edit-icon download-icon

Grant ActionTrail permission to RAM users

Last Updated: Mar 21, 2018

Prerequisites

Attach the ActionTrail system authorization policies to a group

The available system authorization policies are as follows.

  • AliyunActionTrailReadOnlyAccess (read-only permission)
  • AliyunActionTrailFullAccess (full permission)

For more information about how to attach a policy, see Grant permissions.

Attach customized authorization policies to a group

If the system authorization policies cannot meet your requirement, you can create a custom policy. The following is a policy example of allowing requests from a specified IP range of performing requests from a specified IP range of performing ActionTrail read-only operations on all resources.

  1. {
  2. "Version": "1",
  3. "Statement": [{
  4. "Effect": "Allow",
  5. "Action": [
  6. "actiontrail:LookupEvents",
  7. "actiontrail:Describe*",
  8. "actiontrail:Get*"
  9. ],
  10. "Resource": "*",
  11. "Condition":{
  12. "IpAddress": {
  13. "acs:SourceIp": "42.120.66.0/24"
  14. }
  15. }
  16. }]
  17. }
Thank you! We've received your feedback.