This topic lists the Alibaba Cloud services that work with Alibaba Cloud Resource Access Management (RAM), the authorization granularity and system policies supported for each service, and the links to related topics.

Supported services

The following types of services work with RAM: elastic computing, database, storage and CDN, networking, analytics, cloud communications, monitoring and management, application, middleware, message queue, media, big data, security, marketplace, domain and website, membership, billing management, support, , and messaging. The tables provided in the following sections list the services of each type that work with RAM.

For more information about Alibaba Cloud services that work with STS, see Alibaba Cloud services that work with STS.

Each table contains the following columns:

  • Service: the name of the service that works with RAM.
  • Console: indicates whether RAM can control user access to the console of the service. A check sign (√) indicates that RAM can control the access. A cross sign (×) indicates that RAM cannot control the access. A circle (○) indicates that the service is unavailable in the console.
  • API: indicates whether RAM can control user access to the API of the service. A check sign (√) indicates that RAM can control the access. A cross sign (×) indicates that RAM cannot control the access. A circle (○) indicates that the service does not provide an API.
  • Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.
    The following authorization granularities are available:
    • Service: You can control whether RAM users can access the service. You can only grant RAM users the permission to access all or none of the service resources.
    • Operation: You can control whether RAM users can perform specific operations on a type of service resource.
    • Resource: You can control whether RAM users can perform a specific operation on a service resource. For example, you can authorize a RAM user to restart a specific ECS instance.
  • System policies: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policy is available.
  • Reference: the topics related to both RAM and the service. A hyphen (-) indicates that no topics are available.

Elastic computing

Service Console API Authorization granularity System policies Reference
Elastic Compute Service Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
Auto Scaling Service
  • AliyunESSFullAccess
  • AliyunESSReadOnlyAccess
API usage instructions
Alibaba Cloud Container Service for Kubernetes Service
  • AliyunCSFullAccess
  • AliyunCSReadOnlyAccess
Use sub-accounts
Container Registry Resource
  • AliyunContainerRegistryFullAccess
  • AliyunContainerRegistryReadOnlyAccess
Repository access control
Resource Orchestration Service Service
  • AliyunROSFullAccess
  • AliyunROSReadOnlyAccess
Use RAM to control resource access
Batch Compute Service

-

-
Function Compute Resource
  • AliyunFCFullAccess
  • AliyunFCInvocationAccess
  • AliyunFCReadOnlyAccess
Subaccount userguide
E-HPC Service
  • AliyunEHPCFullAccess
  • AliyunEHPCReadOnlyAccess
-
Simple Application Server Service AliyunSWASFullAccess -
Elastic Container Instance Resource
  • AliyunECIFullAccess
  • AliyunECIReadOnlyAccess
Authorize a RAM user account

Database

Service Console API Authorization granularity System policies Reference
ApsaraDB for RDS Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
RAM authorization
ApsaraDB for MongoDB Resource
  • AliyunMongoDBFullAccess
  • AliyunMongoDBReadOnlyAccess

-

ApsaraDB for Redis Resource
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
RAM authorization
ApsaraDB for Memcache Service
  • AliyunOCSFullAccess
  • AliyunOCSReadOnlyAccess
-
Time Series Database (TSDB) Operation

-

-
AnalyticDB for PostgreSQL Resource
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
Authentication rules for APIs
Data Transmission Service Service
  • AliyunDTSFullAccess
  • AliyunDTSReadOnlyAccess

-

Database Backup Service
  • AliyunDBSFullAccess
  • AliyunDBSReadOnlyAccess
-
Distributed Relational Database Service Resource
  • AliyunDRDSReadOnlyAccessyAccess
  • AliyunDRDSFullAccess

-

Storage and CDN

Service Console API Authorization granularity System policies Reference
Object Storage Service Resource
  • AliyunOSSFullAccess
  • AliyunOSSReadOnlyAccess
RAM policy
Apsara File Storage NAS Operation
  • AliyunNASFullAccess
  • AliyunNASReadOnlyAccess
Manage permission groups
Table Store Resource
  • AliyunOTSFullAccess
  • AliyunOTSReadOnlyAccess
  • AliyunOTSWriteOnlyAccess
-
Alibaba Cloud CDN Resource
  • AliyunCDNFullAccess
  • AliyunCDNReadOnlyAccess
API authentication rules
Dynamic Route for CDN Resource
  • AliyunDCDNFullAccess
  • AliyunDCDNReadOnlyAccess
-
Cloud Storage Gateway Service AliyunHCSSGWFullAccess -
Hybrid Backup Recovery Resource
  • AliyunHBRFullAccess
  • AliyunHBRReadOnlyAccess
-
Data Transport Service AliyunMGWFullAccess -

Networking

Service Console API Authorization granularity System policies Reference
Virtual Private Cloud Resource
  • AliyunVPCFullAccess
  • AliyunVPCReadOnlyAccess
RAM authentication
Server Load Balancer Resource
  • AliyunSLBReadOnlyAccess
  • AliyunSLBFullAccess
RAM authentication
Elastic IP Address Resource
  • AliyunEIPFullAccess
  • AliyunEIPReadOnlyAccess
RAM authentication
Express Connect Resource
  • AliyunExpressConnectFullAccess
  • AliyunExpressConnectReadOnlyAccess
RAM authentication
NAT Gateway Resource
  • AliyunNATGatewayReadOnlyAccess
  • AliyunNATGatewayFullAccess
RAM authentication
VPN Gateway Resource
  • AliyunVPNGatewayFullAccess
  • AliyunVPNGatewayReadOnlyAccess
RAM authentication
Global Acceleration Resource
  • AliyunGlobalAccelerationReadOnlyAccess
  • AliyunGlobalAccelerationFullAccess
RAM authentication
Smart Access Gateway Resource

-

RAM authentication
Cloud Enterprise Network Resource
  • AliyunCENReadOnlyAccess
  • AliyunCENFullAccess
RAM authentication

Analytics

Service Console API Authorization granularity System policies Reference
E-MapReduce Service
  • AliyunEMRFullAccess
  • AliyunEMRDevelopAccess
  • AliyunEMRFlowAdmin
-
Data Lake Analytics Operation
  • AliyunDLAFullAccess
  • AliyunDLAReadOnlyAccess
-

Cloud communications

Service Console API Authorization granularity System policies Reference
Message Service Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
-
Short Message Service Service

-

-

Monitoring and management

Service Console API Authorization granularity System policies Reference
CloudMonitor Service
  • AliyunCloudMonitorFullAccess
  • AliyunCloudMonitorReadOnlyAccess
RAM for CloudMonitor
ActionTrail Resource

-

RAM account authentication
Resource Access Management Resource
  • AliyunRAMFullAccess
  • AliyunRAMReadOnlyAccess
RAM authentication
Key Management Service Resource
  • AliyunKMSFullAccess
  • AliyunKMSReadOnlyAccess
  • AliyunKMSCryptoAccess
Use RAM to authorize KMS resources
Intelligent Advisor × × Operation - -

Application

Service Console API Authorization granularity System policies Reference
Log Service Resource
  • AliyunLogFullAccess
  • AliyunLogReadOnlyAccess
Authentication rules
Direct Mail Service
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
API Gateway Service
  • AliyunApiGatewayFullAccess
  • AliyunApiGatewayReadOnlyAccess
ApiGateway_RAM
IoT Platform Resource
  • AliyunIOTFullAccess
  • AliyunIOTReadOnlyAccess
Use RAM users
Blockchain as a Service Resource -

-

Middleware

Service Console API Authorization granularity System policies Reference
Enterprise Distributed Application Service Service AliyunEDASFullAccess Sub-accounts
Distributed Relational Database Service Resource
  • AliyunDRDSFullAccess
  • AliyunDRDSReadOnlyAccess

-

Application Real-Time Monitoring Service Service AliyunARMSFullAccess -
Application Configuration Management Resource AliyunACMFullAccess Access control

Message queue

Service Console API Authorization granularity System policies Reference
Alibaba Cloud Message Queue for Apache RocketMQ Resource
  • AliyunMQFullAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
RAM sub-account authorization
Message Service Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess

-

Media

Service Console API Authorization granularity System policies Reference
ApsaraVideo for Media Processing Service
  • AliyunMTSFullAccess
  • AliyunMTSPlayerAuth
Sub-account console operating instructions
ApsaraVideo VOD Service AliyunVODFullAccess -
ApsaraVideo Live Resource AliyunLiveFullAccess API authentication rules
Real-Time Communication Resource

-

-

Big data

Service Console API Authorization granularity System policies Reference
DataWorks Service AliyunDataWorksFullAccess RAM User Operations
Quick BI Service - -
Machine Learning Platform for AI Service - -
Public Recognition Service - -
DataV Service - -
MaxCompute Service - -
Elasticsearch Resource
  • AliyunElasticsearchReadOnlyAccess
  • AliyunElasticsearchFullAccess
Authorized resources
Machine Translation × × Service - -
Image Search Resource
  • AliyunImagesearchReadOnlyAccess
  • AliyunImagesearchFullAccess
Authorization policies

Security

Service Console API Authorization granularity System policies Reference
Security Center Service
  • AliyunYundunSASFullAccess
  • AliyunYundunSASReadOnlyAccess
-
Server Guard Service
  • AliyunYundunAegisFullAccess
  • AliyunYundunAegisReadOnlyAccess
-
Anti-DDoS Basic Service
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
-
Anti-DDoS Pro Service
  • AliyunYundunHighFullAccess
  • AliyunYundunHighReadOnlyAccess
-
Anti-DDoS Premium Service
  • AliyunYundunAntiDDoSPremiumFullAccess
  • AliyunYundunAntiDDoSPremiumReadOnlyAccess
-
GameShield Service

AliyunYundunGameShieldReadOnlyAccess

-
Web Application Firewall Service
  • AliyunYundunWAFFullAccess
  • AliyunYundunWAFReadOnlyAccess
-
SSL Certificates Service Service
  • AliyunYundunCertFullAccess
  • AliyunYundunCertReadOnlyAccess
-
Cloud Security Scanner Service - -
Content Moderation Service AliyunYundunGreenWebFullAccess -
Anti-Bot Service Service
  • AliyunYundunAntibotFullAccess
  • AliyunYundunAntibotReadOnlyAccess
-

Marketplace

Service Console API Authorization granularity System policies Reference
Marketplace Service AliyunMarketplaceFullAccess -

Domain and website

Service Console API Authorization granularity System policies Reference
Alibaba Cloud DNS Resource
  • AliyunDNSFullAccess
  • AliyunDNSReadOnlyAccess
-
Domains Resource AliyunDomainFullAccess Domain API Authentication Rules
Cloud Web Hosting × × - - -
Alibaba Mail × × - - -

Membership

Service Console API Authorization granularity System policies Reference
ICP Filing Management Service - -

Billing management

Service Console API Authorization granularity System policies Reference
Billing Management × Service
  • AliyunBSSFullAccess
  • AliyunBSSReadOnlyAccess
  • AliyunBSSOrderAccess
-

Support

Service Console API Authorization granularity System policies Reference
Support and Services Service AliyunSupportFullAccess -

Messaging

Service Console API Authorization granularity System policies Reference
Message Center Service AliyunNotificationsFullAccess -