Grant a RAM user the AliyunYundunGreenWebConsoleOnlyAccess permission to let them access the AI Guardrails console without the ability to call the AI Guardrails API. With this permission, the RAM user can configure scans for content in Object Storage Service (OSS) and manage scan results.
Prerequisites
Before you begin, ensure that the RAM user does not hold the AliyunYundunGreenWebFullAccess permission.
To remove AliyunYundunGreenWebFullAccess before proceeding:
If the permission was granted directly to the RAM user: Revoke it. For details, see Revoke permissions from a RAM user.
If the permission was inherited from a RAM user group: Either revoke the permission from the group, or remove the RAM user from the group. For details, see Revoke permissions from a RAM user group or Remove a RAM user from a RAM user group.
Grant console-only access to a RAM user
Log on to the RAM console with your Alibaba Cloud account.
Grant the RAM user the
AliyunYundunGreenWebConsoleOnlyAccesspermission. For details, see Grant permissions to the RAM user.
What the RAM user can and cannot do
After you grant AliyunYundunGreenWebConsoleOnlyAccess, the RAM user has the following access:
| Action | Allowed |
|---|---|
| Log on to the AI Guardrails console | Yes |
| Configure scan settings for OSS content | Yes |
| View and manage scan results | Yes |
| Call the AI Guardrails API directly | No |