All Products
Search
Document Center

Message Service:Authorize a RAM user to manage MNS logs

Last Updated:Mar 06, 2024

Before you use a RAM user to manage Message Service (MNS) logs, you grant the required permissions to the RAM user. This topic describes how to authorize a RAM user to manage MNS logs.

Step 1: Create custom policies

  1. Log on to the RAM console as a RAM user who has administrative rights.

  2. In the left-side navigation pane, choose Permissions > Policies

  3. On the Policies page, click Create Policy.

  4. On the Create Policy page, configure a policy on the Visual Editor Beta or JSON tab based on your business requirements. Then, click Next: Edit Basic Information. In the Basic Information section, enter a name and description for the policy, and click OK.
    Note For more information about how to create a custom policy, see Create custom policies.

    The following table describes the required policies.

    PolicyPermissionPolicy script
    RamListRolesPolicyPermissions to access the list of RAM roles
    {
        "Version":"1",
        "Statement":[
            {
                "Effect":"Allow",
                "Action":"ram:ListRoles",
                "Resource":"acs:ram:*:*:*"
            }
        ]
    }
    MNSAccessAccountAttrPermissions to view and configure Alibaba Cloud accounts
    {
        "Version":"1",
        "Statement":[
            {
                "Effect":"Allow",
                "Action":[
                    "mns:SetAccountAttributes",
                    "mns:GetAccountAttributes"
                ],
                "Resource":"acs:mns:*:*:*"
            }
        ]
    }
    LogServiceListPolicyPermissions to access the list of Log Service projects and Logstores
    {
        "Version":"1",
        "Statement":[
            {
                "Effect":"Allow",
                "Action":"log:List*",
                "Resource":"acs:log:*:*:*"
            }
        ]
    }
    OSSListBucketsPermissions to access the list of OSS buckets
    {
        "Version":"1",
        "Statement":[
            {
                "Effect":"Allow",
                "Action":"oss:ListBuckets",
                "Resource":"acs:oss:*:*:*"
            }
        ]
    }

Step 2: Grant the required permissions to the RAM user

For more information, see Grant permissions to a RAM user.