutEventsPolicy
Policies

Media services and CDN

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
CDN - cdn Resource
  • AliyunCDNFullAccess
  • AliyunCDNReadOnlyAccess
RAM authentication
ApsaraVideo for Media Processing (MTS) - mts Service
  • AliyunMTSFullAccess
  • AliyunMTSPlayerAuth

-

ApsaraVideo VOD (VOD) - vod Operation
  • AliyunVODFullAccess
  • AliyunVODReadOnlyAccess
  • AliyunVODPlayAuth
  • AliyunVODUploadAuth
-
ApsaraVideo Live - live Resource
  • AliyunLiveFullAccess
  • AliyunLiveReadOnlyAccess
Sub-account console operating instructions
Real-Time Communication - rtc Resource

-

-

Dynamic Route for CDN (DCDN) - dcdn Resource
  • AliyunDCDNFullAccess
  • AliyunDCDNReadOnlyAccess
-

Enterprise applications

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Direct Mail - dm Service
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
API Gateway - apigateway Service
  • AliyunApiGatewayFullAccess
  • AliyunApiGatewayReadOnlyAccess
Use RAM to manage user permissions for API Gateway
Alibaba Mail - alimail Operation - -
Resource Management Resource Management resourcemanager Operation
  • AliyunResourceDirectoryFullAccess
  • AliyunResourceDirectoryReadOnlyAccess
RAM authorization
Resource Management Tag tag Operation
  • AliyunTAGFullAccess
  • AliyunTAGReadOnlyAccess
Tag
Blockchain as a Service (BaaS) BaaS baas Resource
  • AliyunBaaSFullAccess
  • AliyunBaaSReadOnlyAccess
Hyperledger Fabric RAM authentication
CloudQuotation (CQ) - assettech Service
  • AliyunCQLoudFullAccess
  • AliyunCQLoudReadOnlyAccess
-
BizWorks - bizworks Service
  • AliyunBizWorksFullAccess
  • AliyunBizWorksReadOnlyAccess
-

Domains and websites

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Alibaba Cloud DNS DNS alidns Resource
  • AliyunDNSFullAccess
  • AliyunDNSReadOnlyAccess

-

DNS Alibaba Cloud Public DNS pubdns Resource
  • AliyunPubDNSReadOnlyAccess
  • AliyunPubDNSFullAccess
-
Domains - domain Resource AliyunDomainFullAccess Authentication rules for the Domains API

Artificial intelligence

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Intelligent Speech Interaction - nls Service
  • AliyunNLSFullAccess
  • AliyunNLSReadOnlyAccess
-
Machine Learning Platform for AI (PAI) - pai Service - -
Image Search - imagesearch Resource
  • AliyunImagesearchReadOnlyAccess
  • AliyunImagesearchFullAccess
Grant permissions to RAM users
Machine Translation - alimt Operation
  • AliyunMTFullAccess
  • AliyunMTReadOnlyAccess
-

IoT

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
IoT Platform - iot Resource
  • AliyunIOTFullAccess
  • AliyunIOTReadOnlyAccess
RAM user access
Link IoT Edge - iot Resource
  • AliyunIOTFullAccess
  • AliyunIOTReadOnlyAccess
Access resources of other Alibaba Cloud services
ApsaraDB for Lindorm Time Series Database (TSDB) hitsdb Operation

-

-

Big data

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
DataWorks - dataworks Service AliyunDataWorksFullAccess Use a RAM user
Quick BI - - Service - -
DataV - datav Service AliyunDataVFullAccess -
Realtime Compute for Apache Flink - - Service - -
Elasticsearch - elasticsearch Resource
  • AliyunElasticsearchReadOnlyAccess
  • AliyunElasticsearchFullAccess
Types of resources that can be authorized
E-MapReduce - emr Service
  • AliyunEMRFullAccess
  • AliyunUEMReadOnlyAccess
  • AliyunEMRFlowAdmin
  • AliyunEMRDevelopAccess
-
Log Service - log Resource
  • AliyunLogFullAccess
  • AliyunLogReadOnlyAccess
RAM authentication rules
Hologres - hologram Resource
  • AliyunHologresFullAccess
  • AliyunHologresReadOnlyAccess
Grant permissions to a RAM user

Developer services

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Apsara DevOps - rdc Resource
  • AliyunRDCFullAccess
  • AliyunRDCReadOnlyAccess
-
Tracing Analysis - xtrace Service
  • AliyunTracingAnalysisFullAccess
  • AliyunTracingAnalysisReadOnlyAccess
-

Security

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Security Center (SAS) -
  • yundun-sas
  • yundun-aegis
Service
  • AliyunYundunSASFullAccess
  • AliyunYundunSASReadOnlyAccess
-
Server Guard - yundun-aegis Service
  • AliyunYundunAegisFullAccess
  • AliyunYundunAegisReadOnlyAccess
-
Anti-DDoS Anti-DDoS yundun-ddos Service
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
-
Anti-DDoS Anti-DDoS Pro and Anti-DDoS Premium
  • yundun-high
  • yundun-ddoscoo
Service
  • AliyunYundunHighFullAccess
  • AliyunYundunHighReadOnlyAccess
-
Anti-DDoS Anti-DDoS Premium
  • yundun-high
  • yundun-ddoscoo
Service
  • AliyunYundunAntiDDoSPremiumFullAccess
  • AliyunYundunAntiDDoSPremiumReadOnlyAccess
-
GameShield - yundun-gameshield Service

AliyunYundunGameShieldReadOnlyAccess

-
Web Application Firewall (WAF) WAF yundun-waf Service
  • AliyunYundunWAFFullAccess
  • AliyunYundunWAFReadOnlyAccess
-
SSL Certificates Service - yundun-cert Service
  • AliyunYundunCertFullAccess
  • AliyunYundunCertReadOnlyAccess
-
Cloud Firewall (CFW) - yundun-cloudfirewall Service
  • AliyunYundunCloudFirewallReadOnlyAccess
  • AliyunYundunCloudFirewallFullAccess
-
Managed Security Service (MSSP) - mssp Service - -
Content Moderation - yundun-greenweb Service AliyunYundunGreenWebFullAccess -
Bastionhost Bastionhost yundun-bastionhost Service
  • AliyunYundunBastionHostFullAccess
  • AliyunYundunBastionHostReadOnlyAccess
  • AliyunYundunBastionHostOperateOnlyAccess
  • AliyunYundunBastionHostAuditOnlyAccess
-
Data Security Center (DSC) - yundun-sddp Service
  • AliyunYundunSDDPFullAccess
  • AliyunYundunSDDPReadOnlyAccess
-
Identity as a Service (IDaaS) IDaaS yundun-idaas Operation
  • AliyunYundunIdaasFullAccess
  • AliyunYundunIdaasReadOnlyAccess
-
Key Management Service (KMS) - kms Resource
  • AliyunKMSFullAccess
  • AliyunKMSReadOnlyAccess
  • AliyunKMSCryptoAccess
Use RAM to control access to KMS resources
RAM RAM
  • ram
  • sts
  • ims
Resource
  • AliyunRAMFullAccess
  • AliyunRAMReadOnlyAccess
RAM authentication
RAM CloudSSO cloudsso Resource
  • AliyunCloudSSOReadOnlyAccess
  • AliyunCloudSSOFullAccess
-
ActionTrail - actiontrail Operation

-

RAM account authentication

Technical support

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Ticket Management - support Service AliyunSupportFullAccess -

Marketplace

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Alibaba Cloud Marketplace - acm × Service AliyunMarketplaceFullAccess -

Others

Alibaba Cloud service Sub-service or sub-module RAM code Console API Authorization granularity System policy References
Billing Management -
  • bss
  • bssapi
  • efc
Service
  • AliyunBSSFullAccess
  • AliyunBSSReadOnlyAccess
  • AliyunBSSOrderAccess
  • AliyunBSSRefundAccess
  • AliyunBSSRenewReadOnlyAccess
  • AliyunBSSRenewFullAccess

-

ICP Filing -
  • beian
  • bsn
Service AliyunBeianFullAccess -