RAM Permission Requirements for Data Online Migration - Data Online Migration

To access Data Online Migration, a RAM user or a RAM role must have the following permissions.

OpenAPI permissions

Resource Access Management (RAM) includes the following built-in system policies:

Access policy	Description
AliyunOSSImportFullAccess	Permissions to fully manage Data Online Migration.
AliyunOSSImportReadOnlyAccess	Read-only permissions for Data Online Migration.

Role creation permissions

Data Online Migration calls the AssumeRole operation to access your data when you create an OSS data source. This action requires permissions to create roles. If you do not have these permissions, you must create the roles manually.

Required permissions

A custom policy must include the following permissions:

ram:CreateRole: Creates a role.
ram:CreatePolicy: Creates a policy.
ram:AttachPolicyToRole: Attaches a policy to a role.
ram:ListRoles: Lists roles.

Sample policy

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ram:CreateRole",
        "ram:CreatePolicy",
        "ram:AttachPolicyToRole",
        "ram:ListRoles"
      ],
      "Resource": "*"
    }
  ]
}