Use RAM to manage Alibaba Cloud CDN permissions

Edit in GitHub

Last Updated: Apr 02, 2020 Edit in GitHub

This topic describes how to manage Alibaba Cloud content delivery network (CDN) permissions of RAM users by creating policies in RAM.

Prerequisites

An Alibaba Cloud account is created. If not, create one before proceeding. To create an Alibaba Cloud account, click account registration page.
You have a basic understanding of the following common system policies:
- AliyunCDNFullAccess: grants a RAM user full management permissions for Alibaba Cloud CDN.
- AliyunCDNReadOnlyAccess: grants a RAM user read-only permissions for Alibaba Cloud CDN.
You have a basic understanding of Alibaba Cloud CDN permissions. For more information, see API authentication rules.

Create a custom policy.
```
{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "cdn:Describe*",
        "cdn:PushObjectCache",
        "cdn:RefreshObjectCaches"
      ],
      "Resource": "acs:cdn:*:*:*",
      "Effect": "Allow"
    }
  ]
}
```
Note The preceding custom policy indicates that RAM users are authorized to perform CDN read-only, cache refresh, and preload operations. You can modify the policy content to grant different permissions to RAM users. For more information about how to use the Action or Resource elements, see Policy elements.
Find the target policy and click the policy name.
On the References tab, click Grant Permission.
In the Principal field, enter the name of the target RAM user, and then select the corresponding user.
Click OK.

Note For more information, see Grant permissions to a RAM user and Grant permissions to a RAM user group.