All Products
Search

This Product

    Resource Access Management:Container Registry (CR)

    Document Center

    Resource Access Management:Container Registry (CR)

    Last Updated:Sep 30, 2021

    Resource Access Management (RAM) users or RAM roles must be granted permissions before they can access cloud resources. RAM uses policies to define permissions. A cloud service defines elements that can be used in a policy statement, such as Action, Resource, and Condition. This topic describes the permissions on Container Registry (CR).

    The code (RamCode) in RAM that is used to indicate Container Registry is cr. You can grant permissions on Container Registry at the resource level.

    Action

    The following table describes the values that you can use in the Action element of a policy statement. The values are defined by Container Registry. The following list describes the columns in the table:

    • Action: the value that you can use in the Action element to specify the operation on a resource.

    • API: the API operation that you can call to perform the action. In most cases, only one API operation of a cloud service is required to perform an action. In some cases, multiple API operations must be called to perform an action, or an API operation can be called to perform multiple actions.

    • Access level: the access level of each action. The levels are read, write, and list.

    • Resource type: the type of the resource on which you can authorize a RAM user or a RAM role to perform the operation. Take note of the following items:

      • The required resource types are displayed in bold characters.

      • If the permissions cannot be granted at the resource level, All resources is used in the Resource type column of the action.

    • Condition key: the condition keys that are defined by a cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Policy elements.

    • Dependent action: other actions that a RAM user or a RAM role must have permissions to perform the action. To successfully call the action, a RAM user or a RAM role must have the permissions to perform the dependent action.

    Actions

    APIs

    Access level

    Resource types

    Condition keys

    Dependent actions

    cr:BuildRepositoryByRecord

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:BuildRepositoryByRule

    CreateBuildRecordByRule

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:CancelArtifactBuildTask

    CancelArtifactBuildTask

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:CancelArtifactDeleteUntaggedManifestTask

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:CancelBuildRepository

    CancelRepoBuildRecord

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:CreateArtifactBuildRule

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:CreateArtifactBuildTask

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:CreateArtifactLifecycleRule

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:CreateArtifactLifecycleTask

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:CreateChain

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:CreateInstance

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/*


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/*


    N/A

    N/A

    cr:CreateInstanceCustomizedDomain

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#Instanceid}


    N/A

    N/A

    cr:CreateInstanceEndpointAclPolicy

    CreateInstanceEndpointAclPolicy

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:CreateInstanceMigrateTask

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:CreateInstanceVpcEndpointLinkedVpc

    CreateInstanceVpcEndpointLinkedVpc

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:CreateMetadataNamespace

    N/A

    Write


    Namespace


    acs:cr:{#regionId}:{#accountId}:metadata/{#NamespaceName}


    N/A

    N/A

    cr:CreateMetadataNote

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:metadata/{#namespacename}/{#notename}


    N/A

    N/A

    cr:CreateMetadataOccurrence

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:metadata/{#NamespaceName}/{#OccurrenceName}


    N/A

    N/A

    cr:CreateNamespace

    CreateNamespace

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:CreateNamespace

    CreateChartNamespace

    Write


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#Instanceid}


    N/A

    N/A

    cr:CreateOrder

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:CreateRepoSyncRule

    CreateRepoSyncRule

    Write

    Repository

    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}

    N/A

    N/A

    cr:CreateRepoTag

    CreateRepoTag

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:PutScan

    CreateRepoTagScanTask

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:CreateRepository

    CreateChartRepository

    Write


    Namespace


    acs:cr:{#regionId}:{#accountId}:chart/{#InstanceId}/{#NamespaceName}


    N/A

    N/A

    cr:CreateRepository

    CreateRepository

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}


    N/A

    N/A

    cr:CreateRepositoryBuildRule

    CreateRepoBuildRule

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:CreateSignatureRule

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:CreateSourceAccount

    N/A

    Write


    All resources


    acs:cr:*:{#accountId}:*


    N/A

    N/A

    cr:CreateSourceRepository

    CreateRepoSourceCodeRepo

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:CreateWebHook

    CreateRepoTrigger

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:DeleteArtifactBuildRule

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:DeleteArtifactLifecycleRule

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:DeleteChain

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:DeleteChartRelease

    DeleteChartRelease

    Write


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:DeleteInstance

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:DeleteInstanceCustomizedDomain

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:DeleteInstanceEndpointAclPolicy

    DeleteInstanceEndpointAclPolicy

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:DeleteInstanceVpcEndpointLinkedVpc

    DeleteInstanceVpcEndpointLinkedVpc

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:DeleteNamespace

    DeleteNamespace

    Write


    Namespace


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}


    N/A

    N/A

    cr:DeleteNamespace

    DeleteChartNamespace

    Write


    ChartNamespace


    acs:cr:{#regionId}:{#accountId}:chart/{#Instanceid}


    N/A

    N/A

    cr:DeleteRepository

    DeleteChartRepository

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:chart/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:DeleteRepository

    DeleteRepository

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:DeleteRepositoryBuildRule

    DeleteRepoBuildRule

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:DeleteRepositoryTag

    DeleteRepoTag

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:DeleteSignatureRule

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:DeleteSourceCodeAccount

    N/A

    Write


    All resources


    acs:cr:*:{#accountId}:*


    N/A

    N/A

    cr:DeleteSyncRule

    DeleteRepoSyncRule

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:DeleteWebHook

    DeleteRepoTrigger

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:GetArtifactBuildRule

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:GetArtifactBuildTask

    GetArtifactBuildTask

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:GetArtifactDeleteTagTask

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:GetArtifactDeleteTagTaskLog

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:GetArtifactLifecycleRule

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:GetArtifactTag

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:GetAuthorizationToken

    GetAuthorizationToken

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:GetBuildRepositoryStatus

    GetRepoBuildRecordStatus

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:GetChain

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:GetChainDefinition

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:GetChainInstance

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:GetChainTemplate

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:GetInstance

    GetInstance

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:GetInstanceConfig

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:GetInstanceCustomizedDomain

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:GetInstanceEndpoint

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:GetInstanceEndpoint

    GetInstanceEndpoint

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:GetInstanceImageMigrateTask

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:GetInstanceModule

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceId}


    N/A

    N/A

    cr:GetInstanceStorage

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:GetInstanceStorageInternetIn

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:GetInstanceStorageInternetOut

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:GetInstanceStorageIntranetIn

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:GetInstanceStorageIntranetOut

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:GetInstanceStorageUsage

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:GetInstanceUsage

    GetInstanceUsage

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:GetInstanceVpcEndpoint

    GetInstanceVpcEndpoint

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:GetMetadataNamespace

    N/A

    Read


    Namespace


    acs:cr:{#regionId}:{#accountId}:metadata/{#NamespaceName}


    N/A

    N/A

    cr:GetMetadataNote

    N/A

    Read


    Namespace


    acs:cr:{#regionId}:{#accountId}:metadata/{#NamespaceName}/{#NoteName}


    N/A

    N/A

    cr:GetMetadataOccurrence

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:metadata/{#NamespaceName}/{#OccurrenceName}


    N/A

    N/A

    cr:GetNamespace

    GetNamespace

    Read


    Namespace


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}


    N/A

    N/A

    cr:GetNamespace

    GetChartNamespace

    Read


    ChartNamespace


    acs:cr:{#regionId}:{#accountId}:chart/{#NamespaceName}


    N/A

    N/A

    cr:GetRepository

    GetRepository

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:GetRepository

    GetChartRepository

    Read


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:GetRepositoryBuildLog

    ListRepoBuildRecordLog

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:GetRepositoryBuildRecord

    GetRepoBuildRecord

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:GetRepositoryLayers

    GetRepoTagLayers

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:GetRepositoryManifest

    GetRepoTagManifest

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#namespace}/{#repositoryname}


    N/A

    N/A

    cr:GetRepositoryPushRecord

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:GetRepositorySync

    GetRepoSyncTask

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:GetRepositorySync

    ListRepoSyncTask

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:GetResourceQuota

    N/A

    Read


    All resources


    acs:cr:*:{#accountId}:*


    N/A

    N/A

    cr:GetScan

    GetRepoTagScanStatus

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:GetScan

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:GetScan

    ListRepoTagScanResult

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:GetScanCount

    GetRepoTagScanSummary

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:GetSignatureRule

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#Instanceid}


    N/A

    N/A

    cr:GetSourceRepository

    GetRepoSourceCodeRepo

    Read


    Repository

    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:ListWebHook

    ListRepoTrigger

    Read


    Repository

    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:GetWebHookLog

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:GetWebHookLog

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:ListArtifactBuildTask

    N/A

    Read


    Instance

    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:ListArtifactBuildTaskLog

    ListArtifactBuildTaskLog

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:ListArtifactDeleteTagTask

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:ListArtifactDeleteUntaggedManifestTask

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:ListArtifactLifecycleRule

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:ListArtifactTag

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:ListChain

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:ListChainInstance

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:ListChartRelease

    ListChartRelease

    Read


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:ListImageMetadata

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:ListInstance

    ListInstance

    List


    All resources


    acs:cr:*:{#accountId}:*


    N/A

    N/A

    cr:ListInstance

    GetInstanceCount

    List


    All resources


    acs:cr:{#regionId}:{#accountId}:*


    N/A

    N/A

    cr:ListInstanceCapability

    N/A

    List


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/*


    N/A

    N/A

    cr:ListInstanceDomain

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:ListInstanceEndpoint

    ListInstanceEndpoint

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:ListInstanceImageMigrateTask

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}


    N/A

    N/A

    cr:ListInstanceMigrateTask

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}


    N/A

    N/A

    cr:ListInstancesCommerce

    N/A

    List

    All Resources

    acs:cr:*:{#accountId}:*

    N/A

    N/A

    cr:ListMetadataNotes

    N/A

    Read


    Namespace


    acs:cr:{#regionId}:{#accountId}:metadata/{#NamespaceName}/{#NoteName}


    N/A

    N/A

    cr:ListMetadataOccurrences

    N/A

    Read


    Namespace


    acs:cr:{#regionId}:{#accountId}:metadata/{#NamespaceName}/{#OccurrenceName}


    N/A

    N/A

    cr:ListNamespace

    ListNamespace

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/*


    N/A

    N/A

    cr:ListNamespace

    ListChartNamespace

    List


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#Instanceid}/*


    N/A

    N/A

    cr:ListRepository

    ListRepository

    List


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/*


    N/A

    N/A

    cr:ListRepository

    ListChartRepository

    Read


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:ListRepositoryBuild

    ListRepoBuildRecord

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}/{#Namespacename}/{#Repositoryname}


    N/A

    N/A

    cr:ListRepositoryBuildRule

    ListRepoBuildRule

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}


    N/A

    N/A

    cr:ListRepositoryTag

    ListRepoTag

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:ListRepositoryTag

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:ListSignatureRules

    N/A

    Read


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:ListSourceCodeRepo

    N/A

    List


    All resources


    acs:cr:*:{#accountId}:*


    N/A

    N/A

    cr:ListSourceRepositoryRef

    N/A

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:ListSyncRule

    ListRepoSyncRule

    Read


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:ListUserBucket

    N/A

    List


    All resources


    acs:cr:*:{#accountId}:*


    N/A

    N/A

    cr:ListUserVpc

    N/A

    List


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/*


    N/A

    N/A

    cr:CreateRepositorySync

    CreateRepoSyncTaskByRule

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}

    N/A

    N/A

    cr:ResetLoginPassword

    ResetLoginPassword

    Write


    All resources


    acs:cr:*:{#accountId}:*


    N/A

    N/A

    cr:StopChainInstance

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:UpdateArtifactLifecycleRule

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}


    N/A

    N/A

    cr:UpdateChain

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#Instanceid}


    N/A

    N/A

    cr:UpdateInstanceConfig

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:UpdateInstanceCustomizedDomain

    N/A

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceid}


    N/A

    N/A

    cr:UpdateInstanceEndpointStatus

    UpdateInstanceEndpointStatus

    Write


    Instance


    acs:cr:{#regionId}:{#accountId}:instance/{#instanceId}


    N/A

    N/A

    cr:UpdateInstanceModule

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}


    N/A

    N/A

    cr:UpdateMetadataNote

    N/A

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:metadata/{#Namespace}/{#Notename}


    N/A

    N/A

    cr:UpdateMetadataOccurrence

    N/A

    Write


    RepoBuildRecord


    acs:cr:{#regionId}:{#accountId}:metadata/{#Namespace}/{#occurrencename}


    N/A

    N/A

    cr:UpdateNamespace

    UpdateNamespace

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}


    N/A

    N/A

    cr:UpdateNamespace

    UpdateChartNamespace

    Write


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#instanceid}/{#namespacename}


    N/A

    N/A

    cr:UpdateRepository

    UpdateChartRepository

    Write


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#instanceid}/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:UpdateRepository

    UpdateRepository

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    ChartRepository


    acs:cr:{#regionId}:{#accountId}:chart/{#instanceid}/{#namespacename}/{#repositoryname}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#namespacename}/{#repositoryname}


    N/A

    N/A

    cr:UpdateRepositoryBuildRule

    UpdateRepoBuildRule

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#RepositoryId}


    N/A

    N/A

    cr:UpdateSourceRepository

    UpdateRepoSourceCodeRepo

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}/{#NamespaceName}/{#RepositoryName}

    N/A

    N/A

    cr:UpdateWebHook

    UpdateRepoTrigger

    Write


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#instanceid}/{#namespacename}/{#repositoryname}


    Repository


    acs:cr:{#regionId}:{#accountId}:repository/{#namespacename}/{#repositoryname}


    N/A

    N/A

    Resource

    The following table describes the values that you can use in the Resource element of a policy statement. The values are defined by Container Registry.

    The Alibaba Cloud Resource Name (ARN) is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:

    • {#} indicates a variable. {#} must be replaced with an actual value. For example, {#regionId} must be replaced with the actual ID of the region where your resource resides.

    • An asterisk (*) is used as a wildcard. Examples:

      • If you specify {#resourceType}/*, all resources are specified.

      • If {#regionId} is set to *, all regions are specified.

      • If {#accountId} is set to *, all Alibaba Cloud accounts are specified.

    Resource type

    ARN

    Instance

    acs:cr:{#regionId}:{#accountId}:instance/{#InstanceId}

    Repository

    acs:cr:{#regionId}:{#accountId}:repository/{#RepositoryId}

    Namespace

    acs:cr:{#regionId}:{#accountId}:namespace/{#NamespaceName}

    ChartRepository

    acs:cr:{#regionId}:{#accountId}:chartrepository/{#RepoNamespaceName}

    ChartNamespace

    acs:cr:{#regionId}:{#accountId}:chartnamespace/{#NamespaceName}

    Condition

    Container Registry does not define service-specific condition keys. For more information about common condition keys that are defined by Alibaba Cloud, see Policy elements.