This topic lists the Alibaba Cloud services that support Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.

Overview

You can query Alibaba Cloud services that support RAM based on the following categories:

Each table in this topic contains the following columns:

  • Alibaba Cloud service: the name of the cloud service that supports RAM.
  • Sub-service/Sub-module: the sub-service or sub-module of the cloud service. "-" indicates none.
  • API: indicates whether STS can be used to implement access control when you call the API of the service. A check sign (✓) indicates that STS is supported when you call the API of the service. A cross sign (×) indicates that STS is not supported when you call the API of the service. A circle (○) indicates that no API is provided for that service.
  • API: indicates whether STS can be used to implement access control when you call the API of the service. A check sign (✓) indicates that STS is supported when you call the API of the service. A cross sign (×) indicates that STS is not supported when you call the API of the service. A circle (○) indicates that no API is provided for that service.
  • Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.

    The following authorization granularity is defined:

    • Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.
    • Operation: You can control whether RAM users can perform specific operations on a type of resource in the service.
    • Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.
  • System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.
  • Documentation: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.

Elastic computing

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
ECS ECS Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Elastic Block Storage (EBS) Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Elastic GPU Service Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS ECS Bare Metal Instance Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Super Computing Cluster Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Dedicated Host (DDH) Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
ECS Alibaba Cloud Linux 2 Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
Auto Scaling (ESS) - Service
  • AliyunESSFullAccess
  • AliyunESSReadOnlyAccess
API usage instructions
Container Service for Kubernetes (ACK) - Resource
  • AliyunCSFullAccess
  • AliyunCSReadOnlyAccess
Use sub-accounts
Batch Compute - Service

-

-
Resource Orchestration Service (ROS) - Service
  • AliyunROSFullAccess
  • AliyunROSReadOnlyAccess
Use RAM to control resource access
Function Compute - Resource
  • AliyunFCFullAccess
  • AliyunFCReadOnlyAccess
  • AliyunFCInvocationAccess
Quick start for using the console as RAM users
Simple Application Server - Service AliyunSWASFullAccess -
Elastic High Performance Computing (E-HPC) - Service
  • AliyunEHPCFullAccess
  • AliyunEHPCReadOnlyAccess
-
Container Registry - Resource
  • AliyunContainerRegistryFullAccess
  • AliyunContainerRegistryReadOnlyAccess
Repository access control
Elastic Cloud Desktop Elastic Desktop Service (EDS) Resource
  • AliyunECDFullAccess
  • AliyunECDReadOnlyAccess
  • AliyunECDRamUserAccess
-
Elastic Container Instance (ECI) - Resource
  • AliyunECIFullAccess
  • AliyunECIReadOnlyAccess
Grant permissions to a RAM user
Serverless Workflow - Resource
  • AliyunFnFFullAccess
  • AliyunFnFReadOnlyAccess
Authorization policy
Web App Service - Operation
  • AliyunWebPlusFullAccess
  • AliyunWebPlusReadOnlyAccess

-

Database

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
ApsaraDB RDS ApsaraDB RDS Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for MySQL Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for SQL Server Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for PostgreSQL Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB RDS for PPAS Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
Use RAM for resource authorization
ApsaraDB RDS ApsaraDB for MyBase Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
-
ApsaraDB for Redis - Resource
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
RAM authentication
ApsaraDB for Memcache - Service
  • AliyunOCSFullAccess
  • AliyunOCSReadOnlyAccess
-
ApsaraDB for MongoDB - Resource
  • AliyunMongoDBFullAccess
  • AliyunMongoDBReadOnlyAccess

-

AnalyticDB for PostgreSQL - Resource
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
Authentication rules for APIs
Data Transmission Service (DTS) - Operation
  • AliyunDTSFullAccess
  • AliyunDTSReadOnlyAccess
Authorize a RAM user to use DTS
Data Management (DMS) - Service -

-

AnalyticDB for MySQL - Operation
  • AliyunADBFullAccess
  • AliyunADBReadOnlyAccess
RAM users and permissions
PolarDB-X - Resource
  • AliyunDRDSReadOnlyAccess
  • AliyunDRDSFullAccess
Use RAM for resource authorization
ApsaraDB for HBase - Resource
  • AliyunHBaseFullAccess
  • AliyunHBaseReadOnlyAccess
Use RAM for resource authorization
Advanced Database & Application Migration (ADAM) - Service
  • AliyunADAMReadOnlyAccess
  • AliyunADAMFullAccess
Authorize a RAM user to log on to the ADAM console
PolarDB - Operation
  • AliyunPolardbReadOnlyAccess
  • AliyunPolardbFullAccess
Create and authorize a RAM user
Database Backup - Service
  • AliyunDBSFullAccess
  • AliyunDBSReadOnlyAccess
-
Database Autonomy Service (DAS) - Service
  • AliyunHDMReadOnlyAccess
  • AliyunHDMFullAccess
What can I do if I fail to access DAS as a RAM user due to lack of permissions?
Data Lake Analytics (DLA) - Operation
  • AliyunDLAFullAccess
  • AliyunDLAReadOnlyAccess
  • AliyunDLADeveloperAccess
Grant RAM users fine-grained permissions to access DLA
ApsaraDB for OceanBase - Service
  • AliyunOceanBaseFullAccess
  • AliyunOceanBaseReadOnlyAccess
-
ApsaraDB for Cassandra - Resource
  • AliyunCassandraFullAccess
  • AliyunCassandraReadOnlyAccess
Manage RAM users
LedgerDB - Resource
  • AliyunLedgerDBFullAccess
  • AliyunLedgerDBReadOnlyAccess
RAM user authorization
ApsaraDB for ClickHouse - Resource
  • AliyunClickHouseFullAccess
  • AliyunClickHouseReadOnlyAccess
RAM-based authorization
Database Gateway - Resource
  • AliyunDGFullAccess
  • AliyunDGReadOnlyAccess
-

Storage

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Object Storage Service (OSS) - Resource
  • AliyunOSSFullAccess
  • AliyunOSSReadOnlyAccess
Overview
Apsara File Storage NAS (NAS) - Operation
  • AliyunNASFullAccess
  • AliyunNASReadOnlyAccess
Perform access control based on RAM policies
Tablestore - Resource
  • AliyunOTSFullAccess
  • AliyunOTSReadOnlyAccess
  • AliyunOTSWriteOnlyAccess
Custom permissions
Cloud Storage Gateway (CSG) - Service AliyunHCSSGWFullAccess Use RAM to implement account-based access control
Hybrid Backup Recovery (HBR) - Resource
  • AliyunHBRFullAccess
  • AliyunHBRReadOnlyAccess
Manage user permissions
Hybrid Cloud Storage Array (CSA) - × - - -

Cloud communications

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Short Message Service (SMS) - Service

-

-

Networking

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Virtual Private Cloud (VPC) - Resource
  • AliyunVPCFullAccess
  • AliyunVPCReadOnlyAccess
RAM user authorization
Server Load Balancer (SLB) Server Load Balancer (SLB) Resource
  • AliyunSLBReadOnlyAccess
  • AliyunSLBFullAccess
Authorize a RAM user
Server Load Balancer (SLB) Application Load Balancer (ALB) Resource
  • AliyunALBFullAccess
  • AliyunALBReadOnlyAccess
-
Express Connect - Resource
  • AliyunExpressConnectFullAccess
  • AliyunExpressConnectReadOnlyAccess
RAM user authorization
Elastic IP Address (EIP) - Resource
  • AliyunEIPFullAccess
  • AliyunEIPReadOnlyAccess
RAM user authorization
NAT Gateway (NAT) - Resource
  • AliyunNATGatewayReadOnlyAccess
  • AliyunNATGatewayFullAccess
RAM user authorization
VPN Gateway - Resource
  • AliyunVPNGatewayFullAccess
  • AliyunVPNGatewayReadOnlyAccess
RAM user authorization
EIP Bandwidth Plan - Resource
  • AliyunCommonBandwidthPackageReadOnlyAccess
  • AliyunCommonBandwidthPackageFullAccess
-
Global Accelerator (GA) - Resource
  • AliyunGlobalAccelerationReadOnlyAccess
  • AliyunGlobalAccelerationFullAccess
RAM user authorization
Smart Access Gateway (SAG) - Resource

-

RAM authentication
Cloud Enterprise Network (CEN) - Resource
  • AliyunCENReadOnlyAccess
  • AliyunCENFullAccess
RAM authentication
PrivateLink - Resource
  • AliyunPrivateLinkFullAccess
  • AliyunPrivateLinkReadOnlyAccess
Alibaba Cloud DNS PrivateZone - Resource
  • AliyunPvtzFullAccess
  • AliyunPvtzReadOnlyAccess
RAM

O&M management

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Application Real-Time Monitoring Service (ARMS) - Service
  • AliyunARMSFullAccess
  • AliyunARMSReadOnlyAccess
Grant different permissions to RAM users
CloudMonitor - Operation
  • AliyunCloudMonitorFullAccess
  • AliyunCloudMonitorReadOnlyAccess
  • AliyunCloudMonitorMetricDataReadOnlyAccess
Control permissions of RAM users
Cloud Shell - Service - -
Cloud Config - Service
  • AliyunConfigFullAccess
  • AliyunConfigReadOnlyAccess
Permission verification
Logic Composer - Resource
  • AliyunLogicComposerFullAccess
  • AliyunLogicComposerReadOnlyAccess
Grant permissions to a RAM user
Operation Orchestration Service (OOS) - Resource
  • AliyunOOSFullAccess
  • AliyunOOSReadOnlyAccess
Access control

Middleware

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Enterprise Distributed Application Service (EDAS) - Service
  • AliyunEDASFullAccess
  • AliyunEDASReadOnlyAccess
  • AliyunEDASApplicationFullAccess
  • AliyunEDASApplicationReadOnlyAccess
  • AliyunEDASResourceReadOnlyAccess
  • AliyunEDASResourceFullAccess
Manage RAM users
Message Queue Message Queue for Apache RocketMQ Resource
  • AliyunMQFullAccess
  • AliyunMQReadOnlyAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
Grant permissions to RAM users
Message Queue Message Queue for MQTT Resource
  • AliyunMQFullAccess
  • AliyunMQReadOnlyAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
Grant permissions to RAM users
Message Queue Message Queue for RabbitMQ Resource
  • AliyunAMQFullAccess
  • AliyunAMQPReadOnlyAccess
Grant permissions to RAM users
Message Service (MNS) - Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
Create a custom policy
Application Configuration Management - Resource AliyunACMFullAccess Access control
Message Queue for Apache Kafka - Service
  • AliyunKafkaFullAccess
  • AliyunKafkaReadOnlyAccess
Grant permissions to RAM users
Application High Availability Service - Service
  • AliyunAHASFullAccess
  • AliyunAHASReadOnlyAccess

-

Alibaba Cloud Service Mesh (ASM) - Resource - Overview
EventBridge - Resource
  • AliyunEventBridgeFullAccess
  • AliyunEventBridgeReadOnlyAccess
  • AliyunEventBridgeResourceCreatePolicy
  • AliyunEventBridgeResourceDeletePolicy
  • AliyunEventBridgeResourceUpdatePolicy
  • AliyunEventBridgePutEventsPolicy
Policies

Media services and CDN

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
CDN - Resource
  • AliyunCDNFullAccess
  • AliyunCDNReadOnlyAccess
RAM authentication
ApsaraVideo for Media Processing (MTS) - Service
  • AliyunMTSFullAccess
  • AliyunMTSPlayerAuth

-

ApsaraVideo VOD (VOD) - Operation
  • AliyunVODFullAccess
  • AliyunVODReadOnlyAccess
  • AliyunVODPlayAuth
  • AliyunVODUploadAuth
-
ApsaraVideo for Live - Resource
  • AliyunLiveFullAccess
  • AliyunLiveReadOnlyAccess
Sub-account console operating instructions
Real-Time Communication - Resource

-

-

Dynamic Route for CDN (DCDN) - Resource
  • AliyunDCDNFullAccess
  • AliyunDCDNReadOnlyAccess
-

Enterprise applications

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Direct Mail - Service
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
API Gateway - Service
  • AliyunApiGatewayFullAccess
  • AliyunApiGatewayReadOnlyAccess
Use RAM to manage user permissions for API Gateway
Resource Management Resource Management Operation
  • AliyunResourceDirectoryFullAccess
  • AliyunResourceDirectoryReadOnlyAccess
RAM authorization
Resource Management Tag Operation
  • AliyunTAGFullAccess
  • AliyunTAGReadOnlyAccess
Tag
Blockchain as a Service (BaaS) Blockchain as a Service (BaaS) Resource
  • AliyunBaaSFullAccess
  • AliyunBaaSReadOnlyAccess
Hyperledger Fabric RAM authentication
CloudQuotation (CQ) - Service
  • AliyunCQLoudFullAccess
  • AliyunCQLoudReadOnlyAccess
-

Domains and websites

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Alibaba Cloud DNS (DNS) Alibaba Cloud DNS (DNS) Resource
  • AliyunDNSFullAccess
  • AliyunDNSReadOnlyAccess

-

Alibaba Cloud DNS (DNS) Alibaba Cloud Public DNS Resource
  • AliyunPubDNSReadOnlyAccess
  • AliyunPubDNSFullAccess
-
Domains - Resource AliyunDomainFullAccess Authentication rules for the Domains API

Artificial intelligence

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Intelligent Speech Interaction - Service
  • AliyunNLSFullAccess
  • AliyunNLSReadOnlyAccess
-
Machine Learning Platform for AI (PAI) - Service - -
Image Search - Resource
  • AliyunImagesearchReadOnlyAccess
  • AliyunImagesearchFullAccess
Grant permissions to RAM users
Machine Translation - Service - -

IoT

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
IoT Platform - Resource
  • AliyunIOTFullAccess
  • AliyunIOTReadOnlyAccess
RAM user access
Link IoT Edge - Resource
  • AliyunIOTFullAccess
  • AliyunIOTReadOnlyAccess
Access resources of other Alibaba Cloud services
ApsaraDB for Lindorm Time Series Database (TSDB) Operation

-

-

Big data

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
DataWorks - Service AliyunDataWorksFullAccess Use a RAM user
Quick BI - Service - -
DataV - Service AliyunDataVFullAccess -
Realtime Compute for Apache Flink - Service - -
Elasticsearch - Resource
  • AliyunElasticsearchReadOnlyAccess
  • AliyunElasticsearchFullAccess
Types of resources that can be authorized
E-MapReduce - Service
  • AliyunEMRFullAccess
  • AliyunUEMReadOnlyAccess
  • AliyunEMRFlowAdmin
  • AliyunEMRDevelopAccess
-
Log Service - Resource
  • AliyunLogFullAccess
  • AliyunLogReadOnlyAccess
RAM authentication rules
Hologres - Resource
  • AliyunHologresFullAccess
  • AliyunHologresReadOnlyAccess
Use Hologres as a RAM user

Developer services

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Apsara DevOps - Resource
  • AliyunRDCFullAccess
  • AliyunRDCReadOnlyAccess
-
Tracing Analysis - Service
  • AliyunTracingAnalysisFullAccess
  • AliyunTracingAnalysisReadOnlyAccess
-

Security

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Security Center (SAS) - Service
  • AliyunYundunSASFullAccess
  • AliyunYundunSASReadOnlyAccess
-
Server Guard - Service
  • AliyunYundunAegisFullAccess
  • AliyunYundunAegisReadOnlyAccess
-
Anti-DDoS Anti-DDoS Service
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
-
Anti-DDoS Anti-DDoS Pro Service
  • AliyunYundunHighFullAccess
  • AliyunYundunHighReadOnlyAccess
-
Anti-DDoS Anti-DDoS Premium Service
  • AliyunYundunAntiDDoSPremiumFullAccess
  • AliyunYundunAntiDDoSPremiumReadOnlyAccess
-
GameShield - Service

AliyunYundunGameShieldReadOnlyAccess

-
Web Application Firewall (WAF) Web Application Firewall (WAF) Service
  • AliyunYundunWAFFullAccess
  • AliyunYundunWAFReadOnlyAccess
-
SSL Certificates Service - Service
  • AliyunYundunCertFullAccess
  • AliyunYundunCertReadOnlyAccess
-
Cloud Firewall (CFW) - Service
  • AliyunYundunCloudFirewallReadOnlyAccess
  • AliyunYundunCloudFirewallFullAccess
-
Managed Security Service (MSSP) - Service - -
Content Moderation - Service AliyunYundunGreenWebFullAccess -
Bastionhost Bastionhost Service
  • AliyunYundunBastionHostFullAccess
  • AliyunYundunBastionHostReadOnlyAccess
  • AliyunYundunBastionHostOperateOnlyAccess
  • AliyunYundunBastionHostAuditOnlyAccess
-
Data Security Center (DSC) - Service
  • AliyunYundunSDDPFullAccess
  • AliyunYundunSDDPReadOnlyAccess
-
Identity as a Service (IDaaS) - Operation
  • AliyunYundunIdaasFullAccess
  • AliyunYundunIdaasReadOnlyAccess
-
Key Management Service (KMS) - Resource
  • AliyunKMSFullAccess
  • AliyunKMSReadOnlyAccess
  • AliyunKMSCryptoAccess
Use RAM to control access to resources
Resource Access Management (RAM) - Resource
  • AliyunRAMFullAccess
  • AliyunRAMReadOnlyAccess
RAM authentication
ActionTrail - Operation

-

RAM account authentication

Technical support

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Ticket Management - Service AliyunSupportFullAccess -

Marketplace

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Alibaba Cloud Marketplace - × Service AliyunMarketplaceFullAccess -

Others

Alibaba Cloud service Sub-service/Sub-module Console API Authorization granularity System policy Documentation
Billing Management - Service
  • AliyunBSSFullAccess
  • AliyunBSSReadOnlyAccess
  • AliyunBSSOrderAccess
  • AliyunBSSRefundAccess

-

ICP Filing - Service AliyunBeianFullAccess -