You can use AI Guardrails as a RAM user. By default, the AliyunYundunGreenWebFullAccess system policy is provided for Alibaba Cloud accounts. You can attach this system policy to grant a RAM user full administrative permissions on AI Guardrails. If you want to grant a RAM user read-only permissions on AI Guardrails, you must create a custom policy to grant permissions. Then, this RAM user cannot perform write operations, such as configuring the scan settings for Object Storage Service (OSS) violation detection and managing the scanning results of OSS violation detection in the Alibaba Cloud AI Guardrails console. This topic describes how to grant a RAM user read-only permissions on AI Guardrails.
Prerequisites
The AliyunYundunGreenWebFullAccess system policy is revoked from a RAM user if it is attached to the user. For more information, see Revoke permissions from a RAM user.
If the RAM user inherits the AliyunYundunGreenWebFullAccess system policy from a user group, this system policy is revoked from the user group or the RAM user is removed from the user group. For more information, see Revoke permissions from a RAM user group and Remove a RAM user from a RAM user group.
Procedure
Log on to the RAM console as a RAM administrator.
On the Policies page, click Create Policy.
On the Create Policy page, click the JSON tab.
-
Enter the following policy content and click OK.
{ "Version": "1", "Statement": [{ "Action": [ "yundun-greenweb:List*", "yundun-greenweb:Get*", "yundun-greenweb:Describe*", "yundun-greenweb:Query*" ], "Resource": "*", "Effect": "Allow" }] } In the Create Policy dialog box, configure the Policy Name and Description parameters and click OK.
-
In the navigation pane on the left, choose . On the page that appears, find the RAM user to which you want to grant permissions, and click Add Permissions in the Actions column.
-
In the Add Permissions panel, select the custom policy that you create, and click OK.