Before a Resource Access Management (RAM) user can use Cloud Monitor to monitor a cloud service, the Alibaba Cloud account to which the RAM user belongs must grant permissions to the RAM user.
Prerequisites
A RAM user is created within your Alibaba Cloud account. For more information, see Create a RAM user.
Procedure
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Users page, find the required RAM user, and click Add Permissions in the Actions column.
You can also select multiple RAM users and click Add Permissions in the lower part of the page to grant permissions to the RAM users at a time.
In the Grant Permission panel, grant permissions to the RAM user.
Set the Resource Scope parameter to Account.
NoteYou can grant permissions on Cloud Monitor to an Alibaba Cloud account but not a resource group.
Configure the Principal parameter.
The principal is the RAM user to which you want to grant permissions. The current RAM user is automatically selected.
Select a policy.
System Policy: the system policies. To specify system policies, select the required policies in the Policy Name column.
Policy
Description
AliyunCloudMonitorFullAccess
The permissions to manage CloudMonitor.
AliyunCloudMonitorReadOnlyAccess
The read-only permissions on Cloud Monitor.
Custom Policy: the custom policies. To specify custom policies, select the required policies in the Policy Name column.
For more information about how to create a custom policy, see Create a custom policy.
For example, you can grant the RAM user the permissions to export monitoring data. The following sample code provides an example:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "cms:BatchGet", "cms:Cursor" ], "Resource": [ "*" ], "Condition": {} } ] }
Click Grant permissions.
Click Close.