All Products
Search
Document Center

Simple Log Service:Authorization overview

Last Updated:Aug 29, 2023

Before you can use the data shipping feature of the new version to ship data to Object Storage Service (OSS), you must obtain the permissions to manage data shipping jobs and access the required data.

  • If you use an Alibaba Cloud account, you must grant data shipping jobs the permissions to access data.

  • If you use a RAM user, you must grant the RAM user the permissions to ship data to OSS and grant data shipping jobs the permissions to access data.

    Important

    To ensure the security of your cloud resources, we recommend that you use a RAM user.

Grant the permissions to ship data to OSS

The permissions to ship data to OSS include the permissions to create, delete, modify, and view data shipping jobs.

  • Alibaba Cloud account: An Alibaba Cloud account has the permissions that are specified by the AliyunLogFullAccess policy to manage all Simple Log Service resources. You do not need to grant your Alibaba Cloud account the permissions to ship data to OSS.

  • RAM user: Before you can use a RAM user to ship data to OSS, you must use the Alibaba Cloud account to which the RAM user belongs to grant the required permissions to the RAM user. For more information, see Authorize a RAM user to ship data to OSS.

Grant data shipping jobs the permissions to access data

Data access is required when a data shipping job reads data from a source Logstore and writes data to a destination OSS bucket. You can use a default role or a custom role to grant data shipping jobs the permissions to access the required data.