Grant read-only permissions of Content Moderation to a RAM user

You can use Alibaba Cloud Content Moderation as a RAM user. By default, Alibaba Cloud Resource Access Management (RAM) provides only the AliyunYundunGreenWebFullAccess system policy for Content Moderation. You can attach this system policy to grant a RAM user full management permissions of Content Moderation. If you need to grant a RAM user only read-only permissions of Content Moderation, you can create a custom policy to grant permissions. Then, this RAM user cannot perform write operations, for example, configure the scan settings for Object Storage Service (OSS) violation detection and manage the scanning results of OSS violation detection in the Alibaba Cloud Content Moderation console.

1. Log on to the Alibaba Cloud RAM console.
2. Create a custom policy for read-only permissions of Content Moderation.
   1. In the left-side navigation pane, choose Permissions > Policies.
   2. Click Create Policy.
   3. On the Create Custom Policy page, enter a policy name in the Policy Name field, select Script for Configuration Mode, and then enter the following script:

      {
          "Version": "1",
          "Statement": [{
              "Action": [
                  "yundun-greenweb:List*",
                  "yundun-greenweb:Get*",
                  "yundun-greenweb:Describe*",
                  "yundun-greenweb:Query*"
                  ],
              "Resource": "*",
              "Effect": "Allow"
          }]
      }

      
   4. Click OK.
   The custom policy is created.
3. Grant a RAM user read-only permissions of Content Moderation.
   1. In the left-side navigation pane, choose Identities > Users.
   2. On the Users page, find the user who you want to grant permissions and click Add Permissions in the Actions column.
   3. In the Add Permissions pane, click Custom Policy in the Select Policy section, search for and select the custom policy that you create in Step 2, and then click OK.
   4. Confirm the authorization result and click Complete.
   Read-only permissions of Content Moderation are granted to the RAM user.
4. Optional:If the AliyunYundunGreenWebFullAccess system policy is attached to the RAM user who you want to grant only read-only permissions, remove this system policy to revoke full management permissions of Content Moderation from the RAM user.
   1. On the Users page, click the name of the RAM user.
   2. On the user details page, click Permissions.
   3. On the Individual tab, find the AliyunYundunGreenWebFullAccess system policy and click Remove Permission in the Actions column.
      Note If the RAM user inherits the AliyunYundunGreenWebFullAccess permission from a user group, you must remove the system policy from the group or remove the RAM user from the group. You can check whether the RAM user inherits the AliyunYundunGreenWebFullAccess permission on the Group Permissions tab. For more information, see Remove permissions from a RAM user group and Remove a RAM user from a RAM user group.

      
   4. In the message that appears, click OK.
   The system policy is removed.