When you use resource groups to manage resources, you can use Resource Access Management (RAM) to isolate resources and manage permissions with fine granularity within a single Alibaba Cloud account. This topic describes how Alibaba Cloud DNS supports resource groups and describes the procedure for resource group-level authorization.
-
Resource group-level authorization applies only to resource types and operations that support resource groups.
-
For resource types that do not support resource groups, granting resource group-level permissions has no effect. When you select a resource scope, choose the account level to grant account-level permissions. For more information, see Operations that do not support resource group-level authorization.
How resource group authorization works
You can use resource groups to organize resources in your Alibaba Cloud account. For example, create resource groups for different projects and move resources into the corresponding groups for centralized management. For more information, see What is a resource group?.
After grouping resources, you can grant permissions for a specific resource group to different RAM entities, such as RAM users, RAM user groups, or RAM roles. This restricts the RAM entity to managing only the resources within that group. For more information, see Resource grouping and authorization.
This authorization method offers the following benefits:
-
Fine-grained permissions: Ensures that each identity has only the access permissions required. This prevents mixed management of resources from multiple projects under one account.
-
High extensibility: When you add new resources, simply add them to the resource group. The RAM identity automatically gains the corresponding permissions for the new resources without requiring additional authorization.
Grant resource group-level permissions to a RAM user
This section uses a RAM user as an example to describe the steps to grant permissions on Alibaba Cloud DNS resources within a specific resource group.
1. Prerequisites
-
Create a RAM user. For more information, see Create a RAM user.
-
Create a resource group and move existing resources to the target resource group. For more information, see Create a resource group, Automatically move resources to a resource group, and Manually move resources to a resource group.
2. Grant resource group-level authorization
You can grant resource group-level authorization using either of the following methods.
Method 1: Grant authorization in the Resource Management console
Use the permission management feature of resource groups to grant authorization to a specific RAM user. For more information, see Grant permissions on a resource group to a RAM identity.
-
Log on to the Resource Group console.
-
On the Resource Groups page, find the target resource group and click Permission Management in the Operation column.
-
On the Permission Management tab, click Grant Permission.
-
In the Grant Permission panel, configure the grantee and access policy.
-
Grantee: Select an existing RAM user.
-
Access Policy: Select a system policy or a created custom policy. For more information, see Create a custom policy.
-
-
Click Confirm New Authorization.
Method 2: Grant authorization in the RAM console
Grant resource group-level authorization to a specific RAM user in the RAM console. For more information, see Manage permissions for a RAM user.
-
Use your Alibaba Cloud account or a RAM administrator to log on to the RAM console.
-
In the navigation pane on the left, choose . On the Users page, find the target RAM user and click Add Permissions in the Operation column.
-
In the Add Permissions panel, add permissions to the RAM user.
-
Resource Scope: Select Resource Group.
-
Grantee: Select an existing RAM user or the RAM user that you created in the preceding steps.
-
Access Policy: Select a system policy or a created custom policy. For more information, see Create a custom policy.
-
-
Click Confirm.
Resource types that support resource groups
The following table lists the resource types in Alibaba Cloud DNS that support resource groups.
|
Alibaba Cloud service |
Service code |
Resource type |
|
Alibaba Cloud DNS |
alidns |
domain: Domain name resolution |
For resource types that do not currently support resource groups, you can submit feedback in the Resource Group console if necessary.
Operations that do not support resource group-level authorization
The following table lists the operations (Actions) in Alibaba Cloud DNS that do not support resource group-level authorization.
|
Action |
Description |
|
alidns:AddBatchDomain |
- |
|
alidns:AddBatchDomainFromFile |
- |
|
alidns:AddBatchRr |
- |
|
alidns:AddBatchTempDomains |
- |
|
alidns:AddDnsCacheDomain |
Adds an authoritative agent domain name for DNS based on the specified parameters. |
|
alidns:AddDnsMonitor |
- |
|
alidns:AddDnsTemplate |
- |
|
alidns:AddDnsTemplateRecord |
- |
|
alidns:AddDohUser |
- |
|
alidns:AddDomainGroup |
Adds a domain name group based on the specified parameters. |
|
alidns:AddGateway |
- |
|
alidns:AddGtmRecoveryPlan |
Adds a disaster recovery plan. |
|
alidns:AddRegistrar |
- |
|
alidns:AddRegistrarContact |
- |
|
alidns:AddRspDomainServerHoldStatusForGateway |
- |
|
alidns:AddRspDomainServerHoldStatusForGatewayOte |
- |
|
alidns:AddRspEppClient |
- |
|
alidns:AddSensitiveName |
- |
|
alidns:AddUserProductFeedback |
- |
|
alidns:BatchDomainRecordOperate |
- |
|
alidns:BindInstanceDomains |
Binds a domain name of a paid DNS edition to an instance ID. |
|
alidns:CancelJob |
- |
|
alidns:CancelOrder |
- |
|
alidns:ChangeBatchDomainGroup |
- |
|
alidns:ChangeDomainOfDnsProduct |
Changes the domain name that is bound to an Alibaba Cloud DNS product. |
|
alidns:ChatAssistantMessage |
- |
|
alidns:CheckDomainRecord |
- |
|
alidns:CheckEdgeDnsClusterConnection |
- |
|
alidns:CheckEdgeDnsClusterDeploymentAppVersion |
- |
|
alidns:CheckEdgeDnsDeploymentAppVersion |
- |
|
alidns:CheckFusionClientAvailable |
- |
|
alidns:CheckGtmInstanceExistence |
- |
|
alidns:CheckInstanceAllowSystemAssign |
- |
|
alidns:CheckSubDomainRecord4Add |
- |
|
alidns:CompleteCommodity |
- |
|
alidns:CompleteCommodityWithoutTraffic |
- |
|
alidns:CopyGtmConfig |
Copies a GTM configuration. |
|
alidns:CreateCloudMonitorTask |
- |
|
alidns:CreateEdgeDnsCluster |
- |
|
alidns:CreateInstance |
- |
|
alidns:CreateMultiCommodityOrder |
- |
|
alidns:CreatePtrRecordSet |
- |
|
alidns:CreateRenewOrder |
- |
|
alidns:CreateRspDomainSuperProhibited |
- |
|
alidns:CreateRspDomainSuperProhibitedOte |
- |
|
alidns:CreateRspEppClient |
- |
|
alidns:CreateRspEppClientOte |
- |
|
alidns:CreateRspGateway |
- |
|
alidns:CreateRspGatewayClientAuthorizedIp |
- |
|
alidns:CreateRspGatewayClientAuthorizedIpOte |
- |
|
alidns:CreateRspGatewayOte |
- |
|
alidns:CreateRspRegistrar |
- |
|
alidns:CreateRspRegistrarContact |
- |
|
alidns:CreateRspRegistrarContactOte |
- |
|
alidns:CreateRspRegistrarOte |
- |
|
alidns:CreateRspReservedName |
- |
|
alidns:CreateRspReservedNameOte |
- |
|
alidns:CreateRspSensitiveName |
- |
|
alidns:CreateRspSensitiveNameOte |
- |
|
alidns:CreateRspTldGatewayConfig |
- |
|
alidns:CreateRspTldGatewayConfigOte |
- |
|
alidns:CreateRspTldMeta |
- |
|
alidns:CreateRspTldMetaOte |
- |
|
alidns:CreateRspTldSuperProhibited |
- |
|
alidns:CreateRspTldSuperProhibitedOte |
- |
|
alidns:DeleteAssistantChat |
- |
|
alidns:DeleteBatchDomain |
- |
|
alidns:DeleteBatchRr |
- |
|
alidns:DeleteCloudGtmAddress |
Deletes an address based on the specified parameters. |
|
alidns:DeleteCloudGtmAddressPool |
Deletes an address pool based on the specified parameters. |
|
alidns:DeleteCloudGtmInstanceConfig |
Deletes the access domain name of a Global Traffic Manager (GTM) 3.0 instance configuration based on the specified parameters. |
|
alidns:DeleteCloudGtmMonitorTemplate |
Deletes a health check template based on the specified parameters. |
|
alidns:DeleteCloudMonitorTask |
- |
|
alidns:DeleteCloudMonitorTasksJob |
- |
|
alidns:DeleteDnsMonitor |
- |
|
alidns:DeleteDnsTemplate |
- |
|
alidns:DeleteDnsTemplateRecord |
- |
|
alidns:DeleteDomainGroup |
Deletes a domain name group. The domain names in the group are moved to the default group. |
|
alidns:DeleteEdgeDnsCluster |
- |
|
alidns:DeleteFusionClientConfig |
- |
|
alidns:DeleteGtmRecoveryPlan |
Deletes a disaster recovery plan. |
|
alidns:DeletePtrRecord |
- |
|
alidns:DeleteRspDomainSuperProhibited |
- |
|
alidns:DeleteRspDomainSuperProhibitedOte |
- |
|
alidns:DeleteRspEppClient |
- |
|
alidns:DeleteRspEppClientOte |
- |
|
alidns:DeleteRspGatewayClientAuthorizedIp |
- |
|
alidns:DeleteRspGatewayClientAuthorizedIpOte |
- |
|
alidns:DeleteRspRegistrar |
- |
|
alidns:DeleteRspRegistrarContact |
- |
|
alidns:DeleteRspRegistrarContactOte |
- |
|
alidns:DeleteRspRegistrarOte |
- |
|
alidns:DeleteRspReservedName |
- |
|
alidns:DeleteRspReservedNameOte |
- |
|
alidns:DeleteRspSensitiveName |
- |
|
alidns:DeleteRspSensitiveNameOte |
- |
|
alidns:DeleteRspTldGatewayConfig |
- |
|
alidns:DeleteRspTldGatewayConfigOte |
- |
|
alidns:DeleteRspTldSuperProhibited |
- |
|
alidns:DeleteRspTldSuperProhibitedOte |
- |
|
alidns:DescribeAccount |
- |
|
alidns:DescribeAlidnsGlobalAlert |
- |
|
alidns:DescribeAlidnsInstances |
- |
|
alidns:DescribeAlidnsPostBusinessStatus |
- |
|
alidns:DescribeAlidnsResolveAnalysisConfig |
- |
|
alidns:DescribeBatchLogs |
- |
|
alidns:DescribeBatchResultCount |
Queries the execution results of a batch operation task based on the task ID. If the task ID is empty, the execution results of the last batch operation task are returned. |
|
alidns:DescribeBatchResultDetail |
Queries the details of batch processing results. |
|
alidns:DescribeBundleRecordTaskResult |
- |
|
alidns:DescribeBundleTempDomains |
- |
|
alidns:DescribeCanAddMonitorDomainRrs |
- |
|
alidns:DescribeCanAddMonitorSubDomainInfo |
- |
|
alidns:DescribeChangeLogs |
- |
|
alidns:DescribeCloudGtmAddress |
Obtains the configuration information of an address based on the specified parameters. |
|
alidns:DescribeCloudGtmAddressPool |
Obtains the configuration information of a specified address pool based on the specified parameters. |
|
alidns:DescribeCloudGtmAddressPoolReference |
Obtains information about the instances that reference an address pool based on the specified parameters. |
|
alidns:DescribeCloudGtmAddressReference |
Obtains information about the address pools and GTM 3.0 instances that reference an address based on the specified parameters. |
|
alidns:DescribeCloudGtmGlobalAlert |
- |
|
alidns:DescribeCloudGtmInstanceConfigAlert |
Obtains the alert configuration of an instance configuration. |
|
alidns:DescribeCloudGtmInstanceConfigFullInfo |
Obtains the complete information about a GTM instance configuration, including the access domain name, alert notifications, address pools, and address details. |
|
alidns:DescribeCloudGtmMonitorTemplate |
Obtains the configuration of a specified health check template based on the specified parameters. |
|
alidns:DescribeCloudGtmResolveAnalysisConfig |
- |
|
alidns:DescribeCloudGtmSummary |
- |
|
alidns:DescribeCloudGtmSystemLines |
Queries the system lines that GTM supports. |
|
alidns:DescribeCloudMonitorDetectCountOverview |
- |
|
alidns:DescribeCloudMonitorDetectCountSummary |
- |
|
alidns:DescribeCloudMonitorDetectLogs |
- |
|
alidns:DescribeCloudMonitorGlobalAlertConfig |
- |
|
alidns:DescribeCloudMonitorLatestDetectLogOverview |
- |
|
alidns:DescribeCloudMonitorLatestDetectLogs |
- |
|
alidns:DescribeCloudMonitorTask |
- |
|
alidns:DescribeCloudMonitorTaskAlertConfig |
- |
|
alidns:DescribeCloudMonitorTaskDetectSummary |
- |
|
alidns:DescribeCloudMonitorTaskOverview |
- |
|
alidns:DescribeDnsCacheDomains |
Queries the list of authoritative agent domain names for the user based on the specified parameters. |
|
alidns:DescribeDnsGtmAddrAttributeInfo |
Queries the region to which an address belongs. |
|
alidns:DescribeDnsGtmAvailableAlertGroup |
Obtains the configurable alert contact groups. |
|
alidns:DescribeDnsGtmMonitorAvailableConfig |
Obtains the configurable settings for DNS health checks. |
|
alidns:DescribeDnsMonitor |
- |
|
alidns:DescribeDnsMonitorAvailableNodes |
- |
|
alidns:DescribeDnsMonitorTaskConfig |
- |
|
alidns:DescribeDnsMonitors |
- |
|
alidns:DescribeDnsProductInstance |
Obtains the details of a paid Alibaba Cloud DNS product instance based on the instance ID. |
|
alidns:DescribeDnsProductInstanceSummary |
- |
|
alidns:DescribeDnsProductInstances |
Obtains a list of paid DNS product instances based on the specified parameters. |
|
alidns:DescribeDnsTemplateInfo |
- |
|
alidns:DescribeDnsTemplates |
- |
|
alidns:DescribeDnsUserInstancesInfo |
- |
|
alidns:DescribeDohAccountStatistics |
Obtains an overview of request statistics for a DNS over HTTPS (DoH) account. |
|
alidns:DescribeDohDomainStatistics |
Obtains an overview of request statistics for a DoH domain name. |
|
alidns:DescribeDohDomainStatisticsSummary |
Obtains a list of request statistics for DoH domain names. |
|
alidns:DescribeDohSdkList |
- |
|
alidns:DescribeDohSubDomainStatistics |
Obtains the request statistics for a DoH subdomain. |
|
alidns:DescribeDohSubDomainStatisticsSummary |
|
|
alidns:DescribeDohUserInfo |
Obtains the basic information of a DoH user. |
|
alidns:DescribeDomainBackups |
- |
|
alidns:DescribeDomainGroups |
Obtains a list of domain name groups based on the specified parameters. |
|
alidns:DescribeDomainLogs |
Obtains the operation logs of a domain name based on the specified parameters. |
|
alidns:DescribeDomainResolveStatisticsSummary |
Queries the list of request volumes for all paid domain names under the user account. |
|
alidns:DescribeDomainStatisticsSummary |
Queries the list of request volumes for all paid domain names under the user account. |
|
alidns:DescribeEdgeDnsAppAgentInfo |
- |
|
alidns:DescribeEdgeDnsAppLatestVersion |
- |
|
alidns:DescribeEdgeDnsClusterFullInfo |
- |
|
alidns:DescribeEdgeDnsClusterNodeContainers |
- |
|
alidns:DescribeEdgeDnsClusterNodeServiceStatus |
- |
|
alidns:DescribeEdgeDnsClusterResource |
- |
|
alidns:DescribeEdgeDnsClusterResourceOverview |
- |
|
alidns:DescribeEdgeDnsDeployNotFinalStatusTask |
- |
|
alidns:DescribeEdgeDnsDeployOptionalIp |
- |
|
alidns:DescribeEdgeDnsDeployOptionalVersion |
- |
|
alidns:DescribeEdgeDnsDeployTask |
- |
|
alidns:DescribeEdgeDnsDeploymentInfo |
- |
|
alidns:DescribeEdgeDnsDeploymentStatistics |
- |
|
alidns:DescribeEdgeDnsNodeConnectionToken |
- |
|
alidns:DescribeEdgeDnsNodeFullInfo |
- |
|
alidns:DescribeFusionOnPremisesInstances |
- |
|
alidns:DescribeFusionResources |
- |
|
alidns:DescribeGtmAvailableAlertGroup |
Obtains the list of available alert contact groups for a GTM instance. |
|
alidns:DescribeGtmMonitorAvailableConfig |
Obtains the configurable settings for health checks. |
|
alidns:DescribeGtmRecoveryPlan |
Obtains the details of a disaster recovery plan. |
|
alidns:DescribeGtmRecoveryPlanAvailableConfig |
Obtains the configurable settings for a disaster recovery plan. |
|
alidns:DescribeGtmRecoveryPlans |
Obtains a list of disaster recovery plans. |
|
alidns:DescribeImportDomainRecordsResult |
- |
|
alidns:DescribeImportDomainsResult |
- |
|
alidns:DescribeInstanceDomains |
Obtains a list of domain names that are bound to an instance. |
|
alidns:DescribeInstanceExtendStatus |
- |
|
alidns:DescribeInternetDnsLogs |
Queries DNS logs. |
|
alidns:DescribeIntranetFirewallProtectionDetail |
- |
|
alidns:DescribeIntranetFirewallProtectionDetails |
- |
|
alidns:DescribeIntranetFirewallProtectionHistory |
- |
|
alidns:DescribeIntranetFirewallProtectionLogs |
- |
|
alidns:DescribeIntranetFirewallProtectionOverview |
- |
|
alidns:DescribeIntranetFirewallProtectionRankings |
- |
|
alidns:DescribeInvalidDomains |
- |
|
alidns:DescribeIspFlushCacheInstances |
- |
|
alidns:DescribeIspFlushCacheRemainQuota |
Obtains the remaining number of available cache purges. |
|
alidns:DescribeIspFlushCacheTask |
Obtains the details of a cache purge task. |
|
alidns:DescribeIspFlushCacheTasks |
- |
|
alidns:DescribeJobOverview |
- |
|
alidns:DescribeJobs |
- |
|
alidns:DescribePostBusinessServiceStatus |
- |
|
alidns:DescribePtrRecordSet |
- |
|
alidns:DescribePtrRecords |
- |
|
alidns:DescribeRecommendCommodities |
- |
|
alidns:DescribeRecursionFirewallProtectionDetail |
- |
|
alidns:DescribeRecursionFirewallProtectionDetails |
- |
|
alidns:DescribeRecursionFirewallProtectionHistory |
- |
|
alidns:DescribeRecursionFirewallProtectionLogs |
- |
|
alidns:DescribeRecursionFirewallProtectionOverview |
- |
|
alidns:DescribeRecursionFirewallProtectionRankings |
- |
|
alidns:DescribeResolveAndOperatorClusterAssociationOverview |
- |
|
alidns:DescribeResolveSummary |
- |
|
alidns:DescribeRestoreDomainResults |
- |
|
alidns:DescribeRestoringDomainTasks |
- |
|
alidns:DescribeRspDomainStatus |
- |
|
alidns:DescribeRspDomainStatusOte |
- |
|
alidns:DescribeRspGateway |
- |
|
alidns:DescribeRspGatewayOte |
- |
|
alidns:DescribeRspRegistrarForRegistrar |
- |
|
alidns:DescribeRspRegistrarForRegistrarOte |
- |
|
alidns:DescribeRspRegistrarForRegistry |
- |
|
alidns:DescribeRspRegistrarForRegistryOte |
- |
|
alidns:DescribeRspTld |
- |
|
alidns:DescribeRspTldMeta |
- |
|
alidns:DescribeRspTldMetaOte |
- |
|
alidns:DescribeRspTldOte |
- |
|
alidns:DescribeSiteMonitor |
- |
|
alidns:DescribeSiteMonitorIspCityInfos |
- |
|
alidns:DescribeSiteMonitorIspInfos |
- |
|
alidns:DescribeSlaveDnsDomains |
- |
|
alidns:DescribeSubJobs |
- |
|
alidns:DescribeSubdomainRecords |
- |
|
alidns:DescribeSupportLines |
Queries the list of all lines that Alibaba Cloud DNS supports. |
|
alidns:DescribeTags |
Queries existing tags. |
|
alidns:DescribeTransferDomains |
Obtains a list of DNS records for cross-account transfer based on the specified parameters. |
|
alidns:DescribeUserContactInfo |
- |
|
alidns:DescribeUserGrayStatus |
- |
|
alidns:DescribleMultiCommodityPrices |
- |
|
alidns:ExecuteGtmRecoveryPlan |
Executes a disaster recovery plan. |
|
alidns:ExportDomainJob |
- |
|
alidns:ExportResolveSummaryJob |
- |
|
alidns:FetchFusionFirewallThreatDownloadUrl |
- |
|
alidns:FinishEdgeDnsDeployTask |
- |
|
alidns:GetMainDomainName |
Obtains the root domain name based on the specified parameters. |
|
alidns:GetTxtRecordForRetrievalDomainName |
- |
|
alidns:GetTxtRecordForVerify |
Generates a TXT record. This is used for features such as domain name retrieval, subdomain retrieval, subdomain verification, and batch retrieval. |
|
alidns:ListAlidnsAlertLogs |
- |
|
alidns:ListAssistantChat |
- |
|
alidns:ListAssistantMessage |
- |
|
alidns:ListAssistantQuestionGuide |
- |
|
alidns:ListAssociatedResolveClusters |
- |
|
alidns:ListAvailableAlertGroups |
- |
|
alidns:ListCloudGtmAddressPools |
Obtains a list of address pools. |
|
alidns:ListCloudGtmAddresses |
Obtains a list of addresses based on the specified parameters. |
|
alidns:ListCloudGtmAlertLogs |
Obtains a list of alert logs. |
|
alidns:ListCloudGtmAvailableAlertGroups |
- |
|
alidns:ListCloudGtmInstanceConfigs |
Obtains a list of instance configurations, including access domain names and address pool information. |
|
alidns:ListCloudGtmInstances |
Obtains a list of GTM 3.0 instances based on the specified parameters. |
|
alidns:ListCloudGtmMonitorNodes |
Obtains a list of health check probes based on the specified parameters. |
|
alidns:ListCloudGtmMonitorTemplates |
Obtains a list of health check templates based on the specified parameters. |
|
alidns:ListCloudMonitorAlertLogs |
- |
|
alidns:ListCloudMonitorProbes |
- |
|
alidns:ListCloudMonitorTasks |
- |
|
alidns:ListEdgeDnsAlertLogs |
- |
|
alidns:ListEdgeDnsClusters |
- |
|
alidns:ListEdgeDnsNodes |
- |
|
alidns:ListEdgeDnsNotifyConfigs |
- |
|
alidns:ListEdgeDnsNotifyGatewayConfigs |
- |
|
alidns:ListEdgeDnsResolveLogs |
- |
|
alidns:ListEppClient |
- |
|
alidns:ListRspContacts |
- |
|
alidns:ListRspContactsOte |
- |
|
alidns:ListRspDomainSuperProhibited |
- |
|
alidns:ListRspDomainSuperProhibitedOte |
- |
|
alidns:ListRspDomains |
- |
|
alidns:ListRspDomainsOte |
- |
|
alidns:ListRspEppClient |
- |
|
alidns:ListRspEppClientOte |
- |
|
alidns:ListRspEppClients |
- |
|
alidns:ListRspEppClientsOte |
- |
|
alidns:ListRspGateway |
- |
|
alidns:ListRspGatewayClientAuthorizedIp |
- |
|
alidns:ListRspGatewayClientAuthorizedIpOte |
- |
|
alidns:ListRspGatewayOte |
- |
|
alidns:ListRspHosts |
- |
|
alidns:ListRspHostsOte |
- |
|
alidns:ListRspInternalRegistrars |
- |
|
alidns:ListRspInternalRegistrarsOte |
- |
|
alidns:ListRspOperator |
- |
|
alidns:ListRspOperatorOte |
- |
|
alidns:ListRspRegistrarContact |
- |
|
alidns:ListRspRegistrarContactOte |
- |
|
alidns:ListRspRegistrars |
- |
|
alidns:ListRspRegistrarsOte |
- |
|
alidns:ListRspReservedName |
- |
|
alidns:ListRspReservedNameOte |
- |
|
alidns:ListRspSensitiveName |
- |
|
alidns:ListRspSensitiveNameOte |
- |
|
alidns:ListRspTld |
- |
|
alidns:ListRspTldGatewayConfig |
- |
|
alidns:ListRspTldGatewayConfigOte |
- |
|
alidns:ListRspTldOte |
- |
|
alidns:ListRspTldSuperProhibited |
- |
|
alidns:ListRspTldSuperProhibitedOte |
- |
|
alidns:ListTagResources |
Queries resources by tag. |
|
alidns:ListTld |
- |
|
alidns:ManuallyRetryEdgeDnsClusterDispatchDataJob |
- |
|
alidns:OpenPostBusinessService |
- |
|
alidns:OperateBatchDomain |
Performs batch operations to add or delete domain names and DNS records. |
|
alidns:OperateRspRegistration |
- |
|
alidns:OperateRspRegistrationOte |
- |
|
alidns:OrderPaidNotice |
- |
|
alidns:PreviewGtmRecoveryPlan |
Previews a disaster recovery plan. |
|
alidns:QueryAllowRenewPeriodList |
- |
|
alidns:QueryDnsMonitorErrorEvent |
- |
|
alidns:QueryDnsMonitorFailureRate |
- |
|
alidns:QueryDnsMonitorHistory |
- |
|
alidns:QueryDnsMonitorLast |
- |
|
alidns:QueryDnsMonitorNodeResponseTime |
- |
|
alidns:QueryDnsMonitorStatistics |
- |
|
alidns:QueryEdgeDnsMonitors |
- |
|
alidns:QueryEdgeDnsResolveQps |
- |
|
alidns:QueryEdgeDnsTopData |
- |
|
alidns:QueryEdgeDnsTopDomain |
- |
|
alidns:QueryEdgeDnsTopRCode |
- |
|
alidns:QueryInstanceUnpaidOrder |
- |
|
alidns:QueryRenewPrice |
- |
|
alidns:RecheckInvalidDomain |
- |
|
alidns:ReclaimDomain |
- |
|
alidns:RefundOrder |
- |
|
alidns:RemoveRspDomainServerHoldStatusForGateway |
- |
|
alidns:RemoveRspDomainServerHoldStatusForGatewayOte |
- |
|
alidns:ReplaceAlidnsResolveAnalysisConfig |
- |
|
alidns:ReplaceCloudGtmResolveAnalysisConfig |
- |
|
alidns:ReplacePtrRecordSet |
- |
|
alidns:ResetBatchResult |
- |
|
alidns:ResetImportDomainsResult |
- |
|
alidns:ResetRspEppClientPassword |
- |
|
alidns:ResetRspEppClientPasswordOTE |
- |
|
alidns:RetrieveBatchDomain |
- |
|
alidns:RetrieveDomain |
Performs a domain name retrieval operation. |
|
alidns:RollbackGtmRecoveryPlan |
Roll back the disaster recovery plan. |
|
alidns:SaveResolveClustersAssociation |
- |
|
alidns:ScanSubdomainRecords |
- |
|
alidns:SearchCloudGtmAddressPools |
Searches for a list of address pools based on the specified parameters. |
|
alidns:SearchCloudGtmAddresses |
Searches for a list of addresses by address name, remarks, referenced health check template, or address ID. |
|
alidns:SearchCloudGtmInstanceConfigs |
Searches for a list of instance configurations based on the specified parameters. |
|
alidns:SearchCloudGtmInstances |
Searches for a list of instances based on the specified parameters. |
|
alidns:SearchCloudGtmMonitorTemplates |
Queries for a list of health check templates. |
|
alidns:SearchCloudMonitorTasks |
- |
|
alidns:SearchEdgeDnsClusters |
- |
|
alidns:SearchEdgeDnsNodes |
- |
|
alidns:SendVerifyCode |
- |
|
alidns:SetCloudGtmInstanceConfigLogSwitch |
- |
|
alidns:SetCloudMonitorTaskStatus |
- |
|
alidns:SetDomainAuthLogConfig |
- |
|
alidns:SetEdgeDnsClusterRecurseEnableStatus |
- |
|
alidns:SetInstanceRenewalStatus |
- |
|
alidns:SetPtrRecordStatus |
- |
|
alidns:SubmitEdgeDnsDeployRetryTask |
- |
|
alidns:SubmitEdgeDnsDeployTask |
- |
|
alidns:SubmitImportDomainRecordsFile |
- |
|
alidns:SubmitIspFlushCacheTask |
- |
|
alidns:TagResources |
Adds or modifies the tags of resources. |
|
alidns:TemporaryCancelFusionResource |
- |
|
alidns:TransferBatchDomain |
- |
|
alidns:UnbindInstanceDomains |
Unbinds a domain name of a paid DNS edition from an instance based on the instance ID. |
|
alidns:UntagResources |
Deletes the tags of resources. |
|
alidns:UpdateAlidnsGlobalAlert |
- |
|
alidns:UpdateAlidnsLineRecordSet |
- |
|
alidns:UpdateAlidnsResolveAnalysisConfig |
- |
|
alidns:UpdateAssistantChatName |
- |
|
alidns:UpdateAssistantMessageFeedback |
- |
|
alidns:UpdateBatchRr |
- |
|
alidns:UpdateCloudGtmAddressEnableStatus |
Modifies the enabled status of an address based on the specified parameters. |
|
alidns:UpdateCloudGtmAddressManualAvailableStatus |
Modifies the switchover method for an abnormal address detected by a health check based on the specified parameters. |
|
alidns:UpdateCloudGtmAddressPoolEnableStatus |
Modifies the enabled status of an address pool based on the specified parameters. |
|
alidns:UpdateCloudGtmAddressPoolRemark |
Modifies the remarks of an address pool based on the specified parameters. |
|
alidns:UpdateCloudGtmAddressRemark |
Modifies the remarks of an address based on the address ID. |
|
alidns:UpdateCloudGtmGlobalAlert |
- |
|
alidns:UpdateCloudGtmInstanceConfigBasic |
Updates the global TTL configuration of a GTM 3.0 instance based on the specified parameters. |
|
alidns:UpdateCloudGtmInstanceConfigRemark |
Updates the remarks of an instance based on the specified parameters. |
|
alidns:UpdateCloudGtmInstanceName |
- |
|
alidns:UpdateCloudGtmMonitorTemplateRemark |
- |
|
alidns:UpdateCloudGtmResolveAnalysisConfig |
- |
|
alidns:UpdateCloudMonitorGlobalAlertConfig |
- |
|
alidns:UpdateCloudMonitorTask |
- |
|
alidns:UpdateCloudMonitorTaskAlertConfig |
- |
|
alidns:UpdateCloudMonitorTaskRemark |
- |
|
alidns:UpdateDnsMonitor |
- |
|
alidns:UpdateDnsTemplateName |
- |
|
alidns:UpdateDnsTemplateRecord |
- |
|
alidns:UpdateDomainGroup |
Modifies the name of a domain name group based on the specified parameters. |
|
alidns:UpdateDomainServerHoldStatus |
- |
|
alidns:UpdateDomainStatus |
- |
|
alidns:UpdateEdgeDnsCluster |
- |
|
alidns:UpdateEdgeDnsClusterRecurseRemark |
- |
|
alidns:UpdateEdgeDnsNodeName |
- |
|
alidns:UpdateEdgeDnsNodeOperationIp |
- |
|
alidns:UpdateEdgeDnsNodeRemark |
- |
|
alidns:UpdateEdgeDnsNotifyConfig |
- |
|
alidns:UpdateEdgeDnsNotifyGatewayConfig |
- |
|
alidns:UpdateEdgeDnsSyslogDnsLogNotifyConfig |
- |
|
alidns:UpdateFusionClientConfig |
- |
|
alidns:UpdateFusionClientNodeEscapeConfig |
- |
|
alidns:UpdateFusionFirewallSubscriptionConfig |
- |
|
alidns:UpdateGtmRecoveryPlan |
Modifies a disaster recovery plan. |
|
alidns:UpdateIspFlushCacheInstanceConfig |
- |
|
alidns:UpdatePtrRecordRemark |
- |
|
alidns:UpdateRspDomainServerHoldStatus |
- |
|
alidns:UpdateRspDomainServerHoldStatusOte |
- |
|
alidns:UpdateRspDomainServerProhibitStatus |
- |
|
alidns:UpdateRspDomainServerProhibitStatusForGateway |
- |
|
alidns:UpdateRspDomainServerProhibitStatusForGatewayOte |
- |
|
alidns:UpdateRspDomainServerProhibitStatusOte |
- |
|
alidns:UpdateRspDomainStatus |
- |
|
alidns:UpdateRspDomainStatusOte |
- |
|
alidns:UpdateRspEppClient |
- |
|
alidns:UpdateRspEppClientAllowedTlds |
- |
|
alidns:UpdateRspEppClientAllowedTldsOte |
- |
|
alidns:UpdateRspEppClientGatewayId |
- |
|
alidns:UpdateRspEppClientGatewayIdOte |
- |
|
alidns:UpdateRspEppClientIpWhiteList |
- |
|
alidns:UpdateRspEppClientIpWhiteListOte |
- |
|
alidns:UpdateRspEppClientMaxConnection |
- |
|
alidns:UpdateRspEppClientMaxConnectionOte |
- |
|
alidns:UpdateRspEppClientOte |
- |
|
alidns:UpdateRspEppClientRemark |
- |
|
alidns:UpdateRspEppClientRemarkOte |
- |
|
alidns:UpdateRspEppClientStatus |
- |
|
alidns:UpdateRspEppClientStatusOte |
- |
|
alidns:UpdateRspEppClientTld |
- |
|
alidns:UpdateRspEppClientTldOte |
- |
|
alidns:UpdateRspGateway |
- |
|
alidns:UpdateRspGatewayClientAuthorizedIp |
- |
|
alidns:UpdateRspGatewayClientAuthorizedIpOte |
- |
|
alidns:UpdateRspGatewayOte |
- |
|
alidns:UpdateRspGatewayStatus |
- |
|
alidns:UpdateRspGatewayStatusOte |
- |
|
alidns:UpdateRspRegistrar |
- |
|
alidns:UpdateRspRegistrarContact |
- |
|
alidns:UpdateRspRegistrarContactOte |
- |
|
alidns:UpdateRspRegistrarOte |
- |
|
alidns:UpdateRspRegistrarStatus |
- |
|
alidns:UpdateRspRegistrarStatusOte |
- |
|
alidns:UpdateRspReservedName |
- |
|
alidns:UpdateRspReservedNameOte |
- |
|
alidns:UpdateRspSensitiveName |
- |
|
alidns:UpdateRspSensitiveNameOte |
- |
|
alidns:UpdateRspTld |
- |
|
alidns:UpdateRspTldDisableCommand |
- |
|
alidns:UpdateRspTldDisableCommandOte |
- |
|
alidns:UpdateRspTldGatewayConfig |
- |
|
alidns:UpdateRspTldGatewayConfigOte |
- |
|
alidns:UpdateRspTldOte |
- |
|
alidns:UpdateRspTldPrice |
- |
|
alidns:UpdateRspTldPriceOte |
- |
|
alidns:UpdateRspTldStatus |
- |
|
alidns:UpdateRspTldStatusOte |
- |
|
alidns:UpdateUserProductFeedback |
- |
|
alidns:ValidateDomainCanAdd |
- |
|
alidns:ValidateVerifyCode |
- |
|
alidns:VerifyAccount |
- |
|
alidns:VerifyTxtRecord |
- |
|
alidns:VerifyTxtRecordForRetrievalDomainName |
- |
|
alidns:addDomainRecord |
- |
|
alidns:createTldMeta |
- |
|
alidns:deleteDomainRecord |
- |
|
alidns:null |
- |
|
alidns:read |
- |
|
alidns:setDomainRecordStatus |
- |
|
alidns:update |
- |
|
alidns:updateDomainRecord |
- |
|
alidns:updateDomainRecordRemark |
- |
For operations that do not support resource group authorization, setting the resource scope to Resource Group has no effect. If a RAM user still requires permissions for these operations, you must create a custom policy and set the resource scope to Account during authorization.
The following code provides two examples of custom policies. You can modify the policies as needed.
-
Allows all read-only operations that do not support resource group-level authorization: The
Actionelement lists all read-only operations that do not support resource group-level authorization.{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "alidns:CheckDomainRecord", "alidns:CheckEdgeDnsClusterConnection", "alidns:CheckEdgeDnsClusterDeploymentAppVersion", "alidns:CheckEdgeDnsDeploymentAppVersion", "alidns:CheckFusionClientAvailable", "alidns:CheckGtmInstanceExistence", "alidns:CheckInstanceAllowSystemAssign", "alidns:CheckSubDomainRecord4Add", "alidns:DescribeAccount", "alidns:DescribeAlidnsGlobalAlert", "alidns:DescribeAlidnsInstances", "alidns:DescribeAlidnsPostBusinessStatus", "alidns:DescribeAlidnsResolveAnalysisConfig", "alidns:DescribeBatchLogs", "alidns:DescribeBatchResultCount", "alidns:DescribeBatchResultDetail", "alidns:DescribeBundleRecordTaskResult", "alidns:DescribeBundleTempDomains", "alidns:DescribeCanAddMonitorDomainRrs", "alidns:DescribeCanAddMonitorSubDomainInfo", "alidns:DescribeChangeLogs", "alidns:DescribeCloudGtmAddress", "alidns:DescribeCloudGtmAddressPool", "alidns:DescribeCloudGtmAddressPoolReference", "alidns:DescribeCloudGtmAddressReference", "alidns:DescribeCloudGtmGlobalAlert", "alidns:DescribeCloudGtmInstanceConfigAlert", "alidns:DescribeCloudGtmInstanceConfigFullInfo", "alidns:DescribeCloudGtmMonitorTemplate", "alidns:DescribeCloudGtmResolveAnalysisConfig", "alidns:DescribeCloudGtmSummary", "alidns:DescribeCloudGtmSystemLines", "alidns:DescribeCloudMonitorDetectCountOverview", "alidns:DescribeCloudMonitorDetectCountSummary", "alidns:DescribeCloudMonitorDetectLogs", "alidns:DescribeCloudMonitorGlobalAlertConfig", "alidns:DescribeCloudMonitorLatestDetectLogOverview", "alidns:DescribeCloudMonitorLatestDetectLogs", "alidns:DescribeCloudMonitorTask", "alidns:DescribeCloudMonitorTaskAlertConfig", "alidns:DescribeCloudMonitorTaskDetectSummary", "alidns:DescribeCloudMonitorTaskOverview", "alidns:DescribeDnsCacheDomains", "alidns:DescribeDnsGtmAddrAttributeInfo", "alidns:DescribeDnsGtmAvailableAlertGroup", "alidns:DescribeDnsGtmMonitorAvailableConfig", "alidns:DescribeDnsMonitor", "alidns:DescribeDnsMonitorAvailableNodes", "alidns:DescribeDnsMonitorTaskConfig", "alidns:DescribeDnsMonitors", "alidns:DescribeDnsProductInstance", "alidns:DescribeDnsProductInstanceSummary", "alidns:DescribeDnsProductInstances", "alidns:DescribeDnsTemplateInfo", "alidns:DescribeDnsTemplates", "alidns:DescribeDnsUserInstancesInfo", "alidns:DescribeDohAccountStatistics", "alidns:DescribeDohDomainStatistics", "alidns:DescribeDohDomainStatisticsSummary", "alidns:DescribeDohSdkList", "alidns:DescribeDohSubDomainStatistics", "alidns:DescribeDohSubDomainStatisticsSummary", "alidns:DescribeDohUserInfo", "alidns:DescribeDomainBackups", "alidns:DescribeDomainGroups", "alidns:DescribeDomainLogs", "alidns:DescribeDomainResolveStatisticsSummary", "alidns:DescribeDomainStatisticsSummary", "alidns:DescribeEdgeDnsAppAgentInfo", "alidns:DescribeEdgeDnsAppLatestVersion", "alidns:DescribeEdgeDnsClusterFullInfo", "alidns:DescribeEdgeDnsClusterNodeContainers", "alidns:DescribeEdgeDnsClusterNodeServiceStatus", "alidns:DescribeEdgeDnsClusterResource", "alidns:DescribeEdgeDnsClusterResourceOverview", "alidns:DescribeEdgeDnsDeployNotFinalStatusTask", "alidns:DescribeEdgeDnsDeployOptionalIp", "alidns:DescribeEdgeDnsDeployOptionalVersion", "alidns:DescribeEdgeDnsDeployTask", "alidns:DescribeEdgeDnsDeploymentInfo", "alidns:DescribeEdgeDnsDeploymentStatistics", "alidns:DescribeEdgeDnsNodeConnectionToken", "alidns:DescribeEdgeDnsNodeFullInfo", "alidns:DescribeFusionOnPremisesInstances", "alidns:DescribeFusionResources", "alidns:DescribeGtmAvailableAlertGroup", "alidns:DescribeGtmMonitorAvailableConfig", "alidns:DescribeGtmRecoveryPlan", "alidns:DescribeGtmRecoveryPlanAvailableConfig", "alidns:DescribeGtmRecoveryPlans", "alidns:DescribeImportDomainRecordsResult", "alidns:DescribeImportDomainsResult", "alidns:DescribeInstanceDomains", "alidns:DescribeInstanceExtendStatus", "alidns:DescribeInternetDnsLogs", "alidns:DescribeIntranetFirewallProtectionDetail", "alidns:DescribeIntranetFirewallProtectionDetails", "alidns:DescribeIntranetFirewallProtectionHistory", "alidns:DescribeIntranetFirewallProtectionLogs", "alidns:DescribeIntranetFirewallProtectionOverview", "alidns:DescribeIntranetFirewallProtectionRankings", "alidns:DescribeInvalidDomains", "alidns:DescribeIspFlushCacheInstances", "alidns:DescribeIspFlushCacheRemainQuota", "alidns:DescribeIspFlushCacheTask", "alidns:DescribeIspFlushCacheTasks", "alidns:DescribeJobOverview", "alidns:DescribeJobs", "alidns:DescribePostBusinessServiceStatus", "alidns:DescribePtrRecordSet", "alidns:DescribePtrRecords", "alidns:DescribeRecommendCommodities", "alidns:DescribeRecursionFirewallProtectionDetail", "alidns:DescribeRecursionFirewallProtectionDetails", "alidns:DescribeRecursionFirewallProtectionHistory", "alidns:DescribeRecursionFirewallProtectionLogs", "alidns:DescribeRecursionFirewallProtectionOverview", "alidns:DescribeRecursionFirewallProtectionRankings", "alidns:DescribeResolveAndOperatorClusterAssociationOverview", "alidns:DescribeResolveSummary", "alidns:DescribeRestoreDomainResults", "alidns:DescribeRestoringDomainTasks", "alidns:DescribeRspDomainStatus", "alidns:DescribeRspDomainStatusOte", "alidns:DescribeRspGateway", "alidns:DescribeRspGatewayOte", "alidns:DescribeRspRegistrarForRegistrar", "alidns:DescribeRspRegistrarForRegistrarOte", "alidns:DescribeRspRegistrarForRegistry", "alidns:DescribeRspRegistrarForRegistryOte", "alidns:DescribeRspTld", "alidns:DescribeRspTldMeta", "alidns:DescribeRspTldMetaOte", "alidns:DescribeRspTldOte", "alidns:DescribeSiteMonitor", "alidns:DescribeSiteMonitorIspCityInfos", "alidns:DescribeSiteMonitorIspInfos", "alidns:DescribeSlaveDnsDomains", "alidns:DescribeSubJobs", "alidns:DescribeSubdomainRecords", "alidns:DescribeSupportLines", "alidns:DescribeTags", "alidns:DescribeTransferDomains", "alidns:DescribeUserContactInfo", "alidns:DescribeUserGrayStatus", "alidns:GetMainDomainName", "alidns:GetTxtRecordForRetrievalDomainName", "alidns:GetTxtRecordForVerify", "alidns:ListAlidnsAlertLogs", "alidns:ListAssistantChat", "alidns:ListAssistantMessage", "alidns:ListAssistantQuestionGuide", "alidns:ListAssociatedResolveClusters", "alidns:ListAvailableAlertGroups", "alidns:ListCloudGtmAddressPools", "alidns:ListCloudGtmAddresses", "alidns:ListCloudGtmAlertLogs", "alidns:ListCloudGtmAvailableAlertGroups", "alidns:ListCloudGtmInstanceConfigs", "alidns:ListCloudGtmInstances", "alidns:ListCloudGtmMonitorNodes", "alidns:ListCloudGtmMonitorTemplates", "alidns:ListCloudMonitorAlertLogs", "alidns:ListCloudMonitorProbes", "alidns:ListCloudMonitorTasks", "alidns:ListEdgeDnsAlertLogs", "alidns:ListEdgeDnsClusters", "alidns:ListEdgeDnsNodes", "alidns:ListEdgeDnsNotifyConfigs", "alidns:ListEdgeDnsNotifyGatewayConfigs", "alidns:ListEdgeDnsResolveLogs", "alidns:ListEppClient", "alidns:ListRspContacts", "alidns:ListRspContactsOte", "alidns:ListRspDomainSuperProhibited", "alidns:ListRspDomainSuperProhibitedOte", "alidns:ListRspDomains", "alidns:ListRspDomainsOte", "alidns:ListRspEppClient", "alidns:ListRspEppClientOte", "alidns:ListRspEppClients", "alidns:ListRspEppClientsOte", "alidns:ListRspGateway", "alidns:ListRspGatewayClientAuthorizedIp", "alidns:ListRspGatewayClientAuthorizedIpOte", "alidns:ListRspGatewayOte", "alidns:ListRspHosts", "alidns:ListRspHostsOte", "alidns:ListRspInternalRegistrars", "alidns:ListRspInternalRegistrarsOte", "alidns:ListRspOperator", "alidns:ListRspOperatorOte", "alidns:ListRspRegistrarContact", "alidns:ListRspRegistrarContactOte", "alidns:ListRspRegistrars", "alidns:ListRspRegistrarsOte", "alidns:ListRspReservedName", "alidns:ListRspReservedNameOte", "alidns:ListRspSensitiveName", "alidns:ListRspSensitiveNameOte", "alidns:ListRspTld", "alidns:ListRspTldGatewayConfig", "alidns:ListRspTldGatewayConfigOte", "alidns:ListRspTldOte", "alidns:ListRspTldSuperProhibited", "alidns:ListRspTldSuperProhibitedOte", "alidns:ListTagResources", "alidns:ListTld", "alidns:QueryAllowRenewPeriodList", "alidns:QueryDnsMonitorErrorEvent", "alidns:QueryDnsMonitorFailureRate", "alidns:QueryDnsMonitorHistory", "alidns:QueryDnsMonitorLast", "alidns:QueryDnsMonitorNodeResponseTime", "alidns:QueryDnsMonitorStatistics", "alidns:QueryEdgeDnsMonitors", "alidns:QueryEdgeDnsResolveQps", "alidns:QueryEdgeDnsTopData", "alidns:QueryEdgeDnsTopDomain", "alidns:QueryEdgeDnsTopRCode", "alidns:QueryInstanceUnpaidOrder", "alidns:QueryRenewPrice", "alidns:SearchCloudGtmAddressPools", "alidns:SearchCloudGtmAddresses", "alidns:SearchCloudGtmInstanceConfigs", "alidns:SearchCloudGtmInstances", "alidns:SearchCloudGtmMonitorTemplates", "alidns:SearchCloudMonitorTasks", "alidns:SearchEdgeDnsClusters", "alidns:SearchEdgeDnsNodes", "alidns:ValidateDomainCanAdd" ], "Resource": "*" } ] } -
Allows all operations that do not support resource group-level authorization: The
Actionelement lists all operations that do not support resource group-level authorization.{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "alidns:AddBatchDomain", "alidns:AddBatchDomainFromFile", "alidns:AddBatchRr", "alidns:AddBatchTempDomains", "alidns:AddDnsCacheDomain", "alidns:AddDnsMonitor", "alidns:AddDnsTemplate", "alidns:AddDnsTemplateRecord", "alidns:AddDohUser", "alidns:AddDomainGroup", "alidns:AddGateway", "alidns:AddGtmRecoveryPlan", "alidns:AddRegistrar", "alidns:AddRegistrarContact", "alidns:AddRspDomainServerHoldStatusForGateway", "alidns:AddRspDomainServerHoldStatusForGatewayOte", "alidns:AddRspEppClient", "alidns:AddSensitiveName", "alidns:AddUserProductFeedback", "alidns:BatchDomainRecordOperate", "alidns:BindInstanceDomains", "alidns:CancelJob", "alidns:CancelOrder", "alidns:ChangeBatchDomainGroup", "alidns:ChangeDomainOfDnsProduct", "alidns:ChatAssistantMessage", "alidns:CheckDomainRecord", "alidns:CheckEdgeDnsClusterConnection", "alidns:CheckEdgeDnsClusterDeploymentAppVersion", "alidns:CheckEdgeDnsDeploymentAppVersion", "alidns:CheckFusionClientAvailable", "alidns:CheckGtmInstanceExistence", "alidns:CheckInstanceAllowSystemAssign", "alidns:CheckSubDomainRecord4Add", "alidns:CompleteCommodity", "alidns:CompleteCommodityWithoutTraffic", "alidns:CopyGtmConfig", "alidns:CreateCloudMonitorTask", "alidns:CreateEdgeDnsCluster", "alidns:CreateInstance", "alidns:CreateMultiCommodityOrder", "alidns:CreatePtrRecordSet", "alidns:CreateRenewOrder", "alidns:CreateRspDomainSuperProhibited", "alidns:CreateRspDomainSuperProhibitedOte", "alidns:CreateRspEppClient", "alidns:CreateRspEppClientOte", "alidns:CreateRspGateway", "alidns:CreateRspGatewayClientAuthorizedIp", "alidns:CreateRspGatewayClientAuthorizedIpOte", "alidns:CreateRspGatewayOte", "alidns:CreateRspRegistrar", "alidns:CreateRspRegistrarContact", "alidns:CreateRspRegistrarContactOte", "alidns:CreateRspRegistrarOte", "alidns:CreateRspReservedName", "alidns:CreateRspReservedNameOte", "alidns:CreateRspSensitiveName", "alidns:CreateRspSensitiveNameOte", "alidns:CreateRspTldGatewayConfig", "alidns:CreateRspTldGatewayConfigOte", "alidns:CreateRspTldMeta", "alidns:CreateRspTote", "alidns:CreateRspTldSuperProhibited", "alidns:CreateRspTldSuperProhibitedOte", "alidns:DeleteAssistantChat", "alidns:DeleteBatchDomain", "alidns:DeleteBatchRr", "alidns:DeleteCloudGtmAddress", "alidns:DeleteCloudGtmAddressPool", "alidns:DeleteCloudGtmInstanceConfig", "alidns:DeleteCloudGtmMonitorTemplate", "alidns:DeleteCloudMonitorTask", "alidns:DeleteCloudMonitorTasksJob", "alidns:DeleteDnsMonitor", "alidns:DeleteDnsTemplate", "alidns:DeleteDnsTemplateRecord", "alidns:DeleteDomainGroup", "alidns:DeleteEdgeDnsCluster", "alidns:DeleteFusionClientConfig", "alidns:DeleteGtmRecoveryPlan", "alidns:DeletePtrRecord", "alidns:DeleteRspDomainSuperProhibited", "alidns:DeleteRspDomainSuperProhibitedOte", "alidns:DeleteRspEppClient", "alidns:DeleteRspEppClientOte", "alidns:DeleteRspGatewayClientAuthorizedIp", "alidns:DeleteRspGatewayClientAuthorizedIpOte", "alidns:DeleteRspRegistrar", "alidns:DeleteRspRegistrarContact", "alidns:DeleteRspRegistrarContactOte", "alidns:DeleteRspRegistrarOte", "alidns:DeleteRspReservedName", "alidns:DeleteRspReservedNameOte", "alidns:DeleteRspSensitiveName", "alidns:DeleteRspSensitiveNameOte", "alidns:DeleteRspTldGatewayConfig", "alidns:DeleteRspTldGatewayConfigOte", "alidns:DeleteRspTldSuperProhibited", "alidns:DeleteRspTldSuperProhibitedOte", "alidns:DescribeAccount", "alidns:DescribeAlidnsGlobalAlert", "alidns:DescribeAlidnsInstances", "alidns:DescribeAlidnsPostBusinessStatus", "alidns:DescribeAlidnsResolveAnalysisConfig", "alidns:DescribeBatchLogs", "alidns:DescribeBatchResultCount", "alidns:DescribeBatchResultDetail", "alidns:DescribeBundleRecordTaskResult", "alidns:DescribeBundleTempDomains", "alidns:DescribeCanAddMonitorDomainRrs", "alidns:DescribeCanAddMonitorSubDomainInfo", "alidns:DescribeChangeLogs", "alidns:DescribeCloudGtmAddress", "alidns:DescribeCloudGtmAddressPool", "alidns:DescribeCloudGtmAddressPoolReference", "alidns:DescribeCloudGtmAddressReference", "alidns:DescribeCloudGtmGlobalAlert", "alidns:DescribeCloudGtmInstanceConfigAlert", "alidns:DescribeCloudGtmInstanceConfigFullInfo", "alidns:DescribeCloudGtmMonitorTemplate", "alidns:DescribeCloudGtmResolveAnalysisConfig", "alidns:DescribeCloudGtmSummary", "alidns:DescribeCloudGtmSystemLines", "alidns:DescribeCloudMonitorDetectCountOverview", "alidns:DescribeCloudMonitorDetectCountSummary", "alidns:DescribeCloudMonitorDetectLogs", "alidns:DescribeCloudMonitorGlobalAlertConfig", "alidns:DescribeCloudMonitorLatestDetectLogOverview", "alidns:DescribeCloudMonitorLatestDetectLogs", "alidns:DescribeCloudMonitorTask", "alidns:DescribeCloudMonitorTaskAlertConfig", "alidns:DescribeCloudMonitorTaskDetectSummary", "alidns:DescribeCloudMonitorTaskOverview", "alidns:DescribeDnsCacheDomains", "alidns:DescribeDnsGtmAddrAttributeInfo", "alidns:DescribeDnsGtmAvailableAlertGroup", "alidns:DescribeDnsGtmMonitorAvailableConfig", "alidns:DescribeDnsMonitor", "alidns:DescribeDnsMonitorAvailableNodes", "alidns:DescribeDnsMonitorTaskConfig", "alidns:DescribeDnsMonitors", "alidns:DescribeDnsProductInstance", "alidns:DescribeDnsProductInstanceSummary", "alidns:DescribeDnsProductInstances", "alidns:DescribeDnsTemplateInfo", "alidns:DescribeDnsTemplates", "alidns:DescribeDnsUserInstancesInfo", "alidns:DescribeDohAccountStatistics", "alidns:DescribeDohDomainStatistics", "alidns:DescribeDohDomainStatisticsSummary", "alidns:DescribeDohSdkList", "alidns:DescribeDohSubDomainStatistics", "alidns:DescribeDohSubDomainStatisticsSummary", "alidns:DescribeDohUserInfo", "alidns:DescribeDomainBackups", "alidns:DescribeDomainGroups", "alidns:DescribeDomainLogs", "alidns:DescribeDomainResolveStatisticsSummary", "alidns:DescribeDomainStatisticsSummary", "alidns:DescribeEdgeDnsAppAgentInfo", "alidns:DescribeEdgeDnsAppLatestVersion", "alidns:DescribeEdgeDnsClusterFullInfo", "alidns:DescribeEdgeDnsClusterNodeContainers", "alidns:DescribeEdgeDnsClusterNodeServiceStatus", "alidns:DescribeEdgeDnsClusterResource", "alidns:DescribeEdgeDnsClusterResourceOverview", "alidns:DescribeEdgeDnsDeployNotFinalStatusTask", "alidns:DescribeEdgeDnsDeployOptionalIp", "alidns:DescribeEdgeDnsDeployOptionalVersion", "alidns:DescribeEdgeDnsDeployTask", "alidns:DescribeEdgeDnsDeploymentInfo", "alidns:DescribeEdgeDnsDeploymentStatistics", "alidns:DescribeEdgeDnsNodeConnectionToken", "alidns:DescribeEdgeDnsNodeFullInfo", "alidns:DescribeFusionOnPremisesInstances", "alidns:DescribeFusionResources", "alidns:DescribeGtmAvailableAlertGroup", "alidns:DescribeGtmMonitorAvailableConfig", "alidns:DescribeGtmRecoveryPlan", "alidns:DescribeGtmRecoveryPlanAvailableConfig", "alidns:DescribeGtmRecoveryPlans", "alidns:DescribeImportDomainRecordsResult", "alidns:DescribeImportDomainsResult", "alidns:DescribeInstanceDomains", "alidns:DescribeInstanceExtendStatus", "alidns:DescribeInternetDnsLogs", "alidns:DescribeIntranetFirewallProtectionDetail", "alidns:DescribeIntranetFirewallProtectionDetails", "alidns:DescribeIntranetFirewallProtectionHistory", "alidns:DescribeIntranetFirewallProtectionLogs", "alidns:DescribeIntranetFirewallProtectionOverview", "alidns:DescribeIntranetFirewallProtectionRankings", "alidns:DescribeInvalidDomains", "alidns:DescribeIspFlushCacheInstances", "alidns:DescribeIspFlushCacheRemainQuota", "alidns:DescribeIspFlushCacheTask", "alidns:DescribeIspFlushCacheTasks", "alidns:DescribeJobOverview", "alidns:DescribeJobs", "alidns:DescribePostBusinessServiceStatus", "alidns:DescribePtrRecordSet", "alidns:DescribePtrRecords", "alidns:DescribeRecommendCommodities", "alidns:DescribeRecursionFirewallProtectionDetail", "alidns:DescribeRecursionFirewallProtectionDetails", "alidns:DescribeRecursionFirewallProtectionHistory", "alidns:DescribeRecursionFirewallProtectionLogs", "alidns:DescribeRecursionFirewallProtectionOverview", "alidns:DescribeRecursionFirewallProtectionRankings", "alidns:DescribeResolveAndOperatorClusterAssociationOverview", "alidns:DescribeResolveSummary", "alidns:DescribeRestoreDomainResults", "alidns:DescribeRestoringDomainTasks", "alidns:DescribeRspDomainStatus", "alidns:DescribeRspDomainStatusOte", "alidns:DescribeRspGateway", "alidns:DescribeRspGatewayOte", "alidns:DescribeRspRegistrarForRegistrar", "alidns:DescribeRspRegistrarForRegistrarOte", "alidns:DescribeRspRegistrarForRegistry", "alidns:DescribeRspRegistrarForRegistryOte", "alidns:DescribeRspTld", "alidns:DescribeRspTldMeta", "alidns:DescribeRspTldMetaOte", "alidns:DescribeRspTldOte", "alidns:DescribeSiteMonitor", "alidns:DescribeSiteMonitorIspCityInfos", "alidns:DescribeSiteMonitorIspInfos", "alidns:DescribeSlaveDnsDomains", "alidns:DescribeSubJobs", "alidns:DescribeSubdomainRecords", "alidns:DescribeSupportLines", "alidns:DescribeTags", "alidns:DescribeTransferDomains", "alidns:DescribeUserContactInfo", "alidns:DescribeUserGrayStatus", "alidns:DescribleMultiCommodityPrices", "alidns:ExecuteGtmRecoveryPlan", "alidns:ExportDomainJob", "alidns:ExportResolveSummaryJob", "alidns:FetchFusionFirewallThreatDownloadUrl", "alidns:FinishEdgeDnsDeployTask", "alidns:GetMainDomainName", "alidns:GetTxtRecordForRetrievalDomainName", "alidns:GetTxtRecordForVerify", "alidns:ListAlidnsAlertLogs", "alidns:ListAssistantChat", "alidns:ListAssistantMessage", "alidns:ListAssistantQuestionGuide", "alidns:ListAssociatedResolveClusters", "alidns:ListAvailableAlertGroups", "alidns:ListCloudGtmAddressPools", "alidns:ListCloudGtmAddresses", "alidns:ListCloudGtmAlertLogs", "alidns:ListCloudGtmAvailableAlertGroups", "alidns:ListCloudGtmInstanceConfigs", "alidns:ListCloudGtmInstances", "alidns:ListCloudGtmMonitorNodes", "alidns:ListCloudGtmMonitorTemplates", "alidns:ListCloudMonitorAlertLogs", "alidns:ListCloudMonitorProbes", "alidns:ListCloudMonitorTasks", "alidns:ListEdgeDnsAlertLogs", "alidns:ListEdgeDnsClusters", "alidns:ListEdgeDnsNodes", "alidns:ListEdgeDnsNotifyConfigs", "alidns:ListEdgeDnsNotifyGatewayConfigs", "alidns:ListEdgeDnsResolveLogs", "alidns:ListEppClient", "alidns:ListRspContacts", "alidns:ListRspContactsOte", "alidns:ListRspDomainSuperProhibited", "alidns:ListRspDomainSuperProhibitedOte", "alidns:ListRspDomains", "alidns:ListRspDomainsOte", "alidns:ListRspEppClient", "alidns:ListRspEppClientOte", "alidns:ListRspEppClients", "alidns:ListRspEppClientsOte", "alidns:ListRspGateway", "alidns:ListRspGatewayClientAuthorizedIp", "alidns:ListRspGatewayClientAuthorizedIpOte", "alidns:ListRspGatewayOte", "alidns:ListRspHosts", "alidns:ListRspHostsOte", "alidns:ListRspInternalRegistrars", "alidns:ListRspInternalRegistrarsOte", "alidns:ListRspOperator", "alidns:ListRspOperatorOte", "alidns:ListRspRegistrarContact", "alidns:ListRspRegistrarContactOte", "alidns:ListRspRegistrars", "alidns:ListRspRegistrarsOte", "alidns:ListRspReservedName", "alidns:ListRspReservedNameOte", "alidns:ListRspSensitiveName", "alidns:ListRspSensitiveNameOte", "alidns:ListRspTld", "alidns:ListRspTldGatewayConfig", "alidns:ListRspTldGatewayConfigOte", "alidns:ListRspTldOte", "alidns:ListRspTldSuperProhibited", "alidns:ListRspTldSuperProhibitedOte", "alidns:ListTagResources", "alidns:ListTld", "alidns:ManuallyRetryEdgeDnsClusterDispatchDataJob", "alidns:OpenPostBusinessService", "alidns:OperateBatchDomain", "alidns:OperateRspRegistration", "alidns:OperateRspRegistrationOte", "alidns:OrderPaidNotice", "alidns:PreviewGtmRecoveryPlan", "alidns:QueryAllowRenewPeriodList", "alidns:QueryDnsMonitorErrorEvent", "alidns:QueryDnsMonitorFailureRate", "alidns:QueryDnsMonitorHistory", "alidns:QueryDnsMonitorLast", "alidns:QueryDnsMonitorNodeResponseTime", "alidns:QueryDnsMonitorStatistics", "alidns:QueryEdgeDnsMonitors", "alidns:QueryEdgeDnsResolveQps", "alidns:QueryEdgeDnsTopData", "alidns:QueryEdgeDnsTopDomain", "alidns:QueryEdgeDnsTopRCode", "alidns:QueryInstanceUnpaidOrder", "alidns:QueryRenewPrice", "alidns:RecheckInvalidDomain", "alidns:ReclaimDomain", "alidns:RefundOrder", "alidns:RemoveRspDomainServerHoldStatusForGateway", "alidns:RemoveRspDomainServerHoldStatusForGatewayOte", "alidns:ReplaceAlidnsResolveAnalysisConfig", "alidns:ReplaceCloudGtmResolveAnalysisConfig", "alidns:ReplacePtrRecordSet", "alidns:ResetBatchResult", "alidns:ResetImportDomainsResult", "alidns:ResetRspEppClientPassword", "alidns:ResetRspEppClientPasswordOTE", "alidns:RetrieveBatchDomain", "alidns:RetrieveDomain", "alidns:RollbackGtmRecoveryPlan", "alidns:SaveResolveClustersAssociation", "alidns:ScanSubdomainRecords", "alidns:SearchCloudGtmAddressPools", "alidns:SearchCloudGtmAddresses", "alidns:SearchCloudGtmInstanceConfigs", "alidns:SearchCloudGtmInstances", "alidns:SearchCloudGtmMonitorTemplates", "alidns:SearchCloudMonitorTasks", "alidns:SearchEdgeDnsClusters", "alidns:SearchEdgeDnsNodes", "alidns:SendVerifyCode", "alidns:SetCloudGtmInstanceConfigLogSwitch", "alidns:SetCloudMonitorTaskStatus", "alidns:SetDomainAuthLogConfig", "alidns:SetEdgeDnsClusterRecurseEnableStatus", "alidns:SetInstanceRenewalStatus", "alidns:SetPtrRecordStatus", "alidns:SubmitEdgeDnsDeployRetryTask", "alidns:SubmitEdgeDnsDeployTask", "alidns:SubmitImportDomainRecordsFile", "alidns:SubmitIspFlushCacheTask", "alidns:TagResources", "alidns:TemporaryCancelFusionResource", "alidns:TransferBatchDomain", "alidns:UnbindInstanceDomains", "alidns:UntagResources", "alidns:UpdateAlidnsGlobalAlert", "alidns:UpdateAlidnsLineRecordSet", "alidns:UpdateAlidnsResolveAnalysisConfig", "alidns:UpdateAssistantChatName", "alidns:UpdateAssistantMessageFeedback", "alidns:UpdateBatchRr", "alidns:UpdateCloudGtmAddressEnableStatus", "alidns:UpdateCloudGtmAddressManualAvailableStatus", "alidns:UpdateCloudGtmAddressPoolEnableStatus", "alidns:UpdateCloudGtmAddressPoolRemark", "alidns:UpdateCloudGtmAddressRemark", "alidns:UpdateCloudGtmGlobalAlert", "alidns:UpdateCloudGtmInstanceConfigBasic", "alidns:UpdateCloudGtmInstanceConfigRemark", "alidns:UpdateCloudGtmInstanceName", "alidns:UpdateCloudGtmMonitorTemplateRemark", "alidns:UpdateCloudGtmResolveAnalysisConfig", "alidns:UpdateCloudMonitorGlobalAlertConfig", "alidns:UpdateCloudMonitorTask", "alidns:UpdateCloudMonitorTaskAlertConfig", "alidns:UpdateCloudMonitorTaskRemark", "alidns:UpdateDnsMonitor", "alidns:UpdateDnsTemplateName", "alidns:UpdateDnsTemplateRecord", "alidns:UpdateDomainGroup", "alidns:UpdateDomainServerHoldStatus", "alidns:UpdateDomainStatus", "alidns:UpdateEdgeDnsCluster", "alidns:UpdateEdgeDnsClusterRecurseRemark", "alidns:UpdateEdgeDnsNodeName", "alidns:UpdateEdgeDnsNodeOperationIp", "alidns:UpdateEdgeDnsNodeRemark", "alidns:UpdateEdgeDnsNotifyConfig", "alidns:UpdateEdgeDnsNotifyGatewayConfig", "alidns:UpdateEdgeDnsSyslogDnsLogNotifyConfig", "alidns:UpdateFusionClientConfig", "alidns:UpdateFusionClientNodeEscapeConfig", "alidns:UpdateFusionFirewallSubscriptionConfig", "alidns:UpdateGtmRecoveryPlan", "alidns:UpdateIspFlushCacheInstanceConfig", "alidns:UpdatePtrRecordRemark", "alidns:UpdateRspDomainServerHoldStatus", "alidns:UpdateRspDomainServerHoldStatusOte", "alidns:UpdateRspDomainServerProhibitStatus", "alidns:UpdateRspDomainServerProhibitStatusForGateway", "alidns:UpdateRspDomainServerProhibitStatusForGatewayOte", "alidns:UpdateRspDomainServerProhibitStatusOte", "alidns:UpdateRspDomainStatus", "alidns:UpdateRspDomainStatusOte", "alidns:UpdateRspEppClient", "alidns:UpdateRspEppClientAllowedTlds", "alidns:UpdateRspEppClientAllowedTldsOte", "alidns:UpdateRspEppClientGatewayId", "alidns:UpdateRspEppClientGatewayIdOte", "alidns:UpdateRspEppClientIpWhiteList", "alidns:UpdateRspEppClientIpWhiteListOte", "alidns:UpdateRspEppClientMaxConnection", "alidns:UpdateRspEppClientMaxConnectionOte", "alidns:UpdateRspEppClientOte", "alidns:UpdateRspEppClientRemark", "alidns:UpdateRspEppClientRemarkOte", "alidns:UpdateRspEppClientStatus", "alidns:UpdateRspEppClientStatusOte", "alidns:UpdateRspEppClientTld", "alidns:UpdateRspEppClientTldOte", "alidns:UpdateRspGateway", "alidns:UpdateRspGatewayClientAuthorizedIp", "alidns:UpdateRspGatewayClientAuthorizedIpOte", "alidns:UpdateRspGatewayOte", "alidns:UpdateRspGatewayStatus", "alidns:UpdateRspGatewayStatusOte", "alidns:UpdateRspRegistrar", "alidns:UpdateRspRegistrarContact", "alidns:UpdateRspRegistrarContactOte", "alidns:UpdateRspRegistrarOte", "alidns:UpdateRspRegistrarStatus", "alidns:UpdateRspRegistrarStatusOte", "alidns:UpdateRspReservedName", "alidns:UpdateRspReservedNameOte", "alidns:UpdateRspSensitiveName", "alidns:UpdateRspSensitiveNameOte", "alidns:UpdateRspTld", "alidns:UpdateRspTldDisableCommand", "alidns:UpdateRspTldDisableCommandOte", "alidns:UpdateRspTldGatewayConfig", "alidns:UpdateRspTldGatewayConfigOte", "alidns:UpdateRspTldOte", "alidns:UpdateRspTldPrice", "alidns:UpdateRspTldPriceOte", "alidns:UpdateRspTldStatus", "alidns:UpdateRspTldStatusOte", "alidns:UpdateUserProductFeedback", "alidns:ValidateDomainCanAdd", "alidns:ValidateVerifyCode", "alidns:VerifyAccount", "alidns:VerifyTxtRecord", "alidns:VerifyTxtRecordForRetrievalDomainName", "alidns:addDomainRecord", "alidns:createTldMeta", "alidns:deleteDomainRecord", "alidns:null", "alidns:read", "alidns:setDomainRecordStatus", "alidns:update", "alidns:updateDomainRecord", "alidns:updateDomainRecordRemark" ], "Resource": "*" } ] }
A RAM user or RAM role with account-level permissions can operate on all related resources within the entire account. Always confirm that the granted permissions are as expected. Follow the Principle of Least Privilege (PoLP) and assign permissions with caution.
FAQ
How can I view the resource group to which a resource belongs?
-
Method 1: Click the resource name to go to its details page, where you can find its resource group.
-
Method 2: Log on to the Resource Management console. In the navigation pane on the left, choose . In the pane on the left, select the account to which the target resource belongs. The Current Account is selected by default. Use the filter conditions to find the target resource and view its resource group.
How can I view all resources of a product in a specific resource group?
-
Method 1: Log on to the Resource Management console. In the navigation pane on the left, choose . In the pane on the left, under the account to which the resource belongs (the Current Account is selected by default), click the name of the target resource group. In the Select Resource Type dropdown list on the right, select the current product to view all its resources in the resource group.
-
Method 2: Log on to the Resource Management console. In the navigation pane on the left, choose . Find the target resource group and click Resource Management in the Operation column. On the Resource Management page, select the current product from the Product dropdown list to view all its resources in the resource group.
How can I modify the resource groups of multiple resources in a batch?
Log on to the Resource Management console. In the navigation pane on the left, choose . In the row of the target resource group, click Resource Management in the Operation column to go to the resource management page. Use the filter conditions to find the target resources. Select the check boxes in the first column for the resources, click Transfer Resource Group at the bottom, and follow the on-screen instructions to change the resource group.