All Products
Search
Document Center

Alibaba Cloud DNS PrivateZone:Grant permissions to a RAM user

Last Updated:Sep 28, 2022

Create a RAM user.

Log on to the Resource Access Management (RAM) console and create a RAM user. For more information, see Create a RAM user.

Grant the read-only permissions on Alibaba Cloud DNS PrivateZone to the RAM user.

In the RAM console, choose Identities > Users. Select the RAM user and click Add Permissions in the Actions column. In the Add Permissions panel, attach the AliyunPvtzReadOnlyAccess system policy to the RAM user. For more information, see Grant permissions to a RAM user.

Grant the full access permissions on Alibaba Cloud DNS PrivateZone to the RAM user.

In the RAM console, attach the AliyunPvtzFullAccess system policy to the RAM user. For more information, see Grant permissions to a RAM user.

Grant the RAM user the permissions to manage Alibaba Cloud DNS PrivateZone zones.

In this case, you must create a custom policy. For example, the IDs of the zones are djiow001 and djiow002.

  • Create a custom policy named AliyunPvtzSingleAccess on the Policies page in the RAM console. The following section shows the content of the policy. For more information, see Create a custom policy.

{
  "Version": "1",
  "Statement": [
    {
      "Action": "pvtz:*",
      "Resource": [
                      "acs:pvtz:*:*:zone/djiow001",
                    "acs:pvtz:*:*:zone/djiow002"
                    ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "pvtz:DescribeUserServiceStatus",
        "pvtz:DescribeZones",
        "pvtz:DescribeRegions",
        "pvtz:DescribeVpcs"
      ],
      "Resource": "acs:pvtz:*:*:*",
      "Effect": "Allow"
    }
  ]
}
  • Attach the AliyunPvtzSingleAccess policy to the RAM user. The permissions on the zones are granted to the RAM user.