This topic describes how to authorize a RAM user to manage MNS logs.

Step 1: Create permission policies

You must create permission policies for the RAM user.

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. On the Policies page, click Create Policy.
  4. On the Create Custom Policy page, enter a policy name and note, and select Script as the configuration mode. In the Policy Document section, enter a script. Click OK.

    Four policies are required for the RAM user: RamListRolesPolicy, MNSAccessAccountAttr, LogServiceListPolicy, and OSSListBuckets. For more information, see Table 1.

    Table 1. Policies
    Policy name Description Policy script
    RamListRolesPolicy Permissions to access the list of RAM roles
    {
    "Version": "1",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": "ram:ListRoles",
    "Resource": "acs:ram:*:*:*"
    }
    ]
    }
    MNSAccessAccountAttr Permissions to view and configure Alibaba Cloud account information
    {
    "Version": "1",
    "Statement": [
    {
    "Effect": "Allow",
    "Action":
    [
      "mns:SetAccountAttributes",
      "mns:GetAccountAttributes"
    ],
    "Resource": "acs:mns:*:*:*"
    }
    ]
    }
    LogServiceListPolicy Permissions to access the list of Log Service projects and Logstores
    {
    "Version": "1",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": "log:List*",
    "Resource": "acs:log:*:*:*"
    }
    ]
    }
    OSSListBuckets Permissions to access the list of OSS buckets
    {
    "Version": "1",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": "oss:ListBuckets",
    "Resource": "acs:oss:*:*:*"
    }
    ]
    }

Step 2: Authorize the RAM user

After you create the policies, you must attach the policies to the RAM user.

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the user to which you want to grant permissions, and click Add Permissions in the Actions column.
  4. In the Add Permissions dialog box, select Custom Policy in the Select Policy section. Specify the four permission policies that you created in Table 1. Click OK.
  5. Click OK.